Using HTTPS instead of HTTP ensures that communications between your browser and a website are encrypted via the use of an SSL (Secure Socket Layer) certificate. Even if your website doesn’t handle sensitive data, it’s a good idea to ensure your website loads securely over HTTPS. It’s becoming a requirement for many new browser features and positively impacts search engine rankings.

To make sure your website loads securely, you need to ensure it is prefixed with HTTPS instead of HTTP. This can be done in a few different ways. Outlined below are the most common methods to achieve this.

How to Force HTTPS Using StackCP Tool #

1. Log in to StackCP and navigate to Manage Hosting.
2. Select Manage on the package you want to force HTTPS for.
3. Select the SSL/TLS icon.
4. Enable Force HTTPS. This will redirect website users to HTTPS. As long as the website has an SSL certificate and all content loads via HTTPS, the site should show as secure.

How to Use the .htaccess File to Force HTTPS #

Another way to force HTTPS, which allows for more specific configurations, is to use a .htaccess file rule. If you don’t have a .htaccess file, you can create one via FTP or File Manager and then add the following code:

RewriteEngine On
RewriteCond %{env:HTTPS} !on
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

If you already have a .htaccess file, ensure you don’t duplicate the line: RewriteEngine On.

Troubleshooting Insecure Website After Enabling HTTPS #

If after enabling Force HTTPS, your website still shows as insecure, ensure the following:

• SSL Certificate: Ensure you have an SSL certificate installed on the site.
• Mixed Content: Make sure there is no mixed content. Mixed content occurs when some resources (images, scripts, etc.) are loaded over HTTP instead of HTTPS. For more details, refer to our guide on fixing mixed content.