If you have SSL enabled on your website but do not force SSL to be used on your website, your website may be at risk. You should have SSL forced on your website to ensure that when visitors access your website it is through an encrypted channel.
Depending on the website platform and builder you use, you may be required to take different steps than what is outlined below.
Edit the htaccess File
If your website is running on a linux server and you have access to the files using an FTP client, you can try the following.
- Connect to your server with an FTP client.
- Look in the root directory of your website for a file that says . htaccess then download it and make a backup copy of it.
- Copy the following code:
RewriteEngine OnRewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] - Paste the code at the top of the htaccess file.
- Upload the new version of the htaccess file to the server.
The change should be immediate. Try to access the website using http and you should see it force the connection to https.
If you don't see the change right away, you may need to clear your web browser's cache or try accessing it with a different web browser or in incognito mode.
If your website isn't loading or you see an error, you can restore the original htaccess file using the backup version you made in step 2.
Other Methods
Depending on the hosting platform and site builder you are using, there may be other options available to you. Here are couple other options for you to check:
- Plug-ins or extensions - if you are using WordPress, you may be able to use a plugin to force SSL on your website
- Your web hosting may have a setting or option to force SSL - the setting may be found in the control panel for your website hosting, you can search your host's documentation or contact their support to find out more