If you run a website today, you will need an SSL certificate. SSL certificates are used to verify your website is authentic and they encrypt user data sent to your site so that it cannot be stolen in transit. If you have an SSL installed, customers will be more confident to shop with you, browsers will label your site as secure using the padlock icon and search engines will be more inclined to rank your site in search results.
While this is great news, installing an SSL will require you to redirect from HTTP to the more secure HTTPS, so that the version of your site that visitors (and search engine crawlers) are sent to is the one protected by SSL. In this article, we’ll explain some of the ways you can redirect a website from HTTP to HTTPS.
Please note, that before doing any of the following, it is important to have your SSL certificate already installed.
Using cPanel
If you have cPanel with your hosting, you can use this to automatically redirect visitors to the secure version of your website. To do this, log in to cPanel and navigate to the Domains section and then click on the Domains button. On the page that opens, find the domain you want to redirect in the list and then toggle the HTTPS redirect button to on. With this, your website will now be automatically using HTTPS and all your visitors will be using the right version of the site.
Using Plesk
If you have a Plesk control panel with your hosting, you can quickly redirect users in a similar way to using cPanel. To do this, log in to Plesk and navigate to Domains. Find your chosen domain in the Database dropdown list and then click on Hosting Settings in the panel below.
In the page that opens, enable the setting ‘Permanent SEO-safe 301 redirect from HTTP to HTTPS’. You will then need to choose your SSL certificate from the dropdown menu. When happy, click on Apply. Your website will now be using HTTPS.
Using .htaccess file
If you do not have cPanel or Plesk and your existing control panel does not have a similar function, another option you can choose is to edit your .htaccess file. .htaccess files are usually located in the root folder of your website directory and you can locate yours using the file manager. Editing .htaccess files can be done in numerous ways. Traditionally, you download it from your server and edit it using a text editor (use Notepad, not Word!). You then rename the original file and upload the edited version as your new .htaccess. There are modern solutions to editing .htaccess files, there are some plugins that enable you to do it and you can do it within the file managers of some control panels, like cPanel.
To redirect from HTTP to HTTPS using .htaccess, add the following three lines of text to the bottom of your .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Once you have made the changes and replaced the existing .htaccess file with the updated version, your site will begin using HTTPS. Do ensure that if editing with a text editor you save the file in the same format that it was downloaded.
Using PHP function
You can use the following PHP function to redirect your website using PHP code. To do this, you will need to call the function on the page at the appropriate place where you need the redirect from HTTP to HTTPS.
Here is the code to add:
< ?php
function redirectTohttps() {
if($_SERVER[‘HTTPS’]!=”on”) {
$redirect= “https://”.$_SERVER[‘HTTP_HOST’].$_SERVER[‘REQUEST_URI’];
header(“Location:$redirect”); } }
?>
Note – changing PHP coding can affect how the website works. If you are unsure how to modify PHP, it is better to use other methods than this. For safety, always make modifications to a test version of the site before going live.
Conclusion
HTTPS is a much more secure way to transport data across the internet and to do this an SSL certificate is essential. Once installed, there are various ways to redirect users to the HTTPS version of your site, but the easiest and most risk-free method to achieve this is to use the automatic redirect settings in the domain sections of your control panel.
There are various types of SSL certificates you can use, including the free Let’s Encrypt SSLs. However, for businesses that need greater security and online trustworthiness, together with warranties in case things go wrong with an SSL, then professional paid-for SSLs are the best option.
For more information, see our range of GlobalSign SSL Certificates.
