Support article
How to force HTTPS on your website safely
Learn how to force HTTPS in DirectAdmin, cPanel or `.htaccess` so your website always loads with SSL and avoids security warnings.
Introduction
Installing an SSL certificate is the first step so your website can load with https://, but it is not always enough. If a visitor enters using http://, the browser may still show the “not secure” warning.
To avoid that, you need to force an HTTPS redirect. This tells the server that any visit through HTTP must automatically go to the secure version of the website.
In this guide we will see how to do it from DirectAdmin, cPanel and, if you need a more advanced setup, from the .htaccess file.
How to force HTTPS in DirectAdmin
If your miHosting plan uses DirectAdmin, you can enable the redirect without touching code.
- Log in to your DirectAdmin panel.
- Go to Account Manager.
- Click SSL Settings.
- Check Force SSL with https redirect.
- Click Save to store the change.
[Suggested image: screenshot of the “Force SSL with https redirect” option in DirectAdmin]
When the change is saved correctly, you will see a green confirmation. From that moment on, visits that enter through http:// will be redirected to https://.
How to force HTTPS in cPanel
In cPanel you can enable the redirect from the domains tool.
- Log in to cPanel.
- Look for the Domains section.
- Open Domains.
- Locate the domain you want to protect.
- Find the HTTPS Redirect column.
- Switch it to On.
[Suggested image: screenshot of the “HTTPS Redirect” column in cPanel]
The change is saved automatically. After that, test your domain by typing the http:// version to confirm that it redirects correctly to HTTPS.
Advanced method: force HTTPS with .htaccess
If you need more control or your website requires a custom configuration, you can do it from the .htaccess file.
This file is usually inside the public_html folder.
Add these lines at the beginning of the file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
This code tells the server that if the connection is not secure, it must permanently redirect it to the HTTPS version.
What to review if you use WordPress
If you use WordPress, enabling the hosting redirect is not enough on its own.
You should also check the internal configuration:
- Log in to the WordPress dashboard.
- Go to Settings > General.
- Review these fields:
- WordPress Address (URL)
- Site Address (URL)
- Make sure both use
https://.
If WordPress is still configured with http://, a redirect loop can occur and the website may become temporarily inaccessible.
Useful tips
- Test the change in an incognito window to avoid browser cache.
- Check several internal pages, not only the homepage.
- Use a 301 redirect to indicate that HTTPS is the permanent version.
- Verify that the SSL certificate is installed and valid.
- Do not enable several different redirect rules unless they are necessary.
Common problems
The padlock appears with a warning
This usually indicates mixed content. It happens when the website loads over HTTPS but some images, scripts or styles still use http://.
Review internal links, images and theme resources.
The website enters a redirect loop
This can happen if WordPress, a plugin and the hosting account all try to apply different redirects at the same time. Disable duplicate rules and review the WordPress URLs.
The redirect option does not appear
It depends on the panel and the domain configuration. In that case, you can use the .htaccess method or contact support.
Frequently asked questions
Does forcing HTTPS improve SEO
Yes. Using HTTPS and a 301 redirect helps tell Google which is the official and secure version of the site.
Do I need SSL before forcing HTTPS
Yes. A valid SSL certificate must exist first. If you force HTTPS without one, the browser will show security errors.
Can I use .htaccess on any hosting service
Only if the server uses Apache or is compatible with .htaccess rules. On most Apache-based shared hosting plans it works correctly.
Why does my website still show “Not secure”
It may be because it is not redirecting to HTTPS, because the certificate is not installed, or because there is mixed content.
Conclusion
Forcing HTTPS is an essential step after installing an SSL certificate. You can do it from DirectAdmin, cPanel or through .htaccess.
If your website shows errors afterward, review the WordPress configuration, mixed content and duplicate redirect rules.