How to force SSL with .htaccess

If you want to force your entire website to go through https, you can add these rules to your .htaccess file:

If your site is in a subfolder, use this code:

Simply replace yourdomain.com with your actual domain name.

You find this article useful? Click here to learn more about SiteGround web hosting experts and what else we can do for you!

77 Comments

  1. Reply May 23, 2016 / 08:57 Joe WilliamsSiteGround Team

    The above does a 302 redirect. In most cases people would likely want to do a 301 redirect and this has the added benefit of passing more SEO link juice.

    I tweaked the code from [R,L] to [R=301,L]:

    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://yourdomain.com/$1 [R=301,L]

    Would you agree that's best practise?

    Thanks

    Joe

    • Reply May 26, 2016 / 06:56 Ivan StefanovSiteGround Team

      Joe, indeed considering the SEO, 301 redirect is the best course of action.

      Thank you for your comment!

      • Reply December 30, 2016 / 22:10 daveSiteGround Team

        Where is the htaccess file???? I do not see it the root directory of my public_html folder

        • Reply January 6, 2017 / 12:45 escalationsSiteGround Team

          Make sure you chosen to see hidden files when clicking on the File Manager in cPanel if you are trying to find the .htaccess file this way.

    • Reply February 23, 2017 / 04:44 Samuel ShipenSiteGround Team

      word up . thanks Joe. just what i was looking for.
      I've been fighting with that seo nonsense. 🙂

      TY to the original poster as well ..

  2. Reply June 15, 2016 / 09:33 Dennis MurphySiteGround Team

    Which .htaccess file? The root directory of cpanel, or the root directory of the public_html folder?

    /.htaccess
    /public_html/.htaccess

    • Reply June 16, 2016 / 08:02 Ivan StefanovSiteGround Team

      Dennis, .htaccess files here in SiteGround work recursively - this means that the best course of action would be to add the rules mentioned in this article in the document root of your site (/public_html/.htaccess, I believe), otherwise they might be applied to another directories and result in unexpected site/s behaviour.

      • Reply February 23, 2017 / 04:54 Samuel ShipenSiteGround Team

        like ivan said - for each one of your add-on domains this little script works great if your running a multi-site SSL because it lets you throw out the www as well and i'm not getting mine to support that.
        thanks ivan

  3. Reply June 15, 2016 / 16:15 Elliot GlasenkSiteGround Team

    Does this mean I am supposed to use 80 as my {SERVER_PORT}? Will this handle instances with www as well as without www?

    • Reply June 16, 2016 / 08:00 Ivan StefanovSiteGround Team

      Indeed Elliot, if you you specify {SERVER_PORT} 80, the rules will be applied for both - www and non-www requests.

  4. Reply June 22, 2016 / 14:47 DrewSiteGround Team

    I would be nice to see a pic of the entire file. I'm having huge problems with my site not being indexed. I think I may have altered all three: "Which .htaccess file? The root directory of cpanel, or the root directory of the public_html folder" and they are revolting all against me!

    • Reply June 24, 2016 / 10:54 Ivan StefanovSiteGround Team

      Drew, I suspect that somehow you're blocking Google bots from crawling your website (this might happen through robots.txt, too), so the best course of action would be contact our Support stuff by opening a new ticket and they'll investigate and resolve for you.

  5. Reply June 24, 2016 / 17:49 Kate, author, poetSiteGround Team

    I have opened my files and have access to my domain's public_html/htaccess file. I don't find the Siteground tutorials very helpful because they don't have enough information. (This is true for every Siteground tutorial I have viewed). I have 2 questions. 1) Do I click on the code editor or just the edit button (text editor) to open the file to add the above changes. Also, once the correct editor is opened, which character encoding should I use? It defaults to utf-8, but will this work, or do I need to choose another encoding from the dropdown menu?

    One other comment: Since your above response to Joe Williams about changing the [R,L] to [R=301,L] is the best way to go for SEO, if most people would want the most SEO, how about if someone at Siteground changes the above tutorial to reflect the [R=301,L] for the benefit of all? Thanks

    • Reply June 29, 2016 / 13:42 Ivan StefanovSiteGround Team

      Kate, thank you for the feedback. You are allowed to edit .htaccess files with both editors and the encoding should remain unchanged. We'll evaluate and review the tutorial additionally and change it if needed.

  6. Reply June 27, 2016 / 09:29 MoniqueSiteGround Team

    Firefox says my site contains unsafe content, so I get a mixed content warning. How can I solve that?

    • Reply June 29, 2016 / 13:07 Ivan StefanovSiteGround Team

      Monique, you need to verify that all resources loaded by your website are redirected through HTTPS. You can follow the fundamentals here or submit a new support ticket and ask my colleagues to assist you with that matter.

  7. Reply July 1, 2016 / 07:40 Mark PhoenixSiteGround Team

    Also worth considering strict transport security maybe. Adding a couple of lines to .htaccess like so...

    Header always set Strict-Transport-Security "max-age=16070400"

    MDN have a good explanation here... https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security

  8. Reply July 7, 2016 / 16:57 Sean RegehrSiteGround Team

    I am sharing this for others with a similar situation. We have many sites and updating each. htaccess file with a specific domain gets time consuming.

    In case you are able to use a single .htaccess files for many sites, the following code removes the dependency to specify the domain for each.

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

    or

    The following makes the redirect a 301 permanent redirect, for better SEO as mentioned above by Joe Williams.

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    • Reply July 8, 2016 / 07:30 Ivan StefanovSiteGround Team

      Indeed, in some use cases the aforementioned rules might be viable, Sean. Thank you for sharing them out here.

  9. Reply July 12, 2016 / 17:07 MedSiteGround Team

    What if I have multiple folders in my website?
    like /blog , /forum etc, how to redirect http to htpps for all folders?

    • Reply July 13, 2016 / 06:42 Ivan StefanovSiteGround Team

      .htaccess files work recursively, which means that if you setup the required rules in .htaccess file placed in document root of the main site, they will apply to all folders down the filesystem tree.

  10. Reply August 5, 2016 / 13:09 TimSiteGround Team

    Hi,

    I have a site using a 301 redirect for non-www to www and http to https.

    If someone types mysite.co.uk it correctly forwards to https://www

    If however some types http://www.mysite.co.uk/page it does not forward to the https version.

    How can correct this issue in .htacess?

    • Reply August 8, 2016 / 11:52 escalationsSiteGround Team

      That depends on what exactly you have entered in your .htaccess file. It seems you have a rewrite condition or rule that will match only your domain name and not sub-pages.

  11. Reply August 6, 2016 / 18:26 GenosSiteGround Team

    Hi Ivan,

    I have successfully implemented the htaccess code.

    The problem I have now is that the www version of my site is still accessible. So how can I force NON www as well?

    Thanks

    • Reply August 8, 2016 / 12:02 escalationsSiteGround Team

      Just use the redirect described here:

      https://www.siteground.com/kb/how_to_redirect_www_urls_to_nonwww/

      This will redirect www content to non-www.

      • Reply September 9, 2016 / 13:23 MainstwebguySiteGround Team

        Just remember if you follow the tutorial Escalations has linked to, you'll have to edit the code snippet there:

        Change this:
        RewriteEngine On
        RewriteCond %{HTTP_HOST} ^www.yourdomain.com [NC]
        RewriteRule ^(.*)$ http://yourdomain.com/$1 [L,R=301]

        To this:
        RewriteEngine On
        RewriteCond %{HTTP_HOST} ^www.yourdomain.com [NC]
        RewriteRule ^(.*)$ https://yourdomain.com/$1 [L,R=301]

        Note that you'll have to include "https://" rather than just the "http://" shown in the tutorial. Otherwise your secure connection won't be used.

  12. Reply August 11, 2016 / 21:16 GenosSiteGround Team

    Thanks. However that did not work....

    I found out that the redirect rules are different when you use wp-rocket and that I had to create 2 mu plugins to get it working

  13. Reply August 31, 2016 / 08:11 ManjeetSiteGround Team

    Thank you. The redirections works successfully

    But while fetching the http version in google webmaster tool its giving 302 found. Is it normal. Does it affect the SEO

    • Reply September 1, 2016 / 12:42 escalationsSiteGround Team

      It is normal granted that you have setup a 302 type of redirection and probably your website is added with http:// URL in google webmaster tools.

  14. Reply September 23, 2016 / 12:44 iCruiseUfSiteGround Team

    GTMetrix.com does discourages redirects as it relates to page speed. They are lowering my speed score because http://www.yourdomain.com/ redirects to https://www.yourdomain.com/, What is the best way to implement forcing http:// to https:// such that it does not appear as a redirect?

    • Reply September 29, 2016 / 12:16 Hristo PandjarovSiteGround Team

      Actual results are more important than any score on any testing tool including GTMetrix. If you run your tests directly with https://yourdomain.com it will not detect the redirect. However, having both the http and https versions running will generate duplicate content which will harm your SEO. Last but not least, the time lost in redirects is neglectable if there aren't many redirects one after another so basically you should not worry about that.

      • Reply February 23, 2017 / 05:48 Samuel ShipenSiteGround Team

        sure as hell will. I have just been fighting with that - a pain in the arse
        - google recommends doing it ONE way or the OTHER - https:// with or without the www
        if you want the www just add it to the url in these very scripts .. don't try to do both SEO like HRISTO said.
        i just now figured that out tonight.

        • Reply February 23, 2017 / 13:38 Ivan AtanasovSiteGround Team

          I believe that this is exactly what Hristo Pandjarov was talking about. That running both HTTP and HTTPS will harm the SEO of the website in question due to the duplicate content that HTTP and HTTPS links will generate.

  15. Reply September 26, 2016 / 13:02 BerndSiteGround Team

    Sorry for the stupid question.

    Is

    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://yourdomain.com/$1 [R=301,L]

    the same as

    RewriteEngine On
    RewriteCond %{HTTP_HOST} ^www.yourdomain.com [NC]
    RewriteRule ^(.*)$ http://yourdomain.com/$1 [L,R=301]

    and

    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://yourdomain.com/$1 [R,L]

    as well as

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    ?

    If not, where is the difference?
    For my site I use the last code snippet and it seems to work. But nevertheless there are still mixed files. I trie to correct that with the wordpress plugin SSL Insecure Content Fixer.

    Thanks for the answer.

    • Reply October 4, 2016 / 13:01 Ivan StefanovSiteGround Team

      Bernd, the rewrite rules you mentioned seems pretty much the same and if you have mixed content I doubt that it will be fixed with any of them. Most probably the remote resource is written in your database and indeed either SSL plugin or wp-cli change of http to https should resolve this issue.

  16. Reply September 26, 2016 / 13:06 BerndSiteGround Team

    I want every single page to be redirected to https. No one, and especially not Google, should go over http. Which code snippet is ideal for that purpose? 🙂

  17. Reply October 7, 2016 / 18:19 DanSiteGround Team

    Does it matter where in the textfile these instructions are placed? I haven't modified the code in the .htaccess file for my site...is it best just to append it to the end of the text?

    • Reply October 10, 2016 / 06:14 Hristo PandjarovSiteGround Team

      That should be the safest way - to add them at the end.

  18. Reply November 26, 2016 / 22:09 LucasSiteGround Team

    Hola, leyendo todo no encontre mi caso en particular. Tengo varias carpetas de varios dominios en el public html. Lo que esta suelto es el dominio principal, ese esta forzado a redireccion https mediante el codigo:
    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.DOMINIO.com.ar/$1 [R,L]

    Necesito EXCLUIR algunas carpetas que se encuentran en el public html. Que deberia agregar al codigo para evitar que la redireccion htttps afecte a las demas carpetas especificas?

    No se si fui claro con el problema que me estoy encontrando
    Desde ya, muchisimas gracias.

    Saludos

    • Reply December 20, 2016 / 08:55 Ivan StefanovSiteGround Team

      Hola y gracias por tu comentario,

      La razon por la que ocurre esto es porque las reglas en el .htaccess fichero normalmente actuan recursivamente, es decir, afectan todas las subcarpetas.

      Asi que, si tienes un dominio adicional en una subcarpeta, esta se afectaria por las reglas en el fichero .htaccess en public_html tambien.

      La solucion mas facil es simplemente añadir la regla siguiente en el .htaccess de cada dominio adicional (asi, las reglas en el .htaccess principal se van a sobreescribir y no tendrian efecto):

      RewriteEngine On

      Puedes intentarlo y si necesitas nuestra ayuda otra vez, simplemente contactanos de nuevo. Te ayudaremos con placer!

  19. Reply November 30, 2016 / 19:17 AshwiniSiteGround Team

    From above discussion what is the conclusion?
    Need to use ** non www https only. not www https version
    www to non www then to non www https. Also www https to non https. (301 only)
    So actually what I'll have to write in htaccess?

    • Reply December 1, 2016 / 09:43 Ivan StefanovSiteGround Team

      You can use the suggestion in this article or apply the following rules, they should also work in pretty much each scenario:

      RewriteEngine on
      RewriteCond %{SERVER_PORT} ^80$
      RewriteRule ^(.*)$ https://%{SERVER_NAME}/%{REQUEST_URI} [R=301,L]

  20. Reply December 16, 2016 / 02:22 LynSiteGround Team

    I put this in my htaccess file but it's not quite right yet.

    If someone goes to mysite.com or www.mysite.com, it redirects them to the correct https://www.mysite.com.

    However, if someone goes to www.mysite.com/page/, then they are able to access the non-https version of that page. How can I force https on ALL pages?

    A user named Tim above in this comment list had the same issue.

    • Reply December 20, 2016 / 15:23 Ivan StefanovSiteGround Team

      Lyn, in such cases you may apply the following rule:

      RewriteEngine On
      RewriteCond %{HTTPS} off
      RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

      • Reply January 23, 2017 / 07:11 Eugene KnightSiteGround Team

        thank you this fix my problem as well. when I would go to the homepage it wouldn't show the ssl certificate but had it everywhere else, when I implemented this code it fixed the problem,
        thank you

  21. Reply December 21, 2016 / 13:10 AlexSiteGround Team

    Hello,

    I installed the ssl certificate on my website. I do not have htaccess in my website folder. Do I have to create it?

    Thank you

    • Reply December 22, 2016 / 13:36 Ivan StefanovSiteGround Team

      If you want to redirect your website to be opened through HTTPS, you need to create an .htaccess file and add the code there.

  22. Reply January 5, 2017 / 06:52 NaveenSiteGround Team

    My website https://www.mywebsite.com, it is static website. and I want to clear my all canonical issues. for example if some one types https://www.mywebsite.com/index.php, https://mywebsite.com/index.php, https://mywebsite.com, http://www.mywebsite.com/index.php, http://mywebsite.com/index.php, http://mywebsite.com, my only one URL should come up or it should show, that is https://www.mywebsite.com.
    How I need to do?

    I have used the below code in .htaccess, and it's not working, the server is Linux.

    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

    RewriteEngine On
    RewriteCond %{HTTP_HOST} ^example\.com [NC]
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

    If this code to wrong, Plz. suggest the correct code. Thanks.

    • Reply January 6, 2017 / 12:35 escalationsSiteGround Team

      I would suggest checking with the support team of your hosting company whether there is something wrong.

  23. Reply January 13, 2017 / 15:43 louie171SiteGround Team

    how do we setup redirect if we have a staging site also ( i'm a siteground customer)

    RewriteRule ^(.*)$ https://yourdomain.com/$1 [R=301,L]

    this will redirect everything to the main site

    • Reply January 17, 2017 / 12:04 escalationsSiteGround Team

      Remove it from the .htaccess in your staging. The staging sub-directory is outside the web root for the main domain so it will not be affected if you leave the redirect for the main domain.

  24. Reply January 20, 2017 / 01:10 BowenSiteGround Team

    Please excuse my complete ignorance, but I need some further help with where to place these new lines of code (I only started learning WP a month ago). I'm only using 1 website (with 1 domain redirect from a .com.au address). Below are the contents of my .htaccess file - which lines of code are needed (from above) and where do I paste them? Wasn't sure if there was a particular order or whether the rewriteengine needed to be there twice.

    Thanks in advance for any assistance.

    # BEGIN WordPress

    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]

    # END WordPress

    Options All -Indexes

    • Reply January 20, 2017 / 08:47 escalationsSiteGround Team

      Granted that you have already accomplished the first 2 steps at:

      https://www.siteground.com/kb/how_to_configure_wordpress_to_use_my_own_private_ssl_certifi/

      The rewrite rules for https should be placed directly under the RewriteEngine On line.

  25. Reply January 21, 2017 / 12:55 AngelaSiteGround Team

    Do I replace all the coding currently in .htaccess with the above coding to force SSL?

    • Reply January 31, 2017 / 15:58 Ivan StefanovSiteGround Team

      Angela, it depends of the other rules you have there and unfortunately I cannot give you such advice. If you are concerned about the final result, please submit a support ticket and my colleagues will be glad to help you.

    • Reply February 23, 2017 / 05:11 Samuel ShipenSiteGround Team

      if you have RewriteEngine On then put the code directly after that .. if your using that wordpress default it'll look like
      # BEGIN WordPress

      RewriteEngine On
      RewriteCond %{HTTPS} off
      RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
      RewriteBase /
      RewriteRule ^index\.php$ - [L]
      RewriteCond %{REQUEST_FILENAME} !-f
      RewriteCond %{REQUEST_FILENAME} !-d
      RewriteRule . /index.php [L]

      # END WordPress

  26. Reply January 28, 2017 / 13:10 Niccolo AngeliSiteGround Team

    Hi,
    I tried this solution ona Joomla 3.6.5 site, but I alway get a "too many redirects" error.

    These are all the soultions I tried (always the same error)

    RewriteCond %{SERVER_PORT} 80
    RewriteCond %{REQUEST_URI} folder
    RewriteRule ^(.*)$ https://mysite.com/test/$1 [R=301,L]

    RewriteCond %{https:X-Forwarded-Proto} !httpss
    RewriteRule ^ httpss://%{https_HOST}%{REQUEST_URI} [L,R=301]

    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    Reading around maybe this is a Joomla 3.6 issue? here is some more info:
    http://stackoverflow.com/questions/41268975/mixed-ssl-content-preventing-joomla-installation-operation-with-nginx/41299376#41299376

    Thank you

  27. Reply January 28, 2017 / 15:09 Niccolo AngeliSiteGround Team

    Ugh, just noticed that

    RewriteCond %{https:X-Forwarded-Proto} !httpss
    RewriteRule ^ httpss://%{https_HOST}%{REQUEST_URI} [L,R=301]

    was wrong (httpss instead than http), should be:

    RewriteCond %{HTTP:X-Forwarded-Proto} !https
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    this one works, and it's the only rule that works for me, all the others create a "too many redirects" error

    • Reply February 15, 2017 / 00:52 RussellSiteGround Team

      This rule also worked for me when all the others caused the "too many redirects" issue.

      • Reply February 23, 2017 / 05:20 Samuel ShipenSiteGround Team

        thanks for that i'm playing ping-pong with my redirects as well from time to time. restricted login by ip address send them to a 404 page - goes bananas - thanks for the post

  28. Reply January 31, 2017 / 21:00 LynnWSiteGround Team

    So I am not understanding where to put the code in the existing code in my htaccess file either. I have tried adding it in different places and uploading the file, and I'm still getting my http://mysite.com loading (not https://mysite.com (yes, I've changed the yourdomain.com to my actual domain).
    My current .htaccess file looks like this:
    ------------------
    # BEGIN WordPress
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    # END WordPress
    -------------------------
    Would you please add the new code below into the code that I have above as one unit so I know what goes where and if everything gets replicated or what (does RewriteEngine On get written twice? does # BEGIN WordPress and # END WordPress happen twice or once?):
    ------------
    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteCond %{REQUEST_URI} folder
    RewriteRule ^(.*)$ https://yourdomain.com/folder/$1 [R=301,L]
    -----------------
    Thanks so much!

    • Reply February 2, 2017 / 14:00 Ivan AtanasovSiteGround Team

      In your case, it will not be as simple as adding the code in your .htaccess file. A WordPress website needs to be reconfigured in order to work properly with https://.

      You can check this article in order to achieve your goal.

      Once the WordPress application is reconfigured, you can add the code at the top of your .htaccess file.

    • Reply February 23, 2017 / 05:32 Samuel ShipenSiteGround Team

      # BEGIN WordPress
      RewriteEngine On
      RewriteCond %{SERVER_PORT} 80
      RewriteCond %{REQUEST_URI} folder
      RewriteRule ^(.*)$ https://yourdomain.com/wp-admin/$1 [R=301,L]
      RewriteBase /
      RewriteRule ^index\.php$ - [L]
      RewriteCond %{REQUEST_FILENAME} !-f
      RewriteCond %{REQUEST_FILENAME} !-d
      RewriteRule . /index.php [L]
      # END WordPress

      - with that you would be forcing the SSL with the wp-admin/ folder im guessing
      you might think about forcing the entire site in ssl
      with these two lines instead
      # BEGIN WordPress
      RewriteEngine On
      RewriteCond %{SERVER_PORT} 80
      RewriteRule ^(.*)$ https://yourdomain.com/$1 [R=301,L]
      RewriteBase /
      RewriteRule ^index\.php$ - [L]
      RewriteCond %{REQUEST_FILENAME} !-f
      RewriteCond %{REQUEST_FILENAME} !-d
      RewriteRule . /index.php [L]
      # END WordPress

      don't forget to change your site in "settings" to https:// URLS two of them
      no need for the other if doing it this way..

      have to change all your URL paths to HTTPS can be a pain in the but - images and everything but well worth it cause you might have some AJAX issues depending on your theme if you just try and SSL the admin folder. hope that helps.

  29. Reply February 23, 2017 / 05:37 Samuel ShipenSiteGround Team

    if you are trying to force the SSL with the wp-admin/ folder only .. like the script you posted then yes by all means follow the config Ivan posted - BUT I would recommend forcing the entire site - that seems to be the modern standard if your running a SSL, the question is : why not secure the whole thing?

  30. Reply March 15, 2017 / 02:06 Vince SSiteGround Team

    The below is a simpler generic version that works in any .htaccess file without having to think about which one it is. If you agree, perhaps this FAQ should be changed?

    RewriteEngine On
    # the next two lines redirect www traffic to https site automatically
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    • Reply March 15, 2017 / 13:34 Ivan AtanasovSiteGround Team

      The example in the article is implementing the SERVER_PORT condition in the redirect. Meaning, all requests sent to the website through port 80 will be redirected to HTTPS.
      In your case, the condition is looking for HTTP connections and redirecting them to HTTPS.

      Both cases are useful and can be used depending on the desired result., thank you for sharing this.

  31. Reply March 24, 2017 / 11:27 Doug FSiteGround Team

    I am unsure as how to p proceed. I have my wp site and a subfolder wp site all fully https compliant on all pages (used free SSL option (ty siteground) and "SSL Insecure Content Fixer" . I get green padlock when viewing by https. I have not changed the url in the dashboard settings yet to https. My goal is to force any and all requests through https, whether they are http, https, www or non www or any combo. This is my .htaccess file in public_html:

    # BEGIN WordPress

    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]

    # END WordPress

    With all the discussion above, I'm still hesitent on adding /editing code. Suggestions welcome. Thanks.

    • Reply March 29, 2017 / 14:24 Ivan AtanasovSiteGround Team

      You can use the code in the article. It will catch all requests to your website through port 80 and sent them to HTTPS.

      And of course, if you are reluctant to do this on your live website, create a clone of the site in an isolated environment and do the change

  32. Reply March 27, 2017 / 11:44 Doug ForbesSiteGround Team

    I have a WP install in my root folder and have activated "Let's Encrypt". I modified the .htaccess file as shown at top and and redirect to https is working as expected. All requests via http are forced to https. My problem is that I have a WP install in a subfolder. It responds as expected through https but I cannot get it to force http requests to https. Adding this code to either .htaccess file (root and subfolder) had no effect. Still get no redirect when requesting through http and thus not secure page.
    RewriteCond %{SERVER_PORT} 80
    RewriteCond %{REQUEST_URI} folder
    RewriteRule ^(.*)$ https://yourdomain.com/folder/$1 [R=301,L]

    My subfolder WP .htaccess file default is this:
    # BEGIN WordPress

    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteCond %{REQUEST_URI} folder
    RewriteRule ^(.*)$ https://onemontalvo.com/teamcentral/$1 [R=301,L]
    RewriteBase /teamcentral/
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /teamcentral/index.php [L]

    # END WordPress

    I have not changed the address in admin settings to https because it didn't have to in the root wp install.
    Any help would be appreciated.

    • Reply March 29, 2017 / 13:36 Ivan AtanasovSiteGround Team

      I checked on your application in the subfolder and it appears that it has not been configured with https. In order to have this done, you need to set the Home and SiteURL of your website with HTTPS.

      Then the rest of the HTTP entries in your database need to be replaced with HTTPS. As a final step, you can enter the HTTPS redirect in your .htaccess file (at the beginning of the file, so that this can be the first executed redirect).

      Bare that if you need assistance with this, you can post a Support Ticket from your User Area -> Support and we will check this for you.

      • Reply April 10, 2017 / 10:04 Doug FSiteGround Team

        Ivan - I just wanted to follow up and say that all my issues are now fixed. All requests go to https!!! I was having issues on the admin side and they are seolved also. Both my wp installs (one in root and one in subfolder ) now work exactly as you and this article have presented. I hope this helps others. This was my final .htaccess files and by the way thank you.

        onemontalvo.com .htaccess file

        # BEGIN WordPress

        RewriteEngine On
        RewriteCond %{SERVER_PORT} 80
        RewriteRule ^(.*)$ https://onemontalvo.com/$1 [R=301,L]
        RewriteBase /
        RewriteRule ^index\.php$ - [L]
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteRule . /index.php [L]

        # END WordPress

        onemontalvo.com/teamcentral .htaccess file

        RewriteEngine On
        RewriteCond %{SERVER_PORT} 80
        RewriteCond %{REQUEST_URI} teamcentral
        RewriteRule ^(.*)$ https://onemontalvo.com/teamcentral/$1 [R=301,L]
        # BEGIN WordPress

        RewriteEngine On
        RewriteBase /teamcentral/
        RewriteRule ^index\.php$ - [L]
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteRule . /teamcentral/index.php [L]

        # END WordPress

        • Reply April 11, 2017 / 10:55 Ivan AtanasovSiteGround Team

          Thank you for sharing, Doug!

  33. Reply April 6, 2017 / 10:22 Doug FSiteGround Team

    Thank you Ivan for your help. I was surprised that someone has responded but then I remembered how Siteground has the most excellent Customer Service. I will try this on the weekend when traffic is low. Thank you again.

  34. Reply April 9, 2017 / 04:20 Cynthia MobleySiteGround Team

    I am not entirely sure how to do this. I host several domains in folders. I followed the directions and successfully forced my main domain to open in https, but the issue is the domains hosted in the folders.
    I pasted this into the .htaccess file in the folder that hosts that domain.
    I can get the https if I type it in, but simply typing in the URL does not force it to go to the https. Would appreciate your advice.
    #Redirect to https
    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteCond %{REQUEST_URI} folder
    RewriteRule ^(.*)$ https://obeythebeagle.com/folder/$1 [R=301,L]

    • Reply April 9, 2017 / 04:22 Cynthia MobleySiteGround Team

      The answer may be above but I might need it spelled out a little more simply....
      The main domain is greyhoundbooks.com and obeythebeagle is under that in a folder.
      Thank you!

      • Reply April 11, 2017 / 11:35 Ivan AtanasovSiteGround Team

        There are many useful posts and replies on this topic above, you are correct.

        As for the code you used, you can move it at the beginning of your .htaccess files of your subdirectory websites so that it is the first redirect that will be executed.
        Additionally, please note that you should change the URL you will be using so that it will match the correct URL of the given website.

* (Required)