Learn how to redirect HTTP to HTTPS. This configuration provides a secure connection for your users and will have a positive impact on your SEO.
First, you need to have HTTPS enabled and an SSL certificate installed on your server. You can implement this by logging into your web hosting provider.
Then, you need to log into your WordPress admin console and change the setting in Settings->General to https://www.example.com
. You will need to add HTTPS to the following two URLs: your WordPress Address and Site Address.
Note: If you are using a CMS other than WordPress or have a custom site running Apache, you can create your own .htaccess file and modify it to suit your needs.
Next, you need to modify your .htaccess file and include the following snippet of code near the top of the file, above the default WordPress code.
#Force https
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
If that doesn't work, try the following:
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
The .htaccess file has a period in front of it and is a special file. If you cannot find or view your .htaccess file in your file browser, you may have to adjust your computer settings to “show hidden files” somewhere in your preferences.
Three Ways To Modify .htaccess
- Log in to your hosting provider and access the built-in HTML editor. Find the .htaccess file and click “edit.” Paste in the snippet of code and save the file.
- Use FTP software to access files on your server. Open the .htaccess file, modify it, and save it. Then use FTP to push the file back to your server.
- Use an HTTPS/301 Redirect WordPress plugin.
Benefits Of HTTPS Redirects
Now that you have added the new code to the file and changed your WordPress URL settings, your server should force HTTPS for your website URLs. When a user requests the non-secure HTTP version of your website, they will automatically be redirected to the secure HTTPS URL.
This configuration also tells Google to index the single secure version of your site in the SERPs (Search Engine Results Pages). This is a win-win for security and SEO!
Technical Awareness
This is a technical configuration that can break your website if not implemented correctly. If you are not comfortable working in the areas listed above, please contact your web developer for help.
In another post, I discussed the difference between serving HTTP and HTTPS to your users.