This article will help you redirect your website from HTTP to HTTPS protocol. Securing a website with an SSL certificate is not enough to protect your website as intruders can still access your website on an unsecured HTTP protocol just by typing http:// before your website URL.

Therefore, to avoid this intervention from intruders, you need to force HTTPS redirection using the Cloudways Platform, which means that a 301 permanent redirect will be created to redirect users from an unsecured HTTP version of your website to a secured HTTPS version.

Important

If you are using any WAF services such as Cloudflare, Sucuri, etc or if you are implementing any Custom HTTPS redirection using any application plugin, or by modifying the .htaccess file of your application, then you do not need to force HTTPS redirection from Cloudways Platform because your website may run into errors or get stuck in redirection loops because of too many redirects. But, if you want to force HTTPS redirection from the Cloudways Platform, then you need to disable any redirection mechanism working elsewhere first and then follow this article for guidance.

What is HTTP?

HTTP stands for Hypertext Transfer Protocol. It is the underlying application layer protocol used primarily on the World Wide Web (www). It enables the users of the World Wide Web to communicate and exchange information found on web pages such as images, videos, and text, etc.

Having HTTP in front of a website (e.g., http://www.anotherwebsite.ga) tells the internet browser to communicate over HTTP protocol, which means data exchanged/transferred over HTTP is not encrypted and considered unsecured; therefore, web browsers generate warning of unsecured connection as well.

For instance, this website is requested over HTTP, and the Google Chrome browser shows a “Not secure” warning.

What is HTTPS?

HTTPS refers to Hypertext Transfer Protocol Secure. It is a more secure version of the HTTP protocol as it involves the use of Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL); thus, the communication and data exchange between a web browser and website is more secure and encrypted.

Having HTTPS in front of a website (e.g., https://www.anotherwebsite.ga) tells the internet browser to communicate over HTTPS protocol, which means data exchanged/transferred over HTTPS is safe and encrypted; therefore, web browsers generate padlock to show secureness.

For instance, this website is requested over HTTPS, and the Google Chrome browser shows a padlock.

Why Migrate to HTTPS?

HTTPS is currently a widely used application layer protocol over the World Wide Web, and here are several reasons why you should migrate to HTTPS.

  • Hacking a website running on the HTTP protocol is as easy as installing a browser plugin. If your site is hacked, then an intruder can steal your login credentials and much sensitive information. The intruder can also inject malicious code and Trojan Horse viruses, which can destroy your website visitor’s experience and can also damage the trust of a user in your business.

  • HTTPS is more secure, and it is highly recommended to have an SSL certificate and to run your websites and eCommerce stores on HTTPS as they are processing sensitive information so any flaw in this system can cause calamity. Moreover, many browsers generate warnings if the connection between a browser and website is unsecured, which can lead to users’s not being confident in doing business on your website.

  • The ranking boost may sound a good increment for your business when your website is running on HTTPS, as Google gives preference to secures websites running on HTTPS than unsecured websites running on HTTP.

  • Google Analytics is one of the world’s great analytics services. Still, it can show wrong referral statistics if any user is coming on your HTTP website from the HTTPS website because that traffic is treated as the “Direct Traffic.” But, if someone goes from the HTTPS website to the HTTPS website, then only the correct referral statistics can be obtained, and you can easily keep track of referral statistics.

How to Redirect HTTP to HTTPS

Here are a few steps that can help your website to redirect to HTTPS.

Step# 1

Before making an HTTP to HTTPS redirect, you need to make sure that the SSL Certificate is deployed on your website. The following kinds of SSL Certificates can be installed using the Cloudways Platform.

Free Let’s Encrypt SSL Certificate.

Free Let’s Encrypt Wildcard SSL Certificate.

Custom SSL Certificate.

Tip

Click Here if you would like to what SSL Certificate is and what are the differences between Single, Multiple, and Wildcard SSL.

Important

If you are installing an SSL Certificate the very first time on your web application, then you will also see a dialog box prompting you for forcing HTTPS redirection once the SSL Certificate is successfully deployed so you can also force HTTPS redirection from here by simply clicking on Enable HTTPS button. Else, you may continue reading this article.

Step# 2

Log in to the Cloudways Platform, click on the Servers tab from the top menu bar and choose your target server on which your desired application is deployed.

Next, click on the www icon located on the right-hand side of the server tab.

Select a target application from the drop-down list.

Next, click on the Application Settings option from the left navigation bar and here you will see the HTTPS Redirection option as well. It will be disabled by default if you have not enabled it in the past from here.

Now, toggle on to enable HTTPS redirection.

A dialog box will appear asking for confirmation so after reading the disclaimer, click Yes to proceed with implementing the redirection.

You will also get a notification, once the HTTPS redirection is successfully implemented.

Post-redirection Steps

There are a few steps you need to make sure you execute after forcing the HTTPS redirection for the successful implementation of all the changes.

Step# 1

Clear your browser’s cache and cookies, purge the Varnish cache and restart the Apache web server via Cloudways Platform.

Step# 2

It's time to verify if all the changes are made successfully. You can use any third-party tool such as WhyNoPadlock to see if your website is successfully forcing HTTPS redirection.

Additionally, you can also check the redirect map using a third-party tool called Varvy. You will see the HTTP status code 301 redirect, showing the redirection of your website from HTTP to HTTPS. Here, an HTTP status code 301 Moved Permanently refers to 301 permanent redirect.

Now you can open your website with HTTP, but all your website requests will be served with HTTPS every time. There are some other safety measures that Cloudways recommend you should take after installing an SSL certificate besides HTTPS redirection.

That’s it! We hope this tutorial was helpful. If you need any help, then feel free to search your query on Cloudways Support Center or contact us via chat (Need a Hand > Send us a Message). Alternatively, you can also create a support ticket.

Did this answer your question?