Google considers a secure website with a valid SSL certificate (run under HTTPS) as an SEO ranking factor. If you haven’t already done so you need to setup your domain to run under https AND setup relevant 301 redirect http to https htaccess rules.

In this SEO tutorial you will learn how to setup a .htaccess 301 redirect rule to automatically redirect all traffic from the http://… version of a site to the corresponding https://… version and also learn how to setup relevant WWW or Non-WWW canonical .htaccess rules as well.

Redirect HTTP to HTTPS Htaccess Downloads
Redirect HTTP to HTTPS Htaccess Downloads

Note: This tutorial is only relevant for websites run on an Apache server, if your domain is hosted on a Windows server you’ll need to find another tutorial: I suggest using Google :-)

Also see how to move a WordPress site from http to https tutorial.

Setup 301 Redirect Htaccess HTTP to HTTPS Rules

So you have a domain hosted on an Apache server which runs under both http and https (loading http://example.com/ and https://example.com/ versions of your website in a browser stays http and https respectively: AKA no redirection) and want only the https version to show.

Your website needs an .htaccess file with the relevant 301 redirect http to https rules.

Secure https URL in Google Chrome
Secure https URL in Google Chrome

Step One: Check if you already have a .htaccess file in the root of your domain.

There’s multiple ways to check this, you might have a control panel to browse your sites files, I’ll use Filezilla (free FTP program, very popular). It’s a simple case of login to your server using Filezilla, browse to the root of the domain (where your main files for domain.com/ are: could be under /public_html/ or /www/) and check if there’s a file called .htaccess.

Check for a .htaccess File with Filezilla FTP Program
Check for a .htaccess File with Filezilla FTP Program

Note: Some FTP programs don’t show .htaccess files by default, they consider them hidden files and hide them from you!

As you can see in the screenshot above (for this domain) a .htaccess file exists, to modify it I downloaded it to my PC with Filezilla.

If your website lacks a .htaccess file they are a pain to create, a .htaccess file is just a text file with an unusual filename (files tend not to start with a dot .). Not many text editors can create .htaccess files, so if a website lacks one I modify an existing htaccess file like this Downloadable .htaccess File : the zip file contains an almost empty .htaccess file (just has one line RewriteEngine On.

Step Two: Download your sites root .htaccess file, or if you are missing a root .htaccess file download the almost empty one above (or other examples below).

Load the .htaccess file in a text editor (Notepad is OK for this, but can strip carriage returns: I use Notepad ++, it’s free) or if your Apache server has an option to edit files online (via a control panel for example) you could use that feature and check it’s contents.

Default WordPress .htaccess File
Default WordPress .htaccess File

This site runs under WordPress with pretty permalinks so had a .htaccess file with some default WordPress permalink rules, if you are running default WordPress it will probably look something like this:

# BEGIN WordPress
<ifmodule mod_rewrite.c="">
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</ifmodule>
# END WordPress

With default WordPress (with SEO friendly permalinks enabled) the above is all you’ll find in the .htaccess file. Don’t touch these default WordPress rules, if later you install a caching plugin like W3 Total Cache (really good plugin for SEO performance reasons) the plugin modifies the WordPress rules.

If you are having problems creating the WordPress .htaccess file, Download the Default WordPress .htaccess File. This is only suitable for standard WordPress installs, it’s not suitable for multi-site WordPress installations.

We’ll be adding our new http to https redirection rules ABOVE the WordPress rules because we want the new rules to activate BEFORE WordPress.

Does Your Site Run Under A WWW or Non-WWW URL?

Most servers are setup to automatically output a site in both WWW and Non-WWW versions, what this means is when loading a site via http://www.example.com and https://example.com (or the corresponding https versions) the same content loads. If setting up a new site it’s generally best to use the non-WWW version, but if your site is already running under the WWW version don’t worry, it’s not a big deal.

If your site is already setup to deal with canonical URL issues (check by loading both the http://www.example.com and http://example.com versions and see if the URL changes on the preferred version) remove lines four and five from the rules below. If both WWW and Non-WWW URLs load with no redirection use all five lines of .htaccess rules.

Step Three: Choose a relevant instruction below.

There’s different .htaccess rules for a WWW and Non-WWW site, so use the appropriate instructions below.

My Site Runs Under http:///www.example.com

Update: I moved this article to a domain which is NON-WWW.

We are going to setup two .htaccess rules, one rule-set to deal with all HTTP traffic (redirect it to HTTPS) and another rule-set to redirect the Non-WWW URLs to the WWW version of the site.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www.example.com$
RewriteRule (.*) https://www.example.com/$1 [L,R=301]

The first line RewriteEngine On is required, there has to be a line with this on ABOVE our new rule-sets, if it already exists at the top there’s no need to add it again (it won’t cause a problem if it’s repeated, but the repeat isn’t required).

Lines two and three (pasted below) are the first rule-set for automatically 301 redirecting all HTTP traffic to HTTPS. These two lines require no modification.

RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Lines four and five (pasted below) are a rule-set to automatically 301 redirect all Non-WWW traffic to the WWW version of the site. These two lines require modification, replace example.com with your-domain-name.tld.

RewriteCond %{HTTP_HOST} !^www.example.com$
RewriteRule (.*) https://www.example.com/$1 [L,R=301]

Add these five lines to the top of your .htaccess file, save it and upload it over your existing .htaccess file.

Any webpage under http or the Non-WWW version of the site will load the corresponding https WWW version of the webpage.

Downloadable https WWW .htaccess File

My Site Runs Under http://example.com

We are going to setup two .htaccess rules, one rule-set to deal with all HTTP traffic (redirect it to HTTPS) and another rule-set to redirect the WWW URLs to the Non-WWW version of the site.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^example.com$
RewriteRule (.*) https://example.com/$1 [L,R=301]

The first line RewriteEngine On is required, there has to be a line with this on ABOVE our new rule-sets, if it already exists at the top there’s no need to add it again (it won’t cause a problem if it’s repeated, but the repeat isn’t required).

Lines two and three (pasted below) are the first rule-set for automatically 301 redirecting all HTTP traffic to HTTPS. These two lines require no modification.

RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Lines four and five (pasted below) are a rule-set to automatically 301 redirect all WWW traffic to the Non-WWW version of the site. These two lines require modification, replace example.com with your-domain-name.tld.

RewriteCond %{HTTP_HOST} !^example.com$
RewriteRule (.*) https://example.com/$1 [L,R=301]

Add these five lines to the top of your .htaccess file, save it and upload it over your existing .htaccess file.

Any webpage under http or the WWW version of the site will load the corresponding https Non-WWW version of the webpage.

Downloadable https Non-WWW .htaccess File

I use these rules on this site, you will find:

  • http://seo-gold.com/ redirects to https://seo-gold.com/
  • http://www.seo-gold.com/ redirects to https://seo-gold.com/
  • https://www.seo-gold.com/ redirects to https://seo-gold.com/

After uploading the new .htaccess file the easiest way to test your website is load your websites home page with the three URL structures http, https, www & non-www URLs, if the new 301 redirect http to https htaccess rules are working they will all load the same URL.

Update Google Search Console and Google Analytics to Use https

If you haven’t already done so change Google Search Console and Google Analytics to use the https version of the site.

Downloadable .htaccess Files

In the http to https Htaccess 301 Redirect Rules Tutorial above there’s links to three downloadable .htaccess files, below is a copy of those links for easy access.

The first file is an almost empty .htaccess file. The 2nd file is htaccess rules to 301 redirect http to https with canonical support for websites which have www. in the URL. The 3rd file is htaccess rules to 301 redirect http to https with canonical support for websites which have do NOT have www. in the URL.

David Law

*
David Law : Technical SEO Expert with 20+ years Online Business, SEO, Search Engine Marketing and Social Media Marketing experience... Creator of multiple WordPress SEO Themes and SEO Plugins. Interests: wildlife, walking, environmental issues, politics, economics, journalism, consumer rights.

Website - SEO Gold Services