How to force from HTTP to HTTPS?


Let me take the example of a newly installed WordPress website. After installing WordPress in your account you need to install SSL. If you are installing Free SSL that is Let’s Encrypt in WordPress, You will encounter this ‘Not Secure’ Problem in the URL.

First, you need to check if SSL is installed on your website or not. You can check it by accessing the provided link.
https://www.sslshopper.com/ssl-checker.html
Here is the result of my subdomain.

Here you can check I have a valid Let’s Encrypt SSL certificate installed. However, my website is still redirected to HTTP. In this case, I need to manually force HTTPS.


Here are two methods to force HTTPS.

  • Redirect through plugin in WordPress know as ‘Really Simple SSL’.
  • Redirect through .htaccess file.

Step 1:

You can install the WordPress plugin named Really Simple SSL from your WordPress Admin Dashboard. Then your website will be redirected from HTTP to HTTPS.
I do not recommend this method because your site performance will be slower. Really Simple SSL will work on the Front End. Third-party resources from your website will get affected. If you are in shared hosting then please choose Step 2 to get better loading time from your website.

Step 2:
In this method, you will redirect to HTTPS from the .htaccess file.
For this, You need to have cPanel access from your Hosting provider.
First, locate your WordPress website files and make sure your website files are loading from the correct location.
Here to give you a better understanding I have used my hosting provider HostGator’s cPanel.

Go to your FileManager in your cPanel and click on ‘Settings’ Which is present in the top right corner.
Tick on show hidden files, Then save.

After saving it Locate the folder from which your WordPress is loading. For my subdomain techie.abhignyan.com, I have a folder in my FileManager. For your primary domain, your files will be loaded from Public_html folder.

Right-click on your .htaccess file then select ‘Edit’ option.
Warning, Before proceeding further copy all your .htaccess file and save in any .txt file for backup purpose. If something goes wrong, You can always rename old .htaccess to something like .htaccessXXX and create a new .htaccess file then paste the backup content.
Now you have taken the backup of your .htaccess file contents let’s add the following code in your .htaccess file.


RewriteEngine On

RewriteCond %{HTTPS} !=on

RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] 


RewriteOptions inherit

RewriteEngine on

Header set content-Security-Policy: upgrade-insecure-requests

Make sure you copy the exact codes and save it in your .htaccess file.

Now after saving, your website will be redirected to HTTPS. You will no longer see Not Secure in your browser when you access your website.

If you still see it’s not secure or the site getting crashed, Please remove the codes you have added and install SSL correctly with valid certificates.