US 1-877-412-4678      International 1-317-961-1116
There are upcoming maintenance events which may impact our services. Learn more

How do I force my site to use https Print

  • 42

Forcing SSL for your site can be accomplished numerous ways depending on your content.  We have listed the most common below.


Go to Settings > General and make sure that the WordPress Address (URL) and Site Address (URL) is https. If not, add S after http to make https and save it :

WordPress HTTPS Setting Page

If your site does not automatically begin re-directing to SSL you may need to use the code in the .htaccess file below under "Others".

You may also need to use a plugin like "Really Simple SSL" to make sure you do not serve mixed content [SSL and non-SSL in the same page].


Go to System > Global Configuration. Navigate to the Server tab. Set the Force SSL option to Entire Site. Save settings.

Joomla HTTPS Setting Page


The most common for sites not listed is by using mod_rewrite within your .htaccess file.

To force all web traffic to use HTTPS [SSL] you can insert the following lines of code into the .htaccess file in the root folder of your website.  It is important that you insert this above any pre-existing mod_rewrite code - placing it at the top of the file is usually suggested.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Should you wish to only force a specific domain to HTTPS you would use the following code - making sure to replace "example\.com" with your actual domain name.  The back slash "\" before the period is important.

RewriteEngine On 
RewriteCond %{HTTP_HOST} example\.com$ [NC]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$$1 [R=301,L]

If you can not see the .htaccess file in the cPanel file manger ensure show hidden files is enabled by clicking the gear (settings) in the upper right and checking the box.

Show Hidden Files

If you force SSL using these .htaccess rules and you end up with an "endless redirection", "redirection loop", or similar it is quite likely your script/software is trying to re-direct back to non-ssl which is then being re-directed by .htaccess back to SSL.  In this case you will likely need to configure SSL usage within your script/software directly.

Was this answer helpful?

« Back