Force visitors to use secure connection (https)

When you make use of a SSL-certificate, the connection between your website and visitors will be encrypted and secure. Especially when sensitive information (such as client details) are processed, this is very important.

After installing your SSL-certificate the https (s stands for Secure) connection is available. However, this does not yet mean that all your visitors will use it! After all, all your visitors always saw your website on http:// and search engines such as Google and Bing have indexed your pages on the (unsecure) http protocol!

To solve this, there are a few simple steps to take:
  • Make sure all resources are loaded over https. This counts for javascripts, images, iframs, etc. Links to external websites (via <a href=>) don't need to be changed.
  • Make sure to always link your own website via a relative path (such as: /contact.php) or use the https:// version of your URL.
  • In a lot of scripts you need to change the "Home URL". With Wordpress, for example, you need to go to Settings -> General, and change the Wordpress-address (URL) and Site address (URL). Next, use the Search & Replace plugin to convert your old URL (with http://) to the new URL (with https://).
  • Create a file called .htaccess in the httpdocs folder, with the following text:
    RewriteCond %{HTTPS} off
    RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    RewriteCond %{HTTP_HOST} !^www\.
    RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    This will force your traffic to use If you do not wish to force the www. part you only have to use the first 2 lines.
  • The code above will use a 301 forward, which means that your website is permanently moved. The searchengines will also catch this, so you do not get a duplicate content-penalty and also don't lose any backlinks or indexed pages.
Can't get it working?






Unable to solve your problem despite this help page? Let us know!