Jack Barber / Website Design

Force Your Website to Use SSL via .htaccess

Force Your Website to Use SSL via .htaccess

SSL stands for Secure Sockets Layer - it the method by which the connection between your browser and the website you're visiting is encrypted, ensuring information can be passed securely between the two.

Traditional SSL was only used to encrypt connections where sensitive data was passed - login forms for instance. But a while ago Google announced that SSL would become a search engine optimisation ranking factor for websites resulting in use of SSL becoming far more common place.

Users are now comfortable recognising the padlock symbol which is activated in most browsers when connecting to a website requesting an SSL connection. Also, more and more websites are allowing users to register for accounts and submit potentially sensitive information via contact forms and so on.

Add to this the fact that many hosts are now offering SSL as standard - particularly with the advent of Let's Encrypt - and it's easy to see why ensuring your site is running behind an encrypted https:// connection makes good business sense.

Add These Lines To Your .htaccess File

Forcing your website to use an SSL connection is simple. If your web server is running Apache, you can just add this to your .htaccess file:

RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://DOMAINNAME.co.uk/$1 [R,L]

Don't forget to update it with your actual domain name. Also, you'll want to check your SSL certificate it active before applying this change, otherwise visitors may be shown a warning that will prevent them from easily accessing your website.