How to Force HTTPS on Your Website
With your free SSL certificate active, the final step is sending every visitor to the https:// version automatically — one toggle in cPanel does it.
Step-by-step
- Confirm SSL is valid first: Security → SSL/TLS Status must show a green lock for the domain (see AutoSSL). Forcing HTTPS without a certificate locks visitors out with warnings.
- Open Domains → Domains in cPanel.
- Switch on "Force HTTPS Redirect" for the domain. That is it — all http:// requests now 301-redirect to https://.
- Alternative (.htaccess): if you prefer a manual rule, add to the top of public_html/.htaccess:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L] - Fix mixed content. If the padlock shows a warning after switching, some images/scripts still load over http:// — update those URLs in your pages to https:// or relative paths.
- Test: type the plain http:// address in a private window and confirm it lands on https:// with a clean padlock.
💡 Good to know
- Use either the toggle or the .htaccess rule — not both.
- Update any hard-coded http:// links inside your own content for cleanliness and SEO.
- Search engines treat HTTPS as a ranking signal — forcing it sitewide is good SEO as well as good security.