In WordPress you can use a plugin (easier) or directly edit your .htaccess file (harder) within your site files in order to force all users to https.
Technically speaking there are 4 versions of your domain name (eg yoursite.com) and bots, like Google’s Search, actually consider all of these as different sites. As such it’s best to force (via htaccess redirection) all users to use one or the other for all your analytics tracking (SEO), help ensure a more secure site and create a better user experience for the user.
NOTE: If you haven’t quite got your hosting set up but do have a domain name then this topic is slightly ahead of where you are. You can search WordPress hosting plans before continuing. The below instructions could be followed on any host but you would need your site hosted first.
- Why 4 different versions of your domain name?
- Why force them all to one version of the domain name?
- How to force them all to one version of the domain name via a plugin (easier)
- How to force them all to one version of the domain name via editing .htaccess file (harder)
Watch along on YouTube:
4 different versions of your domain name?
From a technical point of view, being those of the bots which crawl and index your site and eventually rank your site to be shown to Google (and other engines but Google is the largest at this time) your domain name, like yoursite.com, actually has 4 versions assuming you have an SSL certificate (which you should from your host company). For example,
- https://yoursite.com
- https://www.yoursite.com
- http://yoursite.com
- http://www.yoursite.com
In the first two the difference is the ‘www’ but in the second it is both the ‘www’ and the ‘http’. The ‘s’ in ‘https’ has been dropped in those second two.
Why force them all to one version of the domain name?
So, without forcing all users to one of these it’s actually possible for both users and bots to go to all of these. You don’t want that for a couple of reasons.
From a users point of view:
If you’re users are able to browser to the ‘non-http’ (insecure) versions of the site then their data on your site will not be as secure as it could be. This is a possible security hole for your users and will reflect poorly upon your site as many people are told to only interact with sites which have the https version forced.
From a search engines point of view:
Also, search engines will sometimes stop users from going to your site from their search results if the https version is not available. This will lower your page views and hence whatever goals you have on the site (sales, contact form etc).
From an analytics point of view:
Most site owners use Google Analytics to track users on their site and understand which pages are performing as expected. Google will only recognize traffic to the site you used in the account set up process for that ‘unit’. If you used a www.yoursite.com version and your visitors go to the yoursite.com then these visits will not be tracked.
The solution is simple and most of the time you may not even have to do this if your host does it for you (as Bluehost does) but if you do need to do this then read on.
How to force them all to one version of the domain name via a plugin (easier)
The far easier and quicker way is to simply install this WP Force SSL Plugin and then activate it. You only have to activate it for it to start working.
NOTE: You do need to have an SSL certificate for your site already for this to work. On Bluehost this is made automatically for you when you create an account with your domain name or you add a new domain to your account. If you aren’t on Bluehost you may have to do this manually but make sure you have it before you activate.
How to force them all to one version of the domain name? (harder)
The process is quite simple,
- find the .htaccess file in your websites code on your hosting account.
- You can access this via your the cPanel and then ‘File Manager’. If you are on Bluehost cPanel is access by clicking on the ‘Advanced’ tab.
- If you are on another host just look for cPanel.
- add the below code to the site. Just select the one which applies to you.
Which one to choose?
If you want your site to be https://www.yoursite.com then add this code
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
if you want yoursite to be https://yoursite.com then add this code
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://yourdomain.com/$1 [R,L]
In either case add the below at the very top of the .htaccess file.