How to Redirect HTTP to HTTPS in Apache Web Server using .htaccess File

By | September 25, 2017

Redirect http to https Code:

First disable Cache and CDN plugins , because these can complicate the redirection.

After checking SSL Certificate , now we have to redirect all http pages to https.

In apache web server we can do this using .htaccess file

Simply copy the below code and paste it in the beginning of yout .htaccess file. pls do not forget to replace “” with your website name.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$$1 [R=301,L]

Adding HSTS and Preloading HSTS:

You can also add HSTS(HTTP Strict Transport Security) header and preload HSTS using the below code and place it in the beginning of your .htaccess file above the redirect code. HSTS forces the browser to use secure connections when a website is using ssl certficate.

Header always set Strict-Transport-Security “max-age=63072000; includeSubDomains; preload” env=HTTPS

For more info on HSTS click here

For more info on HSTS preload, click here

Check for too many Redirects:

Now check for too many redirects, here

The goal is to have all versions ending up at the same url.

Updating hard coded HTTP links:

Update hard coded HTTP links in databases using “Better Search Replace” Plugin. This will replace all http present in databases with https.

Migrate CDN from HTTP to HTTPS:

Check with your CDN provider for the migration. The following links might be helpful

Also update in CDN Enabler plugin.

Mixed Content Warnings:

In chrome browser, go to “Developer Tools” and go to “security” tab, which will show you mixed content warnings if any.

Mixed content occurs when your website is loaded over a secure HTTPS connection, but other resources (such as images, videos, stylesheets, scripts) are loaded over an insecure HTTP connection. This is called mixed content because both HTTP and HTTPS content are being loaded to display the same page.  Modern browsers display warnings about this type of content to indicate to the user that this page contains insecure resources.

If you have followed the above steps properly, then you won’t get mixed content warnings.

Updating in Google Search Console:

Add the HTTPS property to Search Console as Search Console treats HTTP and HTTPS separately and then delete the hhtp properties in search console.

Updating in Google Analytics:

You have to select https in analytics property settings and view settings.

Also scroll down “property settings”  and click on  “adjust search console” button to link analytics with search console. You have to edit http to https.

Now your conversion for HTTP to HTTPS is complete. Pls. comment on this post if you still have any doubts. I will be glad to assist you. You can also enrich the post content by providing your valuable feedback and adding to the knowledge base.

About The Author

Digital Marketing Consultant from BangaloreHi, This is Ram Mohan, Digital Marketing Consultant from Bangalore. I am also a Trainer and Blogger on Digital Marketing. Know more about me here



Leave a Reply