Knowledge base article
Force HTTPS via .htaccess
Related articles
Force HTTPS via .htaccess (cPanel)
Hide .html extension using .htaccess
Other WordPress articles
Accessing your site before changing DNS
Basic WordPress security and site management
Check MySQL database table disk usage
Configure object cache with memcached and Litespeed Cache plugin
Create a clone of your website
Create a WordPress administrator via MySQL CLI
Create a WordPress administrator via phpMyAdmin
Create a WordPress cron task in cPanel
Disable automatic WordPress updates via wp-config.php
Domain options for shared hosting
Download or restore individual files, directories or database backups with JetBackup
Enabling PHP extensions, Changing PHP Version and Setting PHP Options
Export or Import a MySQL database via CLI
Force HTTPS via .htaccess (cPanel)
Go live with your WordPress staging website
Help! I need a backup of my cPanel-hosted website
How did my WordPress website get hacked? What do I do?
How to ensure website generated emails are delivered successfully
How to issue a Let’s Encrypt certificate
How to remove Site Software management
Introduction to LiteSpeed Cache
Manual WordPress migrations in a nutshell
Migrate remote staging website to local hosting server
Migrate remote transactional website to local server
My site and/or email service is down
Optimising Wordfence firewall and security settings
Prevent website generated spam with CAPTCHA
Push updates from a staging to production website
Reconfigure production website to subdomain
Recover your hacked WordPress website
Remove Wordfence firewall block via MySQL CLI
Secure your WordPress installation
The SLA – Best effort versus 99.9% versus 100%
Understanding CloudLinux resource limits
Update a WordPress website to use a new domain name
Update your WordPress username via phpMyAdmin
WordPress install still shows Serversaurus “new customer” landing page
Do you have a valid SSL certificate installed and you're wondering why your website is still marked as insecure?
This occurs because some browsers by default request websites over HTTP protocol (rather than a secure HTTPS protocol). To ensure your website is served over a secure connection, you need to implement a force redirect so all traffic is redirected from HTTP to HTTPS.
This guide will teach you how to implement a force HTTPS redirect so all traffic visits your site over a secure connection
Please ensure you have the following requirements:
- A valid SSL certificate - Your website must have a active SSL certificate, if you don't have a SSL certificate installed, please follow our guide on how to install a Let's Encrypt certificate before proceeding.
- SSH Access - Serversaurus relies on key based authentication to login via SSH/SFTP, if you haven't already, generate your SSH key pair and configure it in cPanel before proceeding with the next steps.
Let's get started!
- Open your terminal window and SSH to your hosting server:
ssh username@yourserver.serversaurus.com.au
- Change into your public_html directory (or alternative document root location):
cd public_html
- Open the .htaccess file:
vi .htaccess
- Add the following text to the beginning of your .htaccess file by typing i and then paste the text into the window:
RewriteEngine on
RewriteBase /
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
- Once completed press esc and enter :wq to save.
Open your browser and enter your domain name, your site will now be redirecting to HTTPS!
Published June 17, 2022. Last updated July 8, 2025.
Can't find what you're looking for?
"*" indicates required fields