In this tutorial, I’m going to show you how to use your root .htaccess file to automatically redirect all http traffic to https and to specify whether to use www or non-www. The reason you’ll want to do this is to make sure you don’t have any duplicate content and also to avoid being penalised by Google and other search engines for not serving secure pages. In case you’re wondering, they’ll also penalise you for serving duplicate content. As most shared hosting accounts come with a free SSL certificate, it’s not going to cost you anything more to redirect to https.  If your hosting account doesn’t off a free SSL certificate, it’s probably time to find a new hosting company.

Please note that this article only applies to Apache servers.

Why Force all Your Traffic to use SSL

There are three main reasons to use SSL: trust, security, and canonicalization.

Trust

The vast majority of browsers, including Google Chrome, Microsoft Edge, Safari, and Firefox, will warn a visitor if a site is not secure. Often these warning are quite bold and don’t inspire confidence with your site’s visitors.

Security

If you site requires visitors to submit information like contact details or you are running an eCommerce site, you definitely want to encrypt all your traffic to and from the server.

Canonicalization

Canonicalization is a big word for a big problem. To quote Wikipedia:

In computer science, canonicalization (sometimes standardization or normalization) is a process for converting data that has more than one possible representation into a “standard”, “normal”, or canonical form.

What this basically means from a web point of view is to serve a page once and not multiple times. This might not seem obvious but there are potentially four ways the same page can be served:

  1. http://
  2. https://www.
  3. https://
  4. https://www.

This isn’t good for SEO as search engines can potentially see the same content four times which means you’ve got duplicate content.

Finding Your .htaccess File

For this part of the tutorial, I’m going to assume you’re running cPanel. If your account doesn’t use cPanel, please contact your hosting company and ask them to guide you to finding this file. By default, cPanel‘s File Manager doesn’t display hidden files. Files beginning with a dot (.) are hidden. To display these hidden files, you’re need to open the File Manager, click on Settings, in the Preferences window, tick Show Hidden Files, and then click Save.

Show hidden files in cPanel File Manager

Before you begin, please make sure you backup your .htaccess file. It makes life so much easier if something goes wrong. Once you’ve made a backup, open the file using the cPanel File Manager Editor.

Redirecting Traffic to https and non-www

If you want redirect all traffic to https://yourdomain.com then add the following code to the .htaccess file you’ve just found in the root of your public_html folder. Don’t forget to change the domain name from example.com to your own.

 

Redirecting Traffic to https and www

If you want redirect all traffic to https://www.yourdomain.com then add the following code to the .htaccess file. And again, don’t forget to change the domain name example.com to your own.

Wrapping it Up

There you have it. It might seem a little daunting at first but it really isn’t that difficult to redirect to https and to choose if you want to serve your pages with or without www.