WordPress force HTTPS htaccess rule is the simplest way to make sure every page loads securely over SSL. Here’s how to force HTTPS in WordPress without any plugin — just edit your .htaccess file.
Add this to the top of your .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
How It Works
This WordPress force HTTPS htaccess snippet checks if HTTPS is not active. If not, it redirects the visitor to the HTTPS version of the same URL with a 301 permanent redirect.
Why WordPress Force HTTPS htaccess?
Forcing HTTPS ensures all traffic stays secure and encrypted. It’s better for SEO and user trust, and this simple .htaccess tweak works without adding another plugin.
Common Mistake
Always backup your .htaccess before editing. A wrong syntax can break your site. Place the rule at the very top for priority.
Pro Tip
Combine this with an HSTS header for extra SSL security — but test carefully to avoid redirect loops.