This guide shows you a couple of lines of code which you can add to your website’s .htaccess file, directing visitors from HTTP to HTTPS. This way, your visitors always connect to your site using a secure, encrypted connection.

NOTE: You need an SSL certificate to redirect to HTTPS. These are distributed for free with a Webhosting package + domain registration using a Let’s Encrypt certificate.

If you’re using a WordPress installation on your website, we recommend using the Really Simple SSL plugin, which does all of the redirecting for you!

Redirecting examples

Redirect HTTP to HTTPS, with- or without www prefix

http://example.com -> https://example.com http://www.example.com -> https://www.example.com

RewriteEngine On RewriteCond %{HTTP:X-Forwarded-Proto} !https RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Redirect HTTP to HTTPS, always using www prefix http://example.com -> https://www.example.com http://www.example.com -> https://www.example.com

RewriteEngine On RewriteCond %{HTTP_HOST} !^www\. RewriteCond %{HTTP:X-Forwarded-Proto} !https RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Redirect HTTP to HTTPS, never using www prefix http://example.com -> https://example.com http://www.example.com -> https://example.com

RewriteEngine On RewriteCond %{HTTP:X-Forwarded-Proto} !https RewriteCond %{HTTP_HOST} ^(?:www\.)?(.*)$ [NC] RewriteRule (.*) https://%1%{REQUEST_URI} [L,R=301]

Redirect HTTPS (with www prefix) to HTTPS (without www prefix) https://www.example.com -> https://example.com

RewriteEngine On RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC] RewriteRule ^(.*)$ http://%1/$1 [R=301,L]