Redirect all non-secure requests to use a secure HTTPS connection. An SSL certificate is obviously required to be installed on the web server.

Redirect all non-HTTPS requests to use an HTTPS connection by adding the following to your .htaccess:

RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]

For SEO purposes, this redirect should be Permanent (301).

In More Detail

Secure connections have historically been used for sites which deal in sensitive information – banks and financial institution, governmental – it is becoming more and more common as HTTPS has become easier and lest costly to implement and has quickly become the standard for all websites.

Beyond the obvious security benefits of having all traffic to a website encrypted, there are some additional benefits to consider if you haven’t made the move to secure connections on every website you may control:

  • Improved search engine rankings – since 2014, Google has been ramping up its preference for secure websites; it is now a clear signal in their ranking algorithm, and you may be getting outranked by secure sites if yours isn’t already using HTTPS exclusively
  • Higher customer confidence – surveys have shown that most people will NOT make a purchase over an insecure connection; additionally, most browsers today clearly indicate on the URL bar whether a connection to a site is insecure, degrading confidence even further for users of a non-HTTPS website
  • In the future, all sites will be secure – as the web continues to grow, and the number of malicious denizens of the web continues to grow, security and privacy will become paramount; be ahead of the curve when it comes to making the web a secure place to be

SSL certificates are available in both free and commercial grades, with the commercial certificates offering varying degrees of functionality, such as wildcard certs, multi-domain certs, and the premium ‘green bar’ certificates.

Be sure to check our Resources section for places to get both free and commercial SSL certificates.