How to Force HTTPS Using .htaccess: A Step-by-Step Guide

In today’s digital landscape, ensuring secure connections between your website and its visitors is essential. One way to achieve this is by forcing the use of HTTPS (Hypertext Transfer Protocol Secure) on your website. In this step-by-step guide, we’ll walk you through the process of enforcing HTTPS using the powerful .htaccess file.

Step 1: Accessing the .htaccess File

To get started, you’ll need to locate and access the .htaccess file on your web server. The .htaccess file is a configuration file that allows you to make various changes to the server’s behavior. It is typically found in the root directory of your website.

Step 2: Editing the .htaccess File

Once you’ve located the .htaccess file, you can edit it using a text editor of your choice. If the file doesn’t exist, you can create a new one using a plain text editor.

Step 3: Adding the Rewrite Rules

To force HTTPS, you need to add the following code snippet to your .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This code uses Apache’s mod_rewrite module to perform the redirection. It checks if the HTTPS protocol is not already enabled and redirects any incoming requests to the HTTPS version of the URL.

Step 4: Saving and Uploading the .htaccess File

After adding the rewrite rules, save the changes to your .htaccess file. Make sure to save it without any file extensions (e.g., “.txt”). Then, upload the modified .htaccess file to the root directory of your website using an FTP client or a file manager provided by your hosting provider.


Enforcing HTTPS using the .htaccess file is a straightforward process that significantly enhances the security of your website. By following the steps outlined in this guide, you can successfully redirect all HTTP traffic to HTTPS, providing a safer browsing experience for your visitors. Remember to regularly test and monitor your website to ensure the HTTPS redirection is functioning correctly and eliminate any mixed content issues.