Step-by-step instructions to redirect from HTTP to HTTPS

As hackers and fraudsters keep upgrading their game with new and sophisticated techniques, the significance of implementing proper security measures continues to rise. Having an HTTPS-enabled website is one such security measure. The browser community has been pushing towards a shift to HTTPS for quite a while. The browsers such as Chrome display a warning if your website is still using HTTP. This message is enough to scare users away and make a dent in your reputation.

HTTP to HTTPS Redirection
Many websites have pages served over both the HTTP and HTTPS protocols. This too can result in security warnings from the browsers. Therefore, the wisdom lies in migrating your entire website to HTTPS before it’s too late. Depending on the type of server you use, you must include the following lines of codes in .htaccess and web.config files to redirect HTTP to HTTPS.

Linux & cPanel Redirect HTTP to HTTPS – .htaccess filE Redirect To HTTPS

Place the code below in the .htaccess file in cPanel on your Linux based server. This will redirect your visitors to HTTPS.

RewriteCond %{HTTPS} !on [OR]

RewriteCond %{HTTP_HOST} !^www\.

RewriteRule (.*){REQUEST_URI} [L,R=301]

Keep in mind the following things if you Want to Redirect .htaccess 

  • You must not duplicate RewriteEngine On.
  • You must make sure that the lines starting with RewriteCond and RewriteRule immediately follow the RewriteEngine On. 

Windows & Plesk HTTP to HTTPS redirection – using web.config file

Use the following code for the web.config file in Plesk panel of your Windows based server. This will redirect your site visitors to HTTPS.





       <rule name="HTTP to HTTPS redirect" stopProcessing="true">

         <match url="(.*)" />


           <add input="{HTTPS}" pattern="off" ignoreCase="true" />


         <action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/{R:1}" />






Keep in mind the following things if you have a web.config file.

Make sure you have an opening and closing tags for:

  • webServer
  • rewrite
  • rules

Also, don’t forget to insert the whole rule section inside the rules section.

Important Resources


green pad lockHere we go, our website is now redirected from http to https with the help of .htaccess file and web.config file individually.


Welcome to Savvy Security, a blog focused on providing practical cybersecurity advice for website owners and small businesses. Our team brings you the latest news, best practices and tips you can use to protect your business...without a multi-million dollar budget or 24/7 security teams.