How Do I Make My Website Always Secure?
There are two options to make your website always secure. Both options use the .htaccess file to redirect visitors to HTTPS (secure), since websites send visitors to HTTP (non-secure) by default.
Option 1: Redirect to HTTPS with non-www
This option is used when you want to force the website to exclude the www from your Web address (see example URL below).
https://yourdomain.com/
The following code snippet should be added to the top of your .htaccess file:
# Redirect www to non-www
RewriteCond %{HTTP_HOST} ^www\.(.*)$
RewriteRule ^(.*)$ https://%1%{REQUEST_URI} [R=301,L]
# Redirect to HTTPS
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Option 2: Redirect to HTTPS with www
This option is used when you want to force the website to include the www in your Web address (see example URL below).
https://www.yourdomain.com/
The following code snippet should be added to the top of your .htaccess file:
# Redirect non-www to www
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Redirect to HTTPS
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Note: For WordPress websites, in WordPress Settings -> General, the “WordPress Address (URL)” and “Site Address (URL)” fields need to be changed from http to https (see example screenshot below).
Deadline: Google Chrome has announced the following change to how Chrome handles HTTP (non-secure) websites:
For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as "not secure". Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as "not secure".
Developers have been transitioning their sites to HTTPS and making the web safer for everyone. Progress last year was incredible, and it’s continued since then:
- Over 68% of Chrome traffic on both Android and Windows is now protected
- Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
- 81 of the top 100 sites on the web use HTTPS by default
To learn more about the Google Chrome Web browser change, visit:
https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html
Please let us know if you have any questions or need further help.