Without HTTPS active, even with an installed certificate, your site will not be correctly secured using SSL/TLS. Therefore, it’s important it is enabled to reap the benefits of having an SSL/TLS certificate.
Why should I force HTTPs on my site?
HTTPS is the secure version of HTTP. Alongside SSL, it helps ensure that privacy and data integrity is maintained across your site.
The importance of both HTTPS and SSL is well documented. Browsers such as Google Chrome and Mozilla Firefox will show sites as untrustworthy or dangerous if they are not active.
After you have added this text to your .htaccess file, save it.
You can test if it was successful through entering the site URL in your browser.
.htaccess is a dot file, these files are hidden by default. To access the file, you will first need to enable viewing of hidden or dot files within the settings area of your chosen panel or FTP software.
For example, in cPanel, hidden files are enabled by clicking the settings cog.
Forcing HTTPs in cPanel
If you have cPanel you can choose to use the AutoSSL feature which will automatically install an SSL certificate and enable forced HTTPS.
Firstly, login to your cPanel control panel, navigating to “SSL/TLS Status” in the Security section.
From here, you can select the domain you’d like to install an SSL on.
Finally, Run AutoSSL sit back and relax whilst it runs.
When it completes successfully, the page will update with a success notification.
cPanel will then request a certificate from the issuing authority.
If successful, it will be visible in AutoSSL.
Forcing HTTPs in Plesk
If you have Plesk, you can avoid manual modifications of .htaccess.
Firstly, login to Plesk control panel and click Websites & Domains in the left sidebar.
From here, choose the domain to configure and click Hosting Settings
Select SSL/TLS support and Permanent SEO-safe 301 redirect from HTTP to HTTPS checkboxes under Security
Select corresponding SSL certificate from the Certificate drop-down list
Finally, Confirm the changes by clicking the OK button