Forcing HTTPS and Redirecting Insecure Requests

New changes now allows cPanel the ability to force HTTPS natively in the Domains area! You will want to first log into cPanel and open the Domains page:

Screen_Shot_2023-01-19_at_3.26.39_PM.png

You will see a list of your domains with a new column titled “Force HTTPS Redirect” where you can toggle the setting:

cPanel%20-%20Domains%202019-08-25%2014-52-44

Toggle the setting On to allow for an HTTPS redirect:

cPanel%20-%20Domains%202019-08-25%2014-54-21

And that’s it! Next is an alternative way where you can manually force your domain from HTTP to HTTPS through the .htaccess file.

.htaccess

The alternative way to accomplish this is going to be with the use of an .htaccess file. .htaccess files handle URL rewriting within your account. You may not even realize they’re there, but as an example when you install WordPress it setups an .htaccess file so that you get nice URLs instead of ones ending in .php. Here’s how to use this file to your advantage to make sure all visitors get the HTTPS version of your website.

First, just to double check, make sure your website loads over https://yourdomain.com. The last thing you want is to add in rules and get stuck in redirect loops or have things error out so best to check now. If you get errors when trying to load the site over SSL feel free to open a support ticket so we can have a look.

Next login to cPanel and open the File Manager.

Screen_Shot_2023-01-19_at_3.27.26_PM.png

We want to make sure you can view “hidden” files (see that period in .htaccess? That means it’s a file not normally seen in file browsers). To show hidden files click Settings in the top right and check the box here:

Next we want to navigate to the folder in which our site is located. For most folks adjusting their main domain this is going to be public_html but if it’s a subdomain or addon domain it may be in a folder underneath public_html or in the root directory of your account. Select the folder for the install in the sidebar on the left and you’ll see the files for your site. If it’s WordPress or other software there’s a good chance that you already have an .htaccess file here you can edit. If not (for example if you built your site with Dreamweaver) you can create a new .htaccess file here. Either way we want to select the file and click the Code Editor button.

Screen_Shot_2018-08-07_at_17_07_54

You’ll get a popup asking about encoding, just click Edit to proceed. Here we can start adding the code we need to force our visitors to get the HTTPS version of our website.

Add a new line to the top of the file and add the following code at the very top:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

04 PM

Then click Save Changes in the top right. Once saved this should be effective immediately so try visiting http://yourdomain.com and ideally if everything went right your site should show up as https://yourdomain.com.

If you’re running WordPress I’ll also put in a plug for the plugin SSL Insecure Content Fixer which when used in combination with the above .htaccess rules will make sure not only the site loads over https but all images, CSS, and scripts (so you get that nice green icon). If you run into any issues with any of this feel free to put in a support ticket with us.

For more information about .htaccess files, see our guide Understanding .htaccess.
Was this article helpful?
0 out of 0 found this helpful

Articles in this section

Reclaim Hosting Support Hours
8:00 am - 5:00 pm ET, Monday through Friday
Submit a Ticket
Get a quick and helpful response from the pros.
Need Extra Support?
No problem, we're here to help! Talk to us about Professional Services or custom Service Level Agreements.