The trouble with HTTPS is that many people who are not familiar with web hosting, Apache, and Linux servers are unable to properly implement it. One of the main deployment challenges I’ve seen is individuals struggling to find a good way to switch visitors from their website’s non-HTTPS implementations to the HTTPS update. Let’s presume you have your website at https:/www.example.com, for example. What if a person is arriving at http:/www.example.com? Or just http:/example.com? How do you guide everybody securely to the HTTPS source in a manner that is both quick and polite to the search engine (which are the same now that website speed is also a ranking factor)? The response is to use your server’s htaccess file to switch using Apache. This will render everything much easier as it is handled at the bottom of the computer. Don’t use a WordPress plugin (if you’re running a WordPress site) for that, because if the plugin fails, then the whole redirect would fail, and on top of that I’m not a big fan of using plugins for simple things that can be hard-coded (if you don’t know what a htaccess file is, check out this website to clarify what a htaccess file is and how to use it). This is what you want to place at the top of your htaccess file as far as the application itself goes: RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.)$ https://example.com/$1 [R=301,L] By using this application on your own blog, you will overwrite “example.com” with your own domain name, which happens to be the case. And again, this function is before anything else at the top of your htaccess script. Another important thing to note is that if your domain has “www” in the URL, you’d want to make sure you add it, so that your code looks like this: RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.)$ https://www.example.com/$1 [R=301,L] This coding instructs the server to take someone entering the web to guide them to the correct HTTPS root if anything else is accessed. This is good because it prevents access to both your site’s non-HTTPS version, which prevents indexing in search engines. This application requires a 301 redirect to execute redirecting, which is usually the best way to redirect permanent changes because the web is on HTTPS instead of HTTP. If you use a cloud-based server, this variant may need to be used: RewriteEngine On RewriteCond %{HTTP:X-Forwarded-Proto} !https RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L] I can’t tell you how many websites I’ve seen that go bad, but download this application and see if it fits for you. Clearly, I can’t guarantee how it’s going to work on your own website, but in my experience this was the best way to get all sites pushed into HTTPS. Even, if you’re wondering if this application functions or not if anyone wants to access an internal page’s non-HTTPS version, it does! Only on the HTTPS edition, it will guide them to the same tab.
