How to Force SSL Certificate on all pages with Bluehost

Very technically biased article and it does what it says on the tin. Now be sure you actually have an SSL certificate allocated to the domain that you’re trying to force this on. That seems like a simple statement, but the implications are that your site becomes inaccessible by most browsers as it’s identified as a security risk.

So you’ve got an SSL certificate, your domain is appearing with “https://…” at the beginning of it, but you can still view pages in your web browser which don’t start with “https://…” instead they go straight into “www.” or the beginning of your domain name i.e. “ihrinnovationgroup.com”. This means you have an SSL certificate, but it’s not being used on all pages. Not what you had planned.

There are various plugins that promise to do this, but ultimately, all they’re doing is adding a little snippet of code to your “ht access file”.

You access your .htaccess file typically by logging into your hosting account and navigating to your “File Manager” or “CPanel” account. This is basically where all the files for your website are saved.

Your .htaccess file will typically be located in your “public_html” folder. Sometimes you might need need to change the settings in your CPanel or File Manager so you can “See Hidden Files”. Your .htaccess file is pretty damn important, so your hosting provider may hide it to prevent accidentally deleting or editing the file.

How to Edit Your .htaccess file on Bluehost

On Bluehost, go to “File Manager” on you hosting dashboard. This will open up the CPanel account. Go to “Settings” in the top right corner of the screen, and select “Show Hidden Files” option and save. Navigate to your “public_html” folder in the left hand pane, then click on the folder relating to your domain name. Your .htacess file should then appear in the list in the main file pane.

Click on the .htaccess file in the main pane and click “Edit” in the top menu. This opens the editor in which you can edit your .htaccess file by adding the required code snippet.

Note: You may need to delete the top line in the .htaccess file which says “RewriteEngine inherit” as we’re replacing this with our code snippet.

On Bluehost the code snippet you need to add can be found here.

This looks something like;

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]

Obviously replacing example.com with your domain name.

This basically forces SSL or “https://” on every page of your website. Simple.

For other hosting providers, I’d suggest searching “Forcing SSL on all pages with <insert hosting providers name>” in Google.

Simple, and done.

Don’t waste your money on an SSL certificate if you aren’t going to use it properly…

Final Note – FREE SSL for WordPress Sites

Bluehost is offering free 256 bit encryption SSL certificates for all WordPress site on their hosting plan.

We have a free SSL installed on each of our domains using Bluehost’s VPS hosting for performance.

Here’s the link to the Bluehost article on how to install your Free SSL certificate

Update – Great SSL Guide From Elegant Themes

The following link contains an article from the Elegant Themes Blog. It pretty much covers SSL certificates top to bottom including;

  • Which plugin to use to force SSL and the configuration settings to use
  • What you need to do within WordPress settings to ensure SSL is enforced
  • How to use Google Search Console to tell Google to use the HTTPS version of your site
  • And plenty more!

Here’s that link to the Elegant Themes Article on The Ultimate Guide to HTTPS and SSL for WordPress