Redirect HTTP to HTTPS and WWW Using .htaccess

Why Redirect to HTTPS and WWW?

Redirecting your website traffic to HTTPS ensures secure communication between your server and visitors' browsers. Adding the 'WWW' prefix provides consistency in URLs, helping improve your site SEO and user experience. This guide explains how to configure your '.htaccess' file to achieve both.

.htaccess Code for Redirecting HTTP to HTTPS

To ensure your website uses secure HTTPS communication, you can configure your '.htaccess' file to redirect all HTTP traffic to HTTPS. This redirection improves security by encrypting data between your server and visitors' browsers. Use the following code snippet to implement the redirection:

Apache
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

Redirecting HTTP to HTTPS and WWW

Use the following code snippet in your '.htaccess' file to redirect all traffic to the HTTPS version of your site with the 'www' prefix:

Apache
<IfModule mod_rewrite.c>
    RewriteEngine On

    # Redirect to HTTPS and www
    RewriteCond %{HTTPS} off [OR]
    RewriteCond %{HTTP_HOST} !^www\. [NC]
    RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    # Ensure the domain is always www (even for HTTPS requests)
    RewriteCond %{HTTP_HOST} !^www\. [NC]
    RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

This configuration ensures that all users are redirected to the secure, 'www' version of your site regardless of how they access it.

Example:

  • Visiting http://example.com redirects to https://www.example.com.
  • Visiting https://example.com redirects to https://www.example.com.

Redirecting HTTP to HTTPS Without www

If you prefer to redirect your traffic to the non-'www' version of your site while ensuring secure HTTPS communication, use the following code snippet in your '.htaccess' file:

Apache
<IfModule mod_rewrite.c>
    RewriteEngine On

    # Redirect to HTTPS without www
    RewriteCond %{HTTPS} off [OR]
    RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
    RewriteRule ^(.*)$ https://%1%{REQUEST_URI} [L,R=301]
</IfModule>

This configuration removes the 'www' prefix and redirects all traffic to the HTTPS version of your site. It ensures a consistent URL structure while maintaining security.

Steps to Implement

  1. Ensure your server supports SSL/TLS and that your SSL certificate covers both 'www' and non-'www' versions of your domain.
  2. Open the '.htaccess' file in the root directory of your website.
  3. Paste the provided code snippet into the file.
  4. Save the file and test the redirection in your browser.

Benefits of HTTPS and www Redirects

Using HTTPS protects sensitive user data and helps build trust with your visitors. Enforcing the 'www' prefix standardizes URLs, improving your site's search engine ranking.

  • Force HTTPS for enhanced security
  • Standardize your website URL structure
  • Improve SEO by preventing duplicate content
  • Provide a consistent user experience