.svg)
What Are HTTP and HTTPS?
Hypertext Transfer Protocol (HTTP) and Hypertext Transfer Protocol Secure (HTTPS) are protocols that allow computers to send and receive information, such as text, images, or videos, over the internet.
For example, a website visitor’s browser uses HTTP or HTTPS to request the page and its content from the website’s server. The server sends the data back, and the browser displays the website.
HTTPS is the secure version of HTTP and uses an SSL Secure Sockets Layer (SSL) or Transport Layer Security (TLS) certificate to encrypt data.
Encryption protects data (like passwords or credit card numbers) during transfer.
Here’s an illustration of how HTTPS works:
Why Should You Redirect HTTP to HTTPS?
You should redirect HTTP to HTTPS because it protects sensitive information and can boost your website’s ability to rank (appear) high in search engine results pages (SERPs).
A proper redirect sends traffic from the non-secure HTTP version of your site to the secure HTTPS one.
If you buy an SSL certificate from your hosting provider, your host will usually handle the redirect automatically.
But you might need to force the redirect manually if you have a custom setup.
The exact process can vary based on the type of server you use, so we’ll go over a handful of ways to do this.
How to Redirect HTTP to HTTPS in WordPress
You can redirect HTTP to HTTPS in WordPress with a plugin or by editing your files manually.
Here’s how to do both:
Using a Plugin
WordPress plugins like Really Simple Security offer no-code solutions to redirect from HTTP to HTTPS.
Here’s how to use it:
Log in to your WordPress account. Head to “Plugins” and search for “Really Simple Security.”
Click “Install Now” and activate the plugin after installation is complete.
Follow the plugin’s onboarding wizard. It will ask you to provide information like your host and email address to test the configuration.
Your site should automatically forward users and search engines to the HTTPS version of your site once you’ve completed the onboarding flow.
Editing WordPress Files Manually
Edit WordPress files manually if you prefer a hands-on approach or if your hosting environment won’t allow a plugin.
Go to your WordPress dashboard to get started.
Click “Settings,” select “General,” and locate “WordPress Address (URL)” and “Site Address (URL).”
Replace “http://” with “https://” in both URL fields.
Click “Save Changes.”
Then, you’ll need to edit your configuration files (i.e., files used to customize your web server).
Then file you need to edit depends on which server hosts your website:
- For an Apache server: Edit your .htaccess file (a configuration file often found in your root folder) with this code:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]- For a Windows IIS server: Update the web.config file (a configuration file usually found in your root directory)
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Force HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>How to Set Up an HTTP Redirect in Nginx
You can set up redirects for Nginx (an open-source web server software) by adding rules to your configuration files.
Here are two different ways to set up redirects in Nginx:
Redirecting All HTTP Sites to HTTPS
Redirecting all HTTP sites to HTTPS is ideal when you have multiple domains under a particular Nginx configuration and multiple SSL certificates.
Follow these instructions:
- Open your Nginx configuration (nginx.conf) file or the relevant server block file, usually found in “/etc/nginx/.” If the file doesn’t exist, you may need to create a new one.
- Add a server block (code) to the configuration file to catch all traffic on port 80 (traffic coming through the HTTP version of your sites) and redirect traffic to the HTTPS version:
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}- Add another server block listening on port 443 with your SSL certificate details for each domain:
server {
listen 443 ssl;
server_name www.example.com;
ssl_certificate www.example.com.crt;
ssl_certificate_key www.example.com.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
...
}- Locate your server’s terminal and test your configuration by running the command
sudo nginx -t. The output will show you if you have any errors, so you know what to fix.
- If your test is successful, reload Nginx, so your changes take effect by running the command
sudo systemctl reload nginx
Redirecting Specific Sites
Redirect specific sites if you have multiple apps or sites and don’t require an SSL certificate for each one.
Here’s how:
- Open your Nginx configuration (nginx.conf) file or the relevant server block file, usually found in “/etc/nginx/.’ If the file doesn’t exist, you may need to create a new one.
- Add this server block to the configuration file to redirect HTTP traffic to HTTPS
server {
listen 80;
server_name example.com;
return 301 https://example.com$request_uri;
}- Locate your server’s terminal and test your configuration by running the command
sudo nginx -t. The output will show you if you have any errors so you know what to fix.
- If your test is successful, reload Nginx, so your changes take effect by running the command
sudo systemctl reload nginx
How to Redirect to HTTPS in Windows IIS
Redirect HTTP to HTTP in Windows IIS (a web software server from Microsoft) by editing your web.config file.
Follow these steps:
- Download and install the (download the IIS URL Rewrite Module if you haven’t installed it). Then, open your IIS manager.
- Select your site in the menu to the left. And click “URL Rewrite.”
- Click “Add Rule(s)…,” choose “Blank Rule,” then name your rule.
- Set the fields to “Matches the Pattern,” “Regular Expressions,” and “(.*)” And check the box next to “Ignore case.”
- In the next window, set the fields to “{HTTPS},” “Matches the Pattern,” and “^OFF$.” And check the box next to “Ignore case.”
- Once you get to the “Action” section, choose “Redirect” under “Action type” and set the destination to “https://{HTTP_HOST}/{R:1}.” And check the box next to “Append query string.”
- Click “Apply.”
How to Do an HTTP Redirect in Apache
Set up HTTPS redirection in Apache by using an Apache Virtual Host or modifying the .htaccess file.
Redirecting with Apache Virtual Host
Redirect with Apache Virtual Host if you have full control over your server’s configuration files and want to manage files at the server level.
Here’s how:
- Open your Virtual Host file in a text editor. Virtual Host files are usually found in “/etc/apache2/sites-available/.” The file name often corresponds to your domain (e.g., “yourdomain.conf”)
- Set up a Virtual Host on port 80 by adding this block to your file:
<VirtualHost *:80>
ServerName yourdomain.com
Redirect 301 / https://yourdomain.com/
</VirtualHost>- Make sure a Virtual Host block with your SSL certificate details exists. This block may be in the same file you're working on or in a separate file. Add this block if you don’t have a Virtual Host block:
<VirtualHost *:443>
ServerName yourdomain.com
SSLEngine on
SSLCertificateFile /path/to/your/certificate.crt
SSLCertificateKeyFile /path/to/your/certificate.key /path/to/your/certificate.key </VirtualHost>- Save and close the configuration file
- Restart Apache for the changes to take effect
Redirecting with .htaccess
You can redirect HTTP to HTTPS with an .htaccess file if you don’t have access to your server’s configuration files.
Follow these steps:
- Locate the .htaccess file in your site’s root directory
- Open the file and add this code:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]- Save the file and check to make sure the redirect works. If it doesn’t, you may need to speak with your host and ask them to configure your server to allow .htaccess overrides in Apache’s main configuration file.
How to Verify the HTTPS Version of Your Site
Verifying the HTTPS version of your site ensures that the redirect works and will point both users and search engines to the correct version.
To do this, enter both the HTTP and HTTPS versions of your domain into a browser bar. You should end up on the HTTPS version in either case.
Next, verify the HTTPS version of your site in Google Search Console to make sure you can properly track performance:
- Go to Search Console, sign in, and add a new property using your HTTPS URL prefix (for example, “https://yourdomain.com/”). Then click “Continue.”
- Complete ownership verification using the recommended method
- Click the drop-down to see that your website has been verified. Verified sites appear at the top of the list.
Check Your HTTPS Implementation for Issues
Moving to HTTPS can sometimes lead to unexpected problems like mixed content (when content loads in HTTP and HTTPS), which you can find with Semrush’s Site Audit tool.
After configuring Site Audit, click “View details” under HTTPS.
The tool will bring you to a page with a list of issues you may want to fix.
For example, the audit below shows the site has an HTTP URL in its sitemap (i.e., a file outlining the structure of the site).
Click “Why and how to fix it” next to any issue that’s flagged to learn about it and how to address the problem.
Regular audits like this can ensure your site remains secure, fully optimized, and reliable for your visitors.
Want to check your HTTPS implementation?
Try Site Audit for free.