How to Redirect HTTP to HTTPS: Apache, Nginx, cPanel & WordPress (2026)
Installing an SSL certificate is only half the job. Unless you explicitly redirect HTTP traffic to HTTPS, your site will respond happily on both http:// and https:// — meaning visitors who type your domain without the S, or click an old bookmark, land on an unencrypted page. Worse, Google treats http://yourdomain.com and https://yourdomain.com as two different URLs, splitting your link equity.
Redirect Checker
Test that your 301 redirect is correct and trace the full redirect chain.
Try It Free →3 Fix Mixed Content
Old posts and media may have hardcoded http:// links. Run the Better Search Replace plugin to update all internal URLs in your database from http://yourdomain.com to https://yourdomain.com.
Verify the Redirect is Working Correctly
After setting up the redirect, use the Redirect Checker to trace the full redirect chain from http://yourdomain.com. You want to see a single clean hop: HTTP 301 → https://yourdomain.com/. If you see two or more hops, there's a redirect loop or double redirect that wastes page load time and dilutes SEO signals.
Also Set Up www to non-www (or the Reverse)
While you're configuring redirects, pick one canonical form of your URL — www or non-www — and redirect the other to it. Google treats them as separate sites without this. For Apache:
FAQs
- Will a 301 redirect pass my SEO link juice to the HTTPS version?
Yes. Google passes PageRank through 301 redirects. Your existing search rankings and backlink authority will transfer to the HTTPS URL over the following weeks as Google re-crawls. - Should I use 301 or 302 for HTTP to HTTPS?
Always 301 (permanent). A 302 tells search engines the redirect is temporary, so they don't update their index and you don't get the SEO benefit. - My redirect seems to loop — the page never loads. What's wrong?
This usually happens when your server is behind a load balancer or reverse proxy that strips the HTTPS flag. Replace%{HTTPS} offwith%{HTTP:X-Forwarded-Proto} !httpsin your RewriteCond. - Do I need to submit the new HTTPS URL to Google Search Console?
Yes. Add the HTTPS version of your site as a separate property in Search Console, verify it, and submit your sitemap again pointing to HTTPS URLs. This speeds up re-indexing.
Redirect HTTP to HTTPS on Windows IIS
IIS offers two ways to enforce HTTPS: the URL Rewrite module (recommended) or the built-in HTTP Redirect feature. The URL Rewrite approach preserves the full URL path — the built-in redirect sends everything to a single destination URL.
Option 1: URL Rewrite Module (Recommended)
Download and install the IIS URL Rewrite module from Microsoft if not already present. Then add this to your site's web.config:
Option 2: PowerShell (HTTP Redirect Module)
http://yourdomain.com/about/ lands on https://yourdomain.com — not https://yourdomain.com/about/. The URL Rewrite rule preserves the full path using {R:1}.
macOS (Homebrew Apache / Nginx)
On macOS with Homebrew, use the identical Apache .htaccess or Nginx server {} block shown above for Linux — the syntax is the same. The only difference is the config file location: /opt/homebrew/etc/httpd/ for Apache, /opt/homebrew/etc/nginx/ for Nginx.
Check your redirect chain
Trace exactly how your HTTP-to-HTTPS redirect behaves — spot loops, double redirects, or missing steps.