How to Force HTTPS and WWW (or Non-WWW) Using .htaccess

Ensuring your website loads consistently with HTTPS and your preferred domain format improves security, SEO, and user experience. This guide explains how to configure these redirects using .htaccess on Apache or LiteSpeed servers.

Before You Start

• Confirm you have an active SSL certificate installed for your domain
• Back up your existing .htaccess file before making changes
• Test your site after each change to ensure it loads correctly

The .htaccess file is located in your website's root directory (typically public_html or www). If the file doesn't exist, you can create one.

Force HTTPS Only

This redirects all HTTP traffic to HTTPS while preserving the existing WWW or non-WWW format:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Force HTTPS and WWW

Use this if you want your site to always load as https://www.example.com:

RewriteEngine On

# Redirect to HTTPS
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Redirect to WWW
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Force HTTPS and Non-WWW

Use this if you want your site to always load as https://example.com:

RewriteEngine On

# Redirect to HTTPS
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Redirect to non-WWW
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1%{REQUEST_URI} [L,R=301]

Combined Single-Pass Rules

The examples above may cause two separate redirects (one for HTTPS, one for WWW). For better performance, you can combine them into single-pass rules.

HTTPS and WWW (Single Redirect)

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.example.com%{REQUEST_URI} [L,R=301]

HTTPS and Non-WWW (Single Redirect)

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^(.*)$ https://example.com%{REQUEST_URI} [L,R=301]

Replace example.com with your actual domain name when using these combined rules.

Placement in .htaccess

Add these rules near the top of your .htaccess file, after RewriteEngine On but before any CMS-specific rules. If you're using WordPress or another CMS, place the redirect rules above the existing block that typically begins with # BEGIN WordPress.

Troubleshooting

Redirect Loop

If your site gets stuck in a redirect loop, your server may be behind a proxy or load balancer that handles SSL termination. Try this alternative approach:

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Changes Not Taking Effect

• Clear your browser cache or test in a private/incognito window
• Verify the .htaccess file was saved correctly
• Check that mod_rewrite is enabled on your server
• Look for conflicting rules elsewhere in the file

Internal Server Error

This usually indicates a syntax error in your .htaccess file. Restore your backup and carefully re-add the rules, checking for typos or missing characters.

Verifying Your Redirects

After implementing your rules, test all four variations of your URL:

• http://example.com
• http://www.example.com
• https://example.com
• https://www.example.com

All four should redirect to your preferred format. You can use online redirect checker tools to verify the redirects are working and returning 301 (permanent) status codes.