Tips and Tricks

How to Force HTTPS: Redirecting All HTTP Traffic to Your Secure Site

by dotCanada Team
How to Force HTTPS: Redirecting All HTTP Traffic to Your Secure Site

Getting an SSL certificate installed on your website is a great first step toward a secure site. But there is a common mistake that leaves many sites only half-protected: failing to set up a redirect from HTTP to HTTPS. Without that redirect, your site technically exists at both addresses simultaneously - and anyone who visits the HTTP version gets the insecure, uncertificated experience.

Why the Redirect Matters

There are three concrete reasons to force HTTPS:

SEO. Google treats HTTP and HTTPS as separate URLs. Without a redirect, you risk splitting your search authority between two versions of the same page. Google does credit HTTPS sites in its ranking signals - but only if HTTP traffic is properly redirected so the secure version gets all the credit.

User trust. Modern browsers show a "Not Secure" warning in the address bar for HTTP pages. Even visitors who did not notice your padlock icon will notice that warning. Redirecting HTTP to HTTPS ensures every visitor sees the secure version regardless of how they arrived.

Mixed content. If your site loads over HTTPS but some resources (images, scripts, stylesheets) are still referenced with http:// URLs in your code, browsers block or warn about those resources. Forcing HTTPS from the server level is the starting point for addressing this problem.

The .htaccess Method (Apache Servers)

For most shared hosting environments running Apache - including all dotCanada hosting plans - the .htaccess file in your public_html directory controls redirect behaviour. Add the following rules to the top of your .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

The R=301 tells browsers and search engines that this is a permanent redirect - which is what you want for SEO. Search engines will update their indexes to reflect the HTTPS version of your URLs.

Always back up your .htaccess file before editing it. A syntax error in .htaccess can take your site offline until it is corrected.

The WordPress Settings Method

If your site runs WordPress, the easiest first step is updating your WordPress and Site Address URLs. Go to Settings > General and change both the WordPress Address and Site Address fields from http:// to https://. Save the changes.

This updates where WordPress thinks your site lives, which affects how it generates internal links, asset URLs, and redirects. However, it does not create a server-level redirect - you still need the .htaccess rules above to catch direct HTTP requests before they reach WordPress.

The Plugin Method: Really Simple SSL

If you would rather not touch .htaccess or the WordPress settings directly, the Really Simple SSL plugin handles both in a few clicks. After installing and activating it, the plugin:

  • Detects your SSL certificate
  • Updates your WordPress URLs
  • Adds the .htaccess redirect rules
  • Attempts to fix mixed content by rewriting HTTP resource URLs to HTTPS

For most straightforward WordPress installations, Really Simple SSL handles the entire transition in under two minutes. It is the recommended approach for site owners who are not comfortable editing server configuration files.

Fixing Mixed Content Warnings

Even after forcing HTTPS, you may see a padlock with a warning (or no padlock at all) because some resources on your page are still loading over HTTP. Common causes:

  • Images uploaded before the SSL switch with hardcoded http:// URLs in post content
  • Embeds from third-party sources using HTTP
  • Plugins or themes that hardcode HTTP URLs

The Better Search Replace plugin can search your WordPress database for http://yourdomain.ca and replace it with https://yourdomain.ca, catching most hardcoded HTTP references in post content. For theme and plugin files, you may need to contact the developer or manually update the URLs.

Once your .htaccess redirect is in place and mixed content is resolved, run your URL through Google's Safe Browsing check and a browser's developer tools (Network tab, filter by mixed content) to confirm everything is loading securely. A clean padlock icon and a solid HTTPS foundation will serve both your visitors and your search rankings well.

#ssl#https#security#htaccess#wordpress

Related Articles

Managing MySQL Databases with cPanel and phpMyAdmin
Tips & Tricks

Managing MySQL Databases with cPanel and phpMyAdmin

Behind almost every dynamic website is a database. cPanel makes it easy to create and manage MySQL databases, and phpMyAdmin gives you a powerful visual interface to explore and edit your data. This guide covers everything you need to know.

Read more →
How to Set Up Professional Email with cPanel
Tips & Tricks

How to Set Up Professional Email with cPanel

A professional email address using your own domain instantly builds trust with customers and clients. This step-by-step guide shows you how to create and configure email accounts in cPanel and connect them to the apps you already use.

Read more →
cPanel Tutorial: Getting Started with Your Hosting Control Panel
Tips & Tricks

cPanel Tutorial: Getting Started with Your Hosting Control Panel

cPanel is the control panel that comes with most shared hosting plans, and it puts powerful tools right at your fingertips. This tutorial walks you through the interface so you can manage your website, email, and files with confidence from day one.

Read more →

100% Satisfaction Guarantee

We're so confident you'll love dotCanada that we offer a 30-day money-back guarantee. Not satisfied? Get a full refund, no questions asked.

Ready to Get Started?

Join thousands of Canadian website owners who trust dotCanada for reliable, fast web hosting.

Get Started Today