What are http and https?
Hypertext Transfer Protocol (HTTP) and Hypertext Transfer Protocol Secure (HTTPS) are protocols that allow computers to send and receive information, such as text, images or videos, over the Internet.
For example, a site uses visitors browser http or https to request the page and its content from the site’s server. The server sends the data back and the browser shows the site.
HTTPS is the safe version of HTTP and uses an SSL Secure Socket Layer (SSL) or Transport Layer Security (TLS) certificate to encrypt data.
Encryption protects data (such as passwords or credit card numbers) during transfer.
Here is an illustration of how https works:
Why do you need to redirect http to https?
You need to redirect HTTP to HTTPS because it protects sensitive information and can increase your site’s ability to rank (appear) high in the search engine results (SERPs).
A proper redirection sends traffic from the non-secure HTTP version of your site to the secure HTTPS one.
If you buy an SSL certificate from your hosting provider, your host will usually handle the redirection automatically.
But you may need to force the redirection manually if you have a custom setup.
The exact process can vary based on the type of server you use, so we go over a handful of ways to do this.
How To Director You Redirect HTTP to HTTPS in WordPress
You can redirect HTTP to HTTPS in WordPress with a plugin or by editing your files manually.
How to do both:
Using a plugin
WordPress plugins that really simple security offer non-coding solutions for redirecting from HTTP to HTTPS.
How to use it:
Log in to your WordPress account. Go to “Plugins“And search for” Really simple security. “
Click “Install now”And the assets the plugin when the installation is completed.
Follow the plugin’s onboarding guide. It will ask you to provide information as your host and e -mail address to test the configuration.
Your site must automatically forward users and search engines to the HTTPS version of your site after completing the onboarding current.
Editing WordPress files manually
Manually Edit WordPress files if you prefer a practical approach or if your hosting environment does not allow a plugin.
Go to your WordPress -dashboard to get started.
Click “Settings“Choose”General“And find“ WordPress address (URL) and “Site Address (URL). “
Replace “http: //” with “https: //” in both URL fields.
Click “Save changes. “
Then edit your configuration files (ie files used to customize your web server).
Then what you need to edit depends on which server is hosting your site:
- For an apache -server: Edit your .htaccess file (a configuration file often found in your root directory) with this code:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
- For a Windows IIS server: Update Web.Config file (a configuration file usually found in your root catalog)
To set up an HTTP -OME DIRECTION IN NGINX
You can configure redirects to NGINX (an open source web server software) by adding rules to your configuration files.
Here are two different ways to create redirects in NGINX:
Redirecting all HTTP Web sites to HTTPS
Redirecting all HTTP places to HTTPS is ideal when you have multiple domains under a specific NGINX configuration and several SSL certificates.
Follow these instructions:
- Open your NGINX Configuration (NGINX.CONF) file or appropriate server block file usually found in “/etc/nginx/.” If the file is not found, you may need to create a new one.
- Add a server block (code) to the configuration file to capture all traffic on port 80 (traffic coming through the HTTP version of your sites) and redirects traffic to the HTTPS version:
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
- Add another server block that listens to port 443 with your SSL certificate information for each domain:
server {
listen 443 ssl;
server_name www.example.com;
ssl_certificate www.example.com.crt;
ssl_certificate_key www.example.com.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
...
}
- Find your server terminal and test your configuration by running the command
sudo nginx -t. The output shows you if you have any errors so you know what to solve.
- If your test is successful, you need to reload NGINX so your changes take effect by running the command
sudo systemctl reload nginx
Redirecting specific sites
Redirect specific sites if you have multiple apps or sites and do not require an SSL certificate for each one.
Here’s how:
- Open your NGINX configuration (NGINX.CONF) file or the relevant server block file usually found in “/etc/nGinx/.” If the file is not found, you may need to create a new one.
- Add this server block to the configuration file to redirect http traffic to https
server {
listen 80;
server_name example.com;
return 301 https://example.com$request_uri;
}
- Find your server terminal and test your configuration by running the command
sudo nginx -t. The output shows you if you have any errors so you know what to solve.
- If your test is successful, you need to reload NGINX so your changes take effect by running the command
sudo systemctl reload nginx
How to redirect to https in Windows IIS
Redirect HTTP to HTTP in Windows IIS (a web software server from Microsoft) by editing your web.Config file.
Follow these steps:
- Download and Install (Download IIS -url -Writing Module if you have not installed it). Then open your IIS manager.
- Select your site from the menu on the left. And click “URL rewriting. “
- Click “Add rule (s) …“Choose”Blank rule“Then name your rule.
- Set the fields to “Matches the pattern””Regular expression“And” (.*) “And mark the check box next to” Ignore the case. “
- In the next window, set the fields to “{https},” ”Matches the pattern“And“^off $. “And tick the check box next to” Ignore the matter. “
- When you come to the “Action” section, select “Redirect“Under“ Action Type ”and set the destination to“ https: // {http_host}/{r: 1}. “And check the check box next to” Add query string. “
- Click “Apply. “
How to make an http -om -riing in Apache
Create HTTPS -Director of Apache using an Apache -Virtual host or change of .htaccess file.
Redirect with Apache Virtual Host
Redirecting with Apache Virtual Host if you have full control over your server configuration files and want to manage files at server level.
Here’s how:
- Open your virtual host file in a text. Virtual host files are usually found in “/etc/apache2/sites-accessible/.” The file name often corresponds to your domain (eg, “yourdomain.conf”)
- Create a virtual host on port 80 by adding this block to your file:
ServerName yourdomain.com
Redirect 301 / https://yourdomain.com/
- Make sure there is a virtual host block with your SSL certificate information. This block can be in the same file you are working on or in a separate file. Add this block if you do not have a virtual host block:
ServerName yourdomain.com
SSLEngine on
SSLCertificateFile /path/to/your/certificate.crt
SSLCertificateKeyFile /path/to/your/certificate.key /path/to/your/certificate.key
- Save and close the configuration file
- Restart Apache for the changes to take effect
Redirect with .htaccess
You can redirect HTTP to HTTPS with a .htaccess file if you do not have access to your server configuration files.
Follow these steps:
- Find .htaccess -Filen in your site’s root catalog
- Open the file and add this code:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
- Save the file and check to make sure the redirection is working. If it does not, you may need to talk to your host and ask them to configure your server to allow .htaccess override in Apache’s most important configuration file.
To verify the HTTPS version of your site
Confirmation of the HTTPS version of your site ensures that the redirection works and will point both users and search engines to the right version.
To do this, enter both the HTTP and HTTPs versions of your domain in a browser bar. You should end up on the HTTPS version in both cases.
Then check the HTTPS version of your site in Google Search Console to make sure you can track performance correctly:
- Go to Search Console, Log In and add a new feature using your https -url -prefix (for example “https://yourdomain.com/”). Then click “Continue. “
- Complete verification of ownership using the recommended method
- Click on the roller to see that your site is verified. Confirmed sites appear at the top of the list.
Check your https implementation for problems
Moving to HTTPs can sometimes lead to unexpected problems such as mixed content (when the content is loaded into HTTP and HTTPS), which you can find with Semrush’s site revision tool.
Once you have configured Website Auditing, click “See details“Under https.
The tool brings you to a page with a list of problems you might solve.
For example, the audit below shows that the site has an HTTP -URL in its sitemap (ie a file describing the structure of the site).
Click “Why and how to solve it“Next to any question that is marked to learn about it and how to solve the problem.
Regular revisions like this can ensure that your site remains secure, fully optimized and reliable to your visitors.
Want to check your HTTPS implementation?
Try Site Audit for free.