Force Redirect HTTP to HTTPS and WWW with HTACCESS

After installing SSL (HTTPS) for your website or blog, you should direct all traffic to the HTTPS version of the URLs domain for obvious reasons (Security, SEO, and the like). Here are the simple steps to automatically forward HTTP to HTTPS, and troubleshooting instructions.

We will assume your website is hosted on a Linux/Unix server and you can use an HTACCESS file. If you don’t know what that is, better go find someone (or ask us) who can quickly get the task done for you.

Automatically Redirect from HTTP to HTTPS:

In the root directory of your website domain, you may already have a file named “.htaccess” and may have some code within it.
You will need to add the following code snippet to the existing file, preferable at the beginning of the file. [Backup the file first!]
Code to paste:

# Automatically redirect HTTP to HTTPS -reference:
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

IfModule mod_rewrite.c checks if mod_rewrite (required for this purpose) module is available.

There can be multiple “RewriteEngine On” statements in the file. One instance of that is all that is needed. Repetitions will are redundant, but aren’t a problem.

RewriteCond is the condition to meet. Our condition here means https is off.

RewriteRule is the rule where you specify what to do. We’re specifying to 301-redirect to an address where we’ve specified the first part of the URL and rest will be appended automatically from the request.
It’s possible to automatically grab and use the website domain name rather than hard-coding it in the sample above. However, differently configured servers can cause errors and we don’t want to take the chance.

R=301 means a 301 Redirection.

L means this is the last rule and no other rules should be processed. Though in this example, the same HTACCESS file and further rules will be applied post redirection.

Automatically Redirecting to WWW or non-WWW URL

You might like your website URLs always accessed as rather than just; or vice versa.
You can add an extra condition to check and force www or non-www.

Redirect naked domain to WWW and HTTPS:

# Automatically redirect to HTTPS and WWW -reference:
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} off [OR]
    RewriteCond %{HTTP_HOST} ^example\.com [NC]
    RewriteRule .*{REQUEST_URI} [R=301,L]

Make sure you change the RewriteRule .*{REQUEST_URI} [R=301,L] to your website domain accordingly.

Notice we now have two conditions with an OR in between. So, the rule will redirect users if any of those conditions match.

Redirect to non-WWW and HTTPS:

# Automatically redirect HTTPS and non-WWW -reference:
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} off [OR]
    RewriteCond %{HTTP_HOST} ^www\. [NC]
    RewriteRule .*{REQUEST_URI} [R=301,L]

That’s it. Go ahead and check by typing different versions of the URLs. If everything works as expected, you’re all set and can skip the troubleshooting section below. However, read for a better understanding of things involved. It can help prevent issues in the future.


HTACCESS changes not reflecting

Most of the time it’s something wrong you’ve done in the HTACCESS code. However, use a clean browser or do a hard-refresh if there are 301 redirects involved.

HTACCESS changes not reflecting for a specific sub-directory or folder

It appears like a bug, but it’s probably not. If the sub-directory has its own HTACCESS file, that will be the ONLY HTACCESS file to be honored. To allow execution of rewrite rules from htaccess from parent folder, you need to explicitly allow it. Instead of that, just go ahead and make the changes again in the sub-directory. You will notice this if the root directory has WordPress and within that you’ve installed something like PHPBB in a sub-directory.

Weird-looking URL’s

It should not happen with the above example as we’re hard-coding the website domain in the rule. However, if you have tried code from elsewhere, consider hard-coding certain pieces; and you can eliminate the issues.

Too Many Redirects

Occasionally encountered if there’s another system that also attempts to modify the URL. This is very common with WordPress sites. The solution is easy. Go to your WordPress admin screen, then Settings -> General and make sure these two entries match your desired URL format (i.e. the HTTPS and WWW pieces):

How to auto-redirect to HTTPS with IIS on Windows Hosting

HTACCESS on Windows Hosting is handled in a different way. In fact, it’s not even HTACCESS.

On IIS server, you will need to download and install the URL Rewrite Module which would enable features very similar to HTACCESS on Unix/Linux hosting.

Need Help?

Feel free to drop a comment and I’ll respond.

5 Comments on “Force Redirect HTTP to HTTPS and WWW with HTACCESS”

  1. Thanks and I want to add some troubleshooting steps here.

    If you’re deleting lines from the code make sure you edit it the correct way, for example, I removed the line:
    RewriteCond %{HTTP_HOST} !^www\. [NC]
    from a code block.

    And my condition then became:
    RewriteCond %{HTTPS} off [OR]

    The empty [OR] operator matched all the incoming requests and hence kept redirecting forever. That resulted in ‘too many redirects’ error.

    I spent more than an hour in the troubleshooting before I realized this silly mistake.

    Bottomline: If you have never edited htaccess file in the past, use the complete code blocks from the examples above. Don’t try to edit anything else.

Leave a Reply

Your email address will not be published. Required fields are marked *