Google considers a secure site with a valid SSL certificate (run under HTTPS) as an SEO ranking factor. If you haven’t already done so you need to move your domain to run under https AND setup relevant http to https 301 redirect .htaccess rules.

In this SEO tutorial you will learn how to setup a .htaccess 301 redirect rule to automatically redirect all traffic from the http://… version of a site to the corresponding https://… version and also learn how to setup relevant WWW or Non-WWW canonical .htaccess rules as well.

Http to Https Htaccess 301 Redirect Rules Tutorial

Http to Https Htaccess 301 Redirect Rules Tutorial

Tweet Above Image

Note: This tutorial is only relevant for website run on an Apache server, if your domain is hosted on a Windows server you’ll need to find another tutorial: I suggest using Google :-)

Setting Up a .htaccess File With Http to Https 301 Redirect Rules

So you have a domain hosted on an Apache server which runs under both http and https (loading http://example.com/ and https://example.com/ versions of your site in a browser stay http and https respectively: AKA no redirection) and want only the https version to show.

Secure https URL in Google Chrome

Secure https URL in Google Chrome

Tweet Above Image

Step One: Check if you already have a .htaccess file in the root of your domain.

There’s multiple ways to check this, you might have a control panel to browse your sites files, I use Filezilla (free FTP program). It’s a simple case of login to your server using Filezilla, browse to the root of the domain (where your main files for domain.com/ are: could be under /public_html/ or /www/) and check if there’s a file called .htaccess.

Check for a .htaccess File with Filezilla FTP Program

Check for a .htaccess File with Filezilla FTP Program

Tweet Above Image

Note: Some FTP programs don’t show .htaccess files by default, they consider them hidden files and hide them from you!

As you can see in the screenshot above (for this domain) a .htaccess file exists, to modify it I downloaded it to my PC with Filezilla. If your site lacks a .htaccess file they are a pain to create, a .htaccess file is just a text file with an unusual filename (files tend not to start with a dot .). Not many text editors can create .htaccess files, so if a site lacks one I modify an existing htaccess file like this Downloadable .htaccess File : the zip file contains an almost empty .htaccess file (just has one line RewriteEngine On.

Step Two: Download your sites root .htaccess file, or if you are missing a root .htaccess file download the almost empty one above (or other examples below).

Load the .htaccess file in a text editor (Notepad is OK for this, but can strip carriage returns: I use Notepad ++, it’s free) or if your Apache server has an option to edit files online (via a control panel for example) you could use that feature and check it’s contents.

This site runs under WordPress with pretty permalinks so had a .htaccess file with some default WordPress permalink rules, if you are running default WordPress it will probably look something like this:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

With default WordPress (with permalinks enabled) the above is all you’ll find in the .htaccess file. Don’t touch these rules, if later you install a caching plugin like W3 Total Cache (really good plugin for SEO performance reasons) the plugin modifies the WordPress rules.

We’ll be adding our new http to https redirection rules ABOVE the WordPress rules because we want the new rules to activate BEFORE WordPress.

Does Your Site Run Under A WWW or Non-WWW URL?

Most servers are setup to automatically output a site in both WWW and Non-WWW versions, what this means is when loading a site via http://www.domain.com and http://domain.com (or the corresponding https versions) the same content loads. If setting up a new site it’s generally best to use the non-WWW version, but if your site is already running under the WWW version don’t worry, it’s not a big deal.

If your site is already setup to deal with canonical URL issues (check by loading both the http://www.domain.com and http://domain.com versions and see if the URL changes on the preferred version) remove lines four and five from the rules below. If both WWW and Non-WWW URLs load with no redirection use all five lines of .htaccess rules.

Step 3: Choose a relevant instruction below.

There’s different .htaccess rules for a WWW and Non-WWW site, so use the appropriate instructions below.

My Site Runs Under http://www.domain.com

We are going to setup two .htaccess rules, one rule-set to deal with all HTTP traffic (redirect it to HTTPS) and another rule-set to redirect the Non-WWW URLs to the WWW version of the site.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www.example.com$
RewriteRule (.*) https://www.example.com/$1 [L,R=301]

The first line RewriteEngine On is required, there has to be a line with this on ABOVE our new rule-sets, if it already exists at the top there’s no need to add it again (it won’t cause a problem if it’s repeated, but the repeat isn’t required).

Lines two and three are the first rule-set for automatically 301 redirecting all HTTP traffic to HTTPS. These two lines require no modification.

Lines four and five are a rule-set to automatically 301 redirect all Non-WWW traffic to the WWW version of the site. These two lines require modification, replace example.com with your-domain-name.tld.

Add these five lines to the top of your .htaccess file, save it and upload it over your existing .htaccess file.

Any webpage under http or the Non-WWW version of the site will load the corresponding https WWW version of the webpage.

Downloadable https WWW .htaccess File

My Site Runs Under http://domain.com

We are going to setup two .htaccess rules, one rule-set to deal with all HTTP traffic (redirect it to HTTPS) and another rule-set to redirect the WWW URLs to the Non-WWW version of the site.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^example.com$
RewriteRule (.*) https://example.com/$1 [L,R=301]

The first line RewriteEngine On is required, there has to be a line with this on ABOVE our new rule-sets, if it already exists at the top there’s no need to add it again (it won’t cause a problem if it’s repeated, but the repeat isn’t required).

Lines two and three are the first rule-set for automatically 301 redirecting all HTTP traffic to HTTPS. These two lines require no modification.

Lines four and five are a rule-set to automatically 301 redirect all WWW traffic to the Non-WWW version of the site. These two lines require modification, replace example.com with your-domain-name.tld.

Add these five lines to the top of your .htaccess file, save it and upload it over your existing .htaccess file.

Any webpage under http or the WWW version of the site will load the corresponding https Non-WWW version of the webpage.

Downloadable https Non-WWW .htaccess File

I use these rules on this site, you will find:

  • http://seo-gold.com/ redirects to https://seo-gold.com/
  • http://www.seo-gold.com/ redirects to https://seo-gold.com/
  • https://www.seo-gold.com/ redirects to https://seo-gold.com/

Update Google Webmaster Tools and Google Analytics to Use https

If you haven’t already done so change Google Webmaster Tools and Google Analytics to use the https version of the site.

David Law

David Law
*
: Freelance SEO Consultant with 15+ years Search Engine Marketing experience...

Website - SEO Gold