Using HTTPS instead of HTTP means that communications between your browser and a website is encrypted via the use of an SSL (Secure Socket Layer). Even if your website doesn’t handle sensitive data, it’s a good idea to make sure your website loads securely over HTTPS. It’s now becoming a requirement for many new browser features as well as potentially having an impact on search engine rankings.
To make sure your website loads securely, you need to make sure that it is prefixed with HTTPS instead of HTTP. This can be done in a few different ways. Outlined below are the most common ways to do this.
Use the Force HTTPS tool
Using a .htaccess file
Another way that has the potential for more specific configuration is to use a .htaccess file rule. If you don’t have a .htaccess file, you can create one via FTP or File Manager and then add the code:
RewriteEngine On
RewriteCond %{env:HTTPS} !on
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
If you already have a .htaccess file then make sure you don’t duplicate the line: RewriteEngine On
If after enabling force HTTPS the website shows insecure, then you’ll need to make sure that: