How to Force SSL / HTTPS using .htaccess (For WordPress & All Sites)
Secure Your Website: How to Force HTTPS using .htaccess in cPanel (WordPress & All Sites)
In today’s digital landscape, website security is paramount. Visitors expect a secure browsing experience, and search engines prioritize websites that use HTTPS. If your website is still loading with an insecure “http” URL, it’s crucial to make the switch to “https.” This guide provides a simple, step-by-step process to force HTTPS using your .htaccess file in cPanel, ensuring a secure connection for all visitors, regardless of your website platform (WordPress, Joomla, Drupal, etc.).
Why Force HTTPS?
HTTPS (Hypertext Transfer Protocol Secure) encrypts communication between your website and your visitors’ browsers. This encryption protects sensitive data, like login credentials and payment information, from being intercepted by malicious actors.
Benefits of HTTPS:
- Amélioration de la sécurité : Protects user data and builds trust.
- Avantages du référencement : Search engines favor HTTPS websites, giving them a ranking advantage.
- Enhanced Credibility: Displays a security padlock in the browser address bar, reassuring visitors that your site is safe.
- Conformité : Indispensable pour répondre à la norme PCI DSS si vous traitez des paiements en ligne.
Accessing Your .htaccess File via cPanel
Before you can force HTTPS, you need to access your .htaccess file. This file allows you to control how your web server handles various aspects of your website. Here’s how to find it in cPanel:
- Connectez-vous à cPanel : Accédez au panneau de contrôle de votre hébergement web.
- Ouvrir le gestionnaire de fichiers : Navigate to the “Files” category and click on “File Manager.”
- Configure File Manager Settings: Cliquez sur l'onglet “Paramètres” dans le coin supérieur droit.
- Afficher les fichiers cachés : Select the document root for your domain and make sure the “Show Hidden Files” checkbox is checked. Click “Save.”
- Localisez .htaccess : Find the .htaccess file in the file list (it might be hidden, so make sure you’ve enabled “Show Hidden Files”).
- Modifiez le fichier .htaccess : Right-click on the .htaccess file and choose the “Edit” option. This will open the file in a text editor within your browser.
Forcing HTTPS with .htaccess Code
Now, paste the following code into your .htaccess file to redirect all HTTP requests to HTTPS:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Explanation of the Code:
RewriteEngine On: This line activates the rewrite engine in your web server (Apache), which allows the .htaccess file to redirect traffic.RewriteCond %{HTTPS} off: This condition checks if the incoming request is using HTTP (not HTTPS).RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]: This rule redirects any HTTP requests to the HTTPS version of the same URL. The[L,R=301]indiquent qu'il s'agit de la dernière règle à traiter (L) and that it’s a permanent redirect (R=301), which is important for SEO.
Considérations importantes
- SSL Certificate: Make sure you have an SSL certificate installed on your website. Most hosting providers offer free SSL certificates through Let’s Encrypt.
- RewriteEngine: Ensure that your hosting plan supports the
RewriteEngine. Most do, but it’s worth confirming with your hosting provider. - Hébergement WordPress géré : If you’re looking for a hassle-free experience, consider managed WordPress hosting. Providers like MyGlobalHost offer managed plans with all the necessary features, including SSL certificates and support for .htaccess modifications.
Saving and Testing
Once you’ve added the code to your .htaccess file, save the changes. Now, visit your website using the HTTP version of your URL (e.g., http://www.example.com). You should be automatically redirected to the HTTPS version (e.g., https://www.example.com). By following these steps, you can easily force HTTPS for your website, improving security, SEO, and user trust.
