Force HTTPS with the .htaccess File Updated on January 22, 2026 by InMotion Hosting Contributor 3 Minutes, 42 Seconds to Read Force HTTPS connections with the .htaccess to make sure every connection is a secure one. Your website’s visitors should be accessing your site using an SSL-encrypted connection for added security, accessibility, or PCI compliance. If you’re unfamiliar with SSL, our article, “What is SSL and why is it important?” will get you up to speed. Just having an SSL is not enough if someone can accidentally reach your site with an unsecured connection. Read below to see how to force HTTPS connections on your site. Why Force HTTPS for a Secure Connection? Forcing HTTPS with .htaccess Redirect All Web Traffic Redirect Only One Specified Domain Redirect Specified Folder Table of Contents Why Force HTTPS for a Secure Connection? Forcing HTTPS with .htaccess Redirect All Web Traffic Redirect Only One Specified Domain Redirect Specified Folder Why Force HTTPS for a Secure Connection? InMotion Hosting includes a free SSL Certificate for all Business Class Hosting Plans. It’s easy to activate this SSL in your Account Management Panel (AMP) under My Account > Manage Free SSL. We highly recommend that you require all visitors to your site to access it through a secure connection. At this point, a large majority of sites are running through SSL, and search engines may penalize you if you are not on SSL. More importantly, Google now seems to prioritize search results with secure connections over those without. Forcing visitors to use SSL can be accomplished through a variety of plugins, or by manually editing your .htaccess file using mod_rewrite. Forcing HTTPS with .htaccess The .htaccess file is a configuration file used on Apache servers. It is a ‘dot file,’ as the period at the beginning of the file name means that it is hidden from view by default. If you cannot see it, be sure that you can view hidden files in cPanel’s file manager. NOTE: For WordPress sites, consider an SSL plugin such as Really Simple SSL instead. Redirect All Web Traffic To force all web traffic to use HTTPS, insert the following lines of code in the .htaccess file in your website’s root folder. WARNING: If you have existing code in your .htaccess, add this above where there are already rules with a similar starting prefix. RewriteEngine On RewriteCond %{HTTPS} !on RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] Redirect Only One Specified Domain To force a specific domain to use HTTPS, use the following lines of code in the .htaccess file in your website’s root folder: WARNING: If you have existing code in your .htaccess, add this above where there are already rules with a similar starting prefix. RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteEngine On RewriteCond %{HTTP_HOST} ^example\.com [NC] RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L] If this doesn’t work, try removing the first two lines. RewriteEngine On RewriteCond %{HTTP_HOST} ^example\.com [NC] RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L] NOTE: Make sure to replace example.com with the domain name you’re trying to force to https. Additionally, you need to replace www.example.com with your actual domain name. Redirect Specified Folder If you want to force SSL on a specific folder, insert the code below into a .htaccess file placed in that specific folder: WARNING: If you have existing code in your .htaccess, add this above where there are already rules with a similar starting prefix. RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteCond %{REQUEST_URI} folder RewriteRule ^(.*)$ https://www.example.com/folder/$1 [R=301,L] NOTE: Make sure you change the folder reference to the actual folder name. Then, be sure to replace www.example.com/folder with your actual domain name and folder you want to force the SSL on. If you’re setting up an SSL for a WordPress site, be sure to check out our guide to setting your SSL up on a WordPress site. If you want advanced information on the .htaccess file, take a look at the official Apache .htaccess documentation. If your browser does not seem to indicate that you have an SSL even after you set this up, be sure to check our SSL ‘lock’ troubleshooting guide. Reliable Shared Hosting for Growing Businesses Get the performance your business website demands with NVMe SSD storage, industry-standard cPanel management, and direct access to hosting experts whenever you need assistance. Free Website Migration 24/7 Human Support 100% Money-Back Guarantee Shared Hosting Share this Article InMotion Hosting Contributor Content Writer InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals! More Articles by InMotion Hosting Related Articles Install Let’s Encrypt Free SSL Certificate on Ubuntu with Certbot Force HTTPS with the .htaccess File How to Fix the Insecure SSL Error due to SHA-1 Deprecation Troubleshooting SSL Connection Errors: How to Fix HTTPS Issues What Is SSL and Why Is It Important? Installing SSLs and Generating CSRs in cPanel Forcing your Website’s visitors to use the shared SSL How to Manage AutoSSL Certificates in cPanel How to Purchase an SSL Certificate for your Dedicated Server How to Enable a SSL on a WordPress Site
