After installing an SSL certificate, you need to force all visitors to use the secure HTTPS version of your website. The fastest way to do this on cPanel hosting is with an .htaccess rule.

Before you start

Make sure an SSL certificate is already installed on your domain. You can check in cPanel under Security → SSL/TLS Status. If no certificate is installed, follow the AutoSSL guide first.

Method 1 — Use cPanel (no code required)

1. Log in to cPanel.
2. Under Domains, click Domains.
3. Find your domain and enable the Force HTTPS Redirect toggle.
4. cPanel will add the redirect rule automatically.

Method 2 — Edit .htaccess manually

1. Log in to cPanel and open the File Manager.
2. Navigate to your public_html folder (or the folder where your website is installed).
3. Click Settings in the top-right and enable Show Hidden Files, then click Save.
4. Find the .htaccess file, right-click it, and select Edit.
5. Add the following lines at the very top of the file, before any existing content:
   
   RewriteEngine On
   RewriteCond %{HTTPS} off
   RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
6. Click Save Changes.

WordPress users

If you are using WordPress, also update your site URL:

1. Log in to the WordPress admin panel.
2. Go to Settings → General.
3. Change both WordPress Address (URL) and Site Address (URL) from http:// to https://.
4. Click Save Changes.

Testing

Open your browser and visit http://yourdomain.com (without the S). You should be automatically redirected to https://yourdomain.com. You can also use https://www.whynopadlock.com to check for mixed content warnings.