How to Redirect HTTP to HTTPS Automatically
Installing an SSL certificate is only the first half of the battle. Even with a valid certificate, many visitors might still land on the insecure version of your site (http://) out of habit or via old links.
To ensure every visitor is protected by encryption, you need to set up a forced redirect. This automatically sends anyone who types http://yourdomain.com to the secure https://yourdomain.com version.
Method 1: Using the cPanel "Force HTTPS" Toggle (Easiest)
If you are using Nixzoehost Shared Hosting, you can do this with a single click without touching any code.
-
Log in to your cPanel.
-
Go to the Domains section and click on Domains.
-
Find your domain in the list.
-
Locate the Force HTTPS Redirect column.
-
Switch the toggle to ON.
Method 2: Using the .htaccess File (For Advanced Users)
If you are not on a cPanel plan or prefer to manage redirects at the server level, you can edit your .htaccess file. This is the most reliable method for SEO, as it uses a "301 Redirect" (Permanent), telling Google that the secure version is the "official" one.
-
Open the File Manager in cPanel.
-
Go to your
public_htmlfolder. -
Right-click the
.htaccessfile and select Edit. (If you don't see it, click "Settings" in the top-right and check "Show Hidden Files"). -
Paste the following code at the very top of the file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
-
Save Changes.
Method 3: For WordPress Users (Really Simple SSL)
If your site is built on WordPress, you can handle the redirect and fix "Mixed Content" errors simultaneously using a plugin.
-
Log in to your WordPress Dashboard.
-
Go to Plugins > Add New and search for "Really Simple SSL".
-
Install and Activate the plugin.
-
Click the "Go ahead, activate SSL!" button that appears.
-
The plugin will automatically update your site settings and handle the redirection for you.
Why Should You Redirect to HTTPS?
-
Boosts SEO: Google explicitly uses HTTPS as a ranking signal. Sites without a redirect may be penalized in search results.
-
Eliminates "Not Secure" Warnings: Prevents browsers from scaring away visitors with a red "Not Secure" alert in the address bar.
-
Data Protection: It ensures that sensitive data, like login credentials or credit card info, is never sent over an unencrypted connection.
-
PCI Compliance: If you accept payments on your site, a forced HTTPS redirect is a mandatory requirement.
Important Troubleshooting
If you see a "Too Many Redirects" error after setting this up, it usually means there is a conflict between your server settings and a service like Cloudflare.
-
The Fix: If using Cloudflare, ensure your SSL setting is set to "Full" or "Full (Strict)" instead of "Flexible."