Sometimes it's necessary to make sure your website’s visitors use the SSL encrypted connection. If you’re not familiar with SSL and would like to know more please review our article “What is SSL and Why is it important?” If you need assistance using the shared SSL that InMotion Hosting offers to shared hosting customers, please see our article on "forcing your visitors to use the shared ssl".

Forcing visitors to use SSL can be accomplished through your .htaccess file using mod_rewrite. If you’d like more information on mod_rewrite please read our article.

If you are using the Premium Website Builder and need to force your website traffic over SSL, please see the following article instead:
How to force your Premium Website Builder website over SSL

To force all web traffic to use HTTPS insert the following lines of code in the .htaccess file in your website’s root folder.

Important:If you have existing code in your .htacess, add this above where there are already rules with a similar starting prefix.

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

Be sure to replace www.yourdomain.com with your actual domain name.

To force a specific domain to use HTTPS, use the following lines of code in the .htaccess file in your website's root folder:

RewriteEngine On 
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

Make sure to replace example\.com with the domain name you're trying force to https. Additionally, you need to replace www.yourdomain.com with your actual domain name.

If you want to force SSL on a specific folder you can insert the code below into a .htaccess file placed in that specific folder:

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} folder 
RewriteRule ^(.*)$ https://www.yourdomain.com/folder/$1 [R,L]

Make sure you change the folder reference to the actual folder name. Then be sure to replace www.yourdomain.com/folder with your actual domain name and folder you want to force the SSL on.

If you need further assistance please feel free to ask a question on our support center website.

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address
Name

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Like this Article?

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question
2013-05-03 8:16 am
What is difference b/t two :-
1). RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
2). RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R=301,L]
Staff
5,889 Points
2013-05-03 9:45 am
The 301 is a Permanent redirect and the other is not.

Best regards,
James R
2014-01-10 2:28 pm
What if you want to force SSL on a specific file or files - ie. https://www.yourdomain.com/folder/file.html
Staff
17,014 Points
2014-01-13 11:11 am
Hello rurede2day,

There are two ways to force SSL on a specific file. If using a php file, you can add code to the beginning of that particular file as below:
if (!isset($_SERVER['HTTPS']) || !$_SERVER['HTTPS']) { // if request is not secure, redirect to secure url
$url = 'https://' . $_SERVER['HTTP_HOST']
. $_SERVER['REQUEST_URI'];

header('Location: ' . $url);
exit;
}


Or you can use code in the .htaccess file that specifically addresses that file:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} folder/file.html
RewriteRule ^(.*)$ https://www.example.com/folder/file.html$1 [R,L]


The second is likely the easiest, especially if you are using html files and do not have it set to run php code.
Either of these should cause that specific file to run the https protocol.

Kindest Regards,
Scott M
2014-02-10 4:02 pm
Thanks Scott - It's redirecting use htaccess, but I'm getting a redirect loop error. This is on a Joomla site, could there conflicts with the default Joomla htaccess? Any suggestions.
Staff
8,065 Points
2014-02-13 9:01 am
Hello rurede2day,

This is because of Joomla's rewrites that are used to make "pretty URLs". Basically, it is redirecting but the content within Joomla is causing it to redirect back to the URL that was previously defined by Joomla.
n/a Points
2014-03-19 1:44 pm

I was wondering how to enforce non-SSL, our site used to be https, switched hosting to inmotion and dont need the secure connection anymore. We now have a bunch of external links from social media sites going to https://boostyoureco.org and being denied connection. It is a wordpress site and have tried many variations of .htaccess rewrite rules with no avail. I even tried https://wordpress.org/plugins/force-non-ssl/ but that did not work aswell.

The last try at the .htacess file:

# BEGIN WordPress

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /

RewriteCond %{SERVER_PORT} 443 

RewriteRule ^(.*)$ http://www.boostyoureco.org/$1 [R,L]

RewriteRule ^index\.php$ - [L]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

</IfModule>

 

# END WordPress

 

Staff
17,014 Points
2014-03-19 4:55 pm
Hello MattH,

You may want to try and remove the following 3 lines from your WordPress section and place them above it.:
RewriteCond %{SERVER_PORT} 443
RewriteRule ^(.*)$ http://www.boostyoureco.org/$1 [R,L]
RewriteRule ^index\.php$ - [L]

Next, take the rewrite rules and combine them together like so:
RewriteRule ^(.*)$ http://www.boostyoureco.org/index\.php [R,L]

So before the Wordpress section, you should have the following lines:
RewriteCond %{SERVER_PORT} 443
RewriteRule ^(.*)$ http://www.boostyoureco.org/index\.php [R,L]

That should allow your site to process the link and force the standard version for anything coming in on the https port (443).

Kindest Regards,
Scott M
n/a Points
2014-04-14 10:00 pm

I'm not seeing in this thread, re: SSL and redirects, exactly what I'm needing to do for the .htaccess redirects I need.  I have a form in my Wordpress site that I want to make secure behind SSL.  It would be something like: https://www.mydomain.com/myform/

myform is a Wordpress page that contains a form.  This code below doesn't exactly do what I need and I'm hoping someone here can help me sort out what I'm doing wrong.

RewriteEngine On RewriteCond %{SERVER_PORT} 80RewriteRule ^(.*)$ https://www.mydomain.com/myform$1 [R,L]

Any clues to help me get this simple thing working?  I've never done SSL before so I am clueless.

Thank you!

Staff
8,065 Points
2014-04-15 9:12 am
You may easily redirect the form using something like the following:


RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^myform$ https://www.example.com/myform [R=301,L]

n/a Points
2014-04-16 5:22 pm

Hi Scott,

I am trying to force all non https traffric to use https. The problem that I am having is that the various page urls are dynamic and although my redirect work for the domain it seems to ingore everything after the .com portion of the url. Any thoughts on how to solve would be appreciated.

Thanks,

Rod

Staff
16,176 Points
2014-04-16 6:41 pm
Hello Rod,

Thanks for the question! If you need to force EVERYTHING to HTTPS, put this rewrite rule as your first rule. Remove any of the older rules that you may have added to make it do the same thing.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

The first condition checks to see if HTTPS is already being used and the second statement re-writes the URL to be HTTPS while maintaining the rest of the URL. Let us know if you have any further questions.

Regards,
Arnel C.
n/a Points
2014-08-08 2:39 pm

Hey guys,

I am trying to do two things here. I want to force non www. on all of my pages, but I also want to use SSL on the shoppig cart, payment and account pages. WHen I forced non www it removes the https on those pages.. How do I write this?

 

Thanks!

Staff
8,310 Points
2014-08-08 4:38 pm
Hello Gorilla,

Thank you for contacting us. Usually, the easiest way is to force SSL on the whole site without the www.

We are happy to assist you further, but will need some additional information.

Can you provide the full .htaccess rules you are using?

Are you using a CMS such as Wordpress, Joomla, Concrete5? What 3rd party addons/extensions are you using? This is important to know, since they often use their own rules.

If you have any further questions, feel free to post them below.
Thank you,

-John-Paul
n/a Points
2014-08-23 10:49 pm

The Http url dont seem to map to their http counterparts.

for example http://www.example.com/uk/cameras goes to https://www.example.com/uk

here uk being a sub domain (store).

The root folder has an htaccess file and so does the sub domain

I've tried using the fix listed here but it doesnt work, am i missing something.

 

Staff
8,065 Points
2014-08-25 10:54 am
The code example in this article should work perfectly, but your individual circumstances can cause issues. Could you clarify exactly how your site is built? Certain content management systems and carts can cause issues with redirects. Could you also provide me with what is in your .htaccess file?

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

16 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!