Sometimes it's necessary to make sure your website’s visitors use the SSL encrypted connection. If you’re not familiar with SSL and would like to know more please review our article “What is SSL and Why is it important?” If you need assistance using the shared SSL that InMotion Hosting offers to shared hosting customers, please see our article on "forcing your visitors to use the shared ssl".

Forcing visitors to use SSL can be accomplished through your .htaccess file using mod_rewrite. If you’d like more information on mod_rewrite please read our article.

If you are using the Premium Website Builder and need to force your website traffic over SSL, please see the following article instead:
How to force your Premium Website Builder website over SSL

To force all web traffic to use HTTPS insert the following lines of code in the .htaccess file in your website’s root folder.

Important:If you have existing code in your .htacess, add this above where there are already rules with a similar starting prefix.

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

Be sure to replace www.yourdomain.com with your actual domain name.

If you want to force SSL on a specific folder you can insert the code below into a .htaccess file placed in that specific folder:

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} folder 
RewriteRule ^(.*)$ https://www.yourdomain.com/folder/$1 [R,L]

Make sure you change the folder reference to the actual folder name. Then be sure to replace www.yourdomain.com/folder with your actual domain name and folder you want to force the SSL on.

If you need further assistance please feel free to ask a question on our support center website.

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve our Support Center:
Email Address
Optional, but our team may contact you for more information.
Like this Article?

Comments

Post a comment
2013-05-03 8:16 am
What is difference b/t two :-
1). RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
2). RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R=301,L]
Staff
4,959 Points
2013-05-03 9:45 am
The 301 is a Permanent redirect and the other is not.

Best regards,
James R
2014-01-10 2:28 pm
What if you want to force SSL on a specific file or files - ie. https://www.yourdomain.com/folder/file.html
Staff
10,078 Points
2014-01-13 11:11 am
Hello rurede2day,

There are two ways to force SSL on a specific file. If using a php file, you can add code to the beginning of that particular file as below:
if (!isset($_SERVER['HTTPS']) || !$_SERVER['HTTPS']) { // if request is not secure, redirect to secure url
$url = 'https://' . $_SERVER['HTTP_HOST']
. $_SERVER['REQUEST_URI'];

header('Location: ' . $url);
exit;
}


Or you can use code in the .htaccess file that specifically addresses that file:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} folder/file.html
RewriteRule ^(.*)$ https://www.example.com/folder/file.html$1 [R,L]


The second is likely the easiest, especially if you are using html files and do not have it set to run php code.
Either of these should cause that specific file to run the https protocol.

Kindest Regards,
Scott M
2014-02-10 4:02 pm
Thanks Scott - It's redirecting use htaccess, but I'm getting a redirect loop error. This is on a Joomla site, could there conflicts with the default Joomla htaccess? Any suggestions.
Staff
4,112 Points
2014-02-13 9:01 am
Hello rurede2day,

This is because of Joomla's rewrites that are used to make "pretty URLs". Basically, it is redirecting but the content within Joomla is causing it to redirect back to the URL that was previously defined by Joomla.
n/a Points
2014-03-19 1:44 pm

I was wondering how to enforce non-SSL, our site used to be https, switched hosting to inmotion and dont need the secure connection anymore. We now have a bunch of external links from social media sites going to https://boostyoureco.org and being denied connection. It is a wordpress site and have tried many variations of .htaccess rewrite rules with no avail. I even tried https://wordpress.org/plugins/force-non-ssl/ but that did not work aswell.

The last try at the .htacess file:

# BEGIN WordPress

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /

RewriteCond %{SERVER_PORT} 443 

RewriteRule ^(.*)$ http://www.boostyoureco.org/$1 [R,L]

RewriteRule ^index\.php$ - [L]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

</IfModule>

 

# END WordPress

 

Staff
10,078 Points
2014-03-19 4:55 pm
Hello MattH,

You may want to try and remove the following 3 lines from your WordPress section and place them above it.:
RewriteCond %{SERVER_PORT} 443
RewriteRule ^(.*)$ http://www.boostyoureco.org/$1 [R,L]
RewriteRule ^index\.php$ - [L]

Next, take the rewrite rules and combine them together like so:
RewriteRule ^(.*)$ http://www.boostyoureco.org/index\.php [R,L]

So before the Wordpress section, you should have the following lines:
RewriteCond %{SERVER_PORT} 443
RewriteRule ^(.*)$ http://www.boostyoureco.org/index\.php [R,L]

That should allow your site to process the link and force the standard version for anything coming in on the https port (443).

Kindest Regards,
Scott M
n/a Points
2014-04-14 10:00 pm

I'm not seeing in this thread, re: SSL and redirects, exactly what I'm needing to do for the .htaccess redirects I need.  I have a form in my Wordpress site that I want to make secure behind SSL.  It would be something like: https://www.mydomain.com/myform/

myform is a Wordpress page that contains a form.  This code below doesn't exactly do what I need and I'm hoping someone here can help me sort out what I'm doing wrong.

RewriteEngine On RewriteCond %{SERVER_PORT} 80RewriteRule ^(.*)$ https://www.mydomain.com/myform$1 [R,L]

Any clues to help me get this simple thing working?  I've never done SSL before so I am clueless.

Thank you!

Staff
4,112 Points
2014-04-15 9:12 am
You may easily redirect the form using something like the following:


RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^myform$ https://www.example.com/myform [R=301,L]

n/a Points
2014-04-16 5:22 pm

Hi Scott,

I am trying to force all non https traffric to use https. The problem that I am having is that the various page urls are dynamic and although my redirect work for the domain it seems to ingore everything after the .com portion of the url. Any thoughts on how to solve would be appreciated.

Thanks,

Rod

Staff
10,582 Points
2014-04-16 6:41 pm
Hello Rod,

Thanks for the question! If you need to force EVERYTHING to HTTPS, put this rewrite rule as your first rule. Remove any of the older rules that you may have added to make it do the same thing.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

The first condition checks to see if HTTPS is already being used and the second statement re-writes the URL to be HTTPS while maintaining the rest of the URL. Let us know if you have any further questions.

Regards,
Arnel C.

Post a Comment

Name:
Email Address:
Comment:
Are you a bot?
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

Write New!
Do you want to publish a tutorial to our support center?

News / Announcements

SSL Certficate Warnings
Updated 2014-04-14 11:34 am EST
Hits: 2219
Heartbleed 0-day OpenSSL security bug
Updated 2014-04-14 04:43 pm EST
Hits: 5641

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!