Overview
You can force your website to redirect from HTTP to HTTPS by adding code to an .htaccess file. The S ensures that your connection is encrypted. For example:
- https://example.com
Adding custom code is only necessary if your website requires specific code to force the redirect.
After you have added an SSL certificate to your domain, DreamHost automatically redirects to HTTPS. You need not update anything on your end to force your site to use the secure URL. However, in some special cases, you may need to create your own custom configuration file to force the redirect from HTTP to HTTPS. If so, you will need to first disable the automatic redirect in your panel.
Once disabled, you can then proceed with adding your custom .htaccess file.
How do I force HTTPS for WordPress and DreamPress sites?
View either of the following articles for instructions on how to create/edit an .htaccess file on your server.
- Creating and editing a file via FTP (Hidden files must be enabled to see the .htaccess file.)
- Creating and editing a file via SSH
The .htaccess file should be located in your website's primary directory. For example:
/home/username/example.com
How do I force HTTPS on a WordPress site?
It's possible for a visitor to enter a direct HTTP URL on your WordPress site, even when an SSL certificate is active. To force any HTTP request to redirect to HTTPS, add the following code to your WordPress .htaccess file.
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"
Full example including the default WordPress code
If your .htaccess file already contains some default WordPress code, enter the following above or below that code. Never enter code inside of the comment tags that start and end with:
# END WordPress
Below is what your .htaccess file looks like with both the new HTTPS code and existing WordPress code.
RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE] Header always set Content-Security-Policy "upgrade-insecure-requests;" # BEGIN WordPress
# The directives (lines) between `BEGIN WordPress` and `END WordPress` are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten. <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress
Forcing HTTPS with DreamPress
It is not possible to use an .htaccess file with DreamPress since it uses Nginx, which instead automatically forces HTTPS.
Troubleshooting
Resolving mixed content warnings
Even when your site is correctly redirecting to the secure URL, it's possible the browser may still throw a warning indicating that some resources such as links are pointed to the non-secure version.
To resolve these warnings, follow these instructions to add additional code to your .htaccess file.