Force HTTPS using your .htaccess file [for cPanel GUI users]

  • Updated
Follow

So you have installed an SSL certificate for your domain, now let’s make sure that your site is always being served via HTTPS, rather than the default which is HTTP.

This article is written for users who prefer using the cPanel GUI, we also have an article written for users who would rather make these updates using CLI.

Note: If you have not already installed a SSL certificate please follow our guide on how to install a complimentary Let’s Encrypt certificate before completing the following steps.

1. Firstly, login to your cPanel account. If you have forgotten your cPanel credentials, they were included in the original ‘Welcome to Serversaurus’ email which you should be able to find in your inbox otherwise follow these instructions on how to update your cPanel password.

2. Using search bar, find the File Manager function.

3. Go to Settings in the top left hand corner, make sure Show Hidden Files (dotfiles) is selected, remember to save changes (if necessary).

filemanagersetttings.png

Screen-Shot-2018-06-08-at-4.46.05-pm.png

4. Select your websites document root from the directory listing on the left hand side of page. Your document root will most likely be public_html.

directorylistingfilemanager.png

5. Now you are looking at your website files, you should see a file named .htaccess, if this file is not present you will have to create the file. Otherwise if the file is existing, as a security measure please copy the .htaccess and name the duplicate file .htaccessold.

htaccess-1.png

filemanagertoolbar-1.png

6. Using the Edit function, add the below entry to the beginning of your .htaccess file. Your website may already have line 1 & 2 present, in which case, please just copy line 3 & 4 and paste below RewriteBase /. Save changes.

RewriteEngine on
RewriteBase /
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] 

If you are a WordPress user you may already have a similar entry in your .htaccess file, in which case you can update the entry using the two final lines in the above entry, see our example below:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase
RewriteCond %{HTTPS} !=on 
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

7. Your website should now force redirect all traffic to use https://. View your website to verify the updates are active and working as expected.

Screen-Shot-2018-06-26-at-4.09.01-pm.png

If the website conflicts with the .htaccess updates, you can use your duplicate .htaccess file as a backup.

 

Comments

0 comments

Please sign in to leave a comment.