SSL is Active but site isn't showing Secure?

Most of our new users going through from this state. SSL is active but the domain is still throwing "Not Secure Connection".

How to Force SSL on a Website or redirect a website to HTTPS protocol

For website owners, securing their website is a top priority. One of the most basic steps towards website security is to enable HTTPS on their website. HTTPS or HyperText Transfer Protocol Secure is a protocol used for secure communication over the internet. It encrypts the data transmitted between the user’s browser and the website, making it more difficult for attackers to intercept and read the data. In this article, we will discuss how to force HTTPS on a website using cPanel or .htaccess.

1. Why do you need to force HTTPS on your website?

When a website has an SSL (Secure Sockets Layer) certificate installed, it encrypts the data transmitted between the user’s browser and the website. However, even after installing an SSL certificate, the website may still be accessible via HTTP (HyperText Transfer Protocol). This means that the website is vulnerable to attacks like man-in-the-middle attacks, where attackers can intercept the data transmitted between the user’s browser and the website.

To prevent such attacks, it is necessary to force the website to use HTTPS instead of HTTP. This ensures that all communication between the user’s browser and the website is encrypted and secure.

2. How to force HTTPS using the Hosting Control Panel?

We have categorized the steps with the corresponding Hosting Control Panel to apply HTTPS redirections.:

cPanel

• Log in to your cPanel account.
• Go to the “Domains” section.
• Turn on the “Force HTTPS Redirect” toggle button.
• The website will now be automatically redirected to HTTPS.

Note: The above steps may vary depending on the cPanel theme used by your web hosting provider.

DirectAdmin

• In DirectAdmin, applying HTTPS or Force SSL Redirects is so easy.
• Log in to your DirectAdmin.
• Go to Account Manager.
• Select Domain Setup.
• Click over your domain.
• Checkmark the box at the start of: Force SSL with https redirect.
• Press the Modify button to save the changes.

After a moment, changes will take effect. Don’t forget to:

• Clear your browser cache and cookies to prevent the browser’s old results.

Ultimately, the domain will start redirecting from HTTP to HTTPS.

3. How to force HTTPS using .htaccess?

The .htaccess file is a configuration file used by Apache web servers. It allows website owners to set various configuration options for their website. To force HTTPS use, follow these steps:

• Login to your website’s cPanel account.
• Go to the “File Manager” section.
• Navigate to the “public_html” folder for the main domain or the document root folder for the addon domain or subdomain.
• If you cannot see the .htaccess file, enable the option to show hidden files.
• Edit the .htaccess file and add the following code at the top:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

• Save the changes to the .htaccess file.

The above code checks whether HTTPS is enabled for the website. If not, it redirects the website to use HTTPS.

4. Set base URL to HTTPS in WordPress

If your website is built on the WordPress CMS, you also need to set the website’s base URL to HTTPS. To do this, follow these steps:

• Login to your WordPress Dashboard. ( https://yourdomain.com/wp-admin )
• Go to  Settings ⇒ General
• Change the “WordPress Address (URL)” and “Site Address (URL)” to use HTTPS instead of HTTP.
  http://yourdomain.com  ⇒  https://yourdomain.com
• Save the changes.

If you have encountered any technical errors or issues while performing the above steps. Please feel free to reach out to our TheBeeHost Technical Support team.

Stay blessed and Happy hosting journey with TheBeeHost!