How to Do an SSL Redirect

Secured HTTPS websites are slowly replacing HTTP websites. The reasons for this change are heightened scrutiny over data protection in the wake of numerous, large-scale data breaches, and maturing regulatory frameworks designed for use in cyberspace.

The European Union’s move to endorse the General Data Protection Regulations bill (GDPR) underscores the importance of data protection. This bill was drawn to protect sensitive data that consumers share online and to give customers and web users the security they need when they perform online transactions and divulge private details to companies over the web. Many modern browsers already comply with these laws, and they provide warnings to users—via a clear “this site is not secure” banner—whenever they venture to unsecured sites.

Benefits of SSL

As a website owner, you have more to gain than lose by ensuring your site is secured with SSL, or Secure Sockets Layer, the technology that powers the security in HTTPS websites (the’s’ stands for secure). Before discussing how to execute an SSL redirect, let’s briefly look at the reasons why you should secure your website with SSL:

Web Security

Website hacks are commonplace, and private, sensitive data all too often finds its way to the public domain thanks to unauthorized parties who access private server data, or data transmitted between users, websites, and hosting servers. You should secure your site with SSL to prevent external parties from listening in on or capturing data from transactions executed between your servers and your visitors.

Establishing Trust

You can improve your traffic numbers by helping your visitors feel secure when they interact with your website and share information with you. When they see that your site is SSL-secured, they will be more willing to engage with you online.

For example, if you have an eCommerce website, at some point, they will be required to fill in information such as their credit card details before they can make a purchase. If your customers can see that your site isn’t SSL secured when they do a google search, then someone outside the transaction who is ‘listening in’ to web server activity could access these details. They can then use the data they gather from your transactions for fraudulent activities. Establishing and maintaining trust can affect your traffic and sales as much as an intuitive UI and a good service offering.

SEO Privileges

Having your website rank high on search engine results pages is the goal of every online marketer. One way to improve your SEO is to secure your site with SSL since the level of SSL security that you have is one of many criteria that modern search engines use for ranking websites. If you don’t have an SSL certificate on your website, it will be difficult for you to develop the online visibility you need to be successful.

Many web hosting providers now offer free SSL certificate options for new domains. Others offer cheap and affordable rates for installing SSL security on existing web pages.

SSL Redirect

Once you have SSL installed, you need to redirect visitors who are still accessing your old HTTP site to your new HTTPS site. You can redirect visitors to your HTTPS domain automatically—even when they try to use your old HTTP domain. The redirection approach you should use depends on the type of server that runs your website. Below we outline how to do it with a few popular web server deployment setups:

SSL Redirect for Apache Server

If you run your site on the Apache server, you can execute an SSL redirect to your new HTTPS page by following the steps below:

  • Log in to your Apache server
  • Navigate to the conf folder and select the backup file httpd.conf
  • View your httpd.conf via your Vi editor
  • Load the module

If you see this command: LoadModule rewrite_module modules/, uncomment it, and at the end of the file, add the following command:

RewriteEngine On RewriteCond %{HTTPS} Off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}.

To see if the reset worked, restart Apache and try to visit your old HTTP to see if it redirects you.

SSL Redirect for Nginx Server

If you are running an Nginx server, you can adjust it to have your old HTTP site redirect to HTTPS by following these steps:

  • Log in to your Nginx server
  • Select the backup of the Nginx.conf file
  • In the directive, add the command: return 301 https://$server_name$request_uri;
  • Ensure that it’s saved then restart your Nginx server. Your site should then redirect to HTTPS.

SSL Redirect for Cloudflare

If you use Cloudflare, you can execute an SSL redirect as follows:

  • Log in to your Cloudflare account and select the website/domain that you want to redirect 
  • Navigate to the Crypto tab, navigate downwards, and select the toggle you find there to ON

An alternative way to activate HTTPS on Cloudflare involves using Page Rules:

  • Go to Page Rules
  • Navigate to the “create page” icon and click on it
  • Input the URL you want to redirect
  • Click on the “Add Settings” tab, then navigate through what pops up and click on “Always use HTTPS”
  • On the far end below, click on the tab that says “Save and Display,” and you are done

SSL Redirect for SUCURI

Just like Cloudflare, if you use SUCURI to run your website and you want to configure it for SSL, here is what you need to do:

  • Log in to your SUCURI account
  • Click on “FULL HTTPS” on the SSL mode page
  • Navigate to Project Redirection and click on “HTTPS only site”
  • Click on the “Save” tab below, and in no time your website will automatically run HTTPS as default

Now that you know how to do an SSL redirect, it’s time to start putting it into practice. As a leading hosting provider, Bluehost is here to help you start, create, and secure your WordPress site from start to finish. For more information on how to create a secure connection for your website, contact our team of experts today.

Machielle Thomas
Machielle Thomas | Content Manager
Machielle Thomas writes and curates web and email content for marketing professionals, small business owners, bloggers, and more.

Leave a comment

Your email address will not be published. Required fields are marked*