After you’ve enabled SSL for your website, you’ll probably want to redirect all traffic on your website to the https version of your site. There are multiple ways to do that. Let’s compare some commonly used ways.
Using script configuration
Some scripts (including Wordpress) have a setting which allows you to set your website URL. By changing this URL from http://example.com to https://example.com, the script will probably redirect visitors to the https version of your site. Even if your script does not redirect people, it’s still highly recommended to check if your script has a setting for the URL because it will prevent other problems with links on your page.
Using .htaccess
Probably the most common way to force traffic to https is by redirecting requests using .htaccess. The .htaccess is a simple text file simply called ‘.htaccess’ which contains additional settings passed to the web server to support some more complicated functionality. If you are using a script created by other people (including CMS like Wordpress), you can probably find a .htaccess file already in the htdocs folder of your website. If you don’t have a .htaccess file yet, you can create a file using the File Manager with the file name .htaccess. Using the File Manager is recommended, some systems (especially Windows) don’t work well with .htaccess files.
After you’ve found or created your .htaccess file, you can edit it in the File Manager or using any text editor (like Notepad). You need to add the following lines to the file:
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:CF-Visitor} !{"scheme":"https"}
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Using Cloudflare settings
If you’re using Cloudflare on your website, you can let Cloudflare enforce HTTPS for you. Simply login to Cloudflare’s website, go to the Crypto settings for your domain, and enable “Always use HTTPS”.
Final notes on forcing HTTPS
If your website doesn’t work anymore after applying any of these settings, there are a few common issues you should check for.
If your website does not display any content at all or shows a 500 - Internal Server Error and you’re using the .htaccess method, that means there is an error in your .htaccess file. Please make sure you copied the content exactly as shown above. If you’re sure it’s correct, you can try getting help in the forum. If you do, be sure to include the contents of your .htaccess file in the message.
If your website does show content but is missing styles, scripts or images, those files are probably linked to with http:// urls instead of https:// urls. Most browsers block requests to http:// content on https:// pages for security reasons. Check your script settings (if applicable) or update your pages to ensure only https:// urls are used on the page.