How to Force HTTPS on Your Website
Having an SSL certificate is the first step - but you also need to ensure all visitors are automatically redirected from http:// to https://. Without this redirect, some visitors may still access your site over an insecure connection. This article covers three ways to force HTTPS on Unisolva hosting.
Prerequisites
- An active SSL certificate on your domain (see: How SSL Certificates Work on Unisolva Hosting)
- Access to cPanel or your WordPress dashboard
|
⚠️ Warning Do not force HTTPS before your SSL certificate is active. Redirecting to https:// without a valid certificate will show a security error to all visitors and make your site inaccessible. Verify SSL is working first. |
Method 1 - via cPanel (Recommended, Works for All Sites)
- Log in to cPanel at yourdomain.com/cpanel
- In the Domains section, click Domains
- Find your domain in the list
- Toggle the Force HTTPS Redirect switch to ON
- The redirect takes effect immediately - no page reload or wait required
|
???? Tip This cPanel method works for WordPress sites, static HTML sites, and any other application. It is the simplest and most reliable method on Unisolva hosting. |
Method 2 - via WordPress Settings (WordPress Sites Only)
- Log in to your WordPress dashboard at yourdomain.com/wp-admin
- Go to Settings > General
- Update both the WordPress Address (URL) and Site Address (URL) fields to start with https:// instead of http://
- Click Save Changes
- WordPress will now generate https:// links for all pages, images, and internal links
|
???? Note Changing these URLs alone does not redirect http:// visitors to https://. Combine this step with Method 1 (cPanel redirect) or Method 3 (.htaccess) for full coverage. |
Method 3 - via .htaccess (Advanced)
If the cPanel toggle is not available or you want manual control, you can add a redirect rule directly to your .htaccess file:
- Log in to cPanel and open File Manager
- Navigate to public_html and find the .htaccess file (enable Show Hidden Files if it is not visible)
- Right-click .htaccess and choose Edit - back up the file contents before making any changes
- Add the following lines at the very top of the file, before any existing content:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
- Click Save Changes
- Test by visiting http://yourdomain.com - you should be automatically redirected to https://
|
⚠️ Warning An incorrect .htaccess rule can make your site inaccessible. Always back up the existing .htaccess content before editing. If your site goes down after editing, restore the original content immediately. |
Fixing Mixed Content Warnings
After enabling HTTPS, your browser may still show a "Not Fully Secure" warning even with the padlock. This is caused by mixed content - pages loading some resources (images, scripts, CSS) over http:// instead of https://. To fix this on WordPress:
- Install and activate the Better Search Replace plugin or use the Really Simple SSL plugin
- Use the plugin to search for http://yourdomain.com and replace with https://yourdomain.com across your entire database
- Clear your cache in SpeedyCache Pro after the replacement
- Reload your site in a browser - the padlock should now be fully green with no mixed content warnings
|
???? Tip The Really Simple SSL plugin handles both the HTTPS redirect and mixed content fixes automatically. It is a good one-stop solution for WordPress sites. |
Verify It Worked
- Visit http://yourdomain.com - you should be redirected to https:// automatically
- The browser address bar shows a padlock with no warnings
- In browser developer tools (F12 > Console), there are no mixed content errors
Related Articles
- How SSL Certificates Work on Unisolva Hosting (AutoSSL)
- Troubleshooting SSL Certificate Errors
- How to Speed Up Your WordPress Site with SpeedyCache Pro (WordPress category)
