← Back to Blog
tutorial

How to Redirect HTTP to HTTPS: Apache, Nginx, cPanel & WordPress (2026)

Installing an SSL certificate is only half the job. Unless you explicitly redirect HTTP traffic to HTTPS, your site will respond happily on both http:// and https:// — meaning visitors who type your domain without the S, or click an old bookmark, land on an unencrypted page. Worse, Google treats http://yourdomain.com and https://yourdomain.com as two different URLs, splitting your link equity.

🔄

Redirect Checker

Test that your 301 redirect is correct and trace the full redirect chain.

Try It Free →

3 Fix Mixed Content

Old posts and media may have hardcoded http:// links. Run the Better Search Replace plugin to update all internal URLs in your database from http://yourdomain.com to https://yourdomain.com.

Verify the Redirect is Working Correctly

After setting up the redirect, use the Redirect Checker to trace the full redirect chain from http://yourdomain.com. You want to see a single clean hop: HTTP 301 → https://yourdomain.com/. If you see two or more hops, there's a redirect loop or double redirect that wastes page load time and dilutes SEO signals.

Also Set Up www to non-www (or the Reverse)

While you're configuring redirects, pick one canonical form of your URL — www or non-www — and redirect the other to it. Google treats them as separate sites without this. For Apache:

# Redirect www to non-www (keep this BEFORE the HTTPS redirect) RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]

FAQs

  • Will a 301 redirect pass my SEO link juice to the HTTPS version?
    Yes. Google passes PageRank through 301 redirects. Your existing search rankings and backlink authority will transfer to the HTTPS URL over the following weeks as Google re-crawls.
  • Should I use 301 or 302 for HTTP to HTTPS?
    Always 301 (permanent). A 302 tells search engines the redirect is temporary, so they don't update their index and you don't get the SEO benefit.
  • My redirect seems to loop — the page never loads. What's wrong?
    This usually happens when your server is behind a load balancer or reverse proxy that strips the HTTPS flag. Replace %{HTTPS} off with %{HTTP:X-Forwarded-Proto} !https in your RewriteCond.
  • Do I need to submit the new HTTPS URL to Google Search Console?
    Yes. Add the HTTPS version of your site as a separate property in Search Console, verify it, and submit your sitemap again pointing to HTTPS URLs. This speeds up re-indexing.

Redirect HTTP to HTTPS on Windows IIS

Windows Server IIS 8.5+

IIS offers two ways to enforce HTTPS: the URL Rewrite module (recommended) or the built-in HTTP Redirect feature. The URL Rewrite approach preserves the full URL path — the built-in redirect sends everything to a single destination URL.

Option 1: URL Rewrite Module (Recommended)

Download and install the IIS URL Rewrite module from Microsoft if not already present. Then add this to your site's web.config:

<?xml version="1.0" encoding="UTF-8"?> <configuration> <system.webServer> <rewrite> <rules> <rule name="HTTP to HTTPS" stopProcessing="true"> <match url="(.*)" /> <conditions> <add input="{HTTPS}" pattern="^OFF$" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" /> </rule> </rules> </rewrite> </system.webServer> </configuration>

Option 2: PowerShell (HTTP Redirect Module)

# Install the HTTP Redirect feature (run in elevated PowerShell) Install-WindowsFeature Web-Http-Redirect # Configure the redirect Import-Module WebAdministration Set-WebConfiguration ` -Filter "system.webServer/httpRedirect" ` -PSPath "IIS:\Sites\Default Web Site" ` -Value @{ enabled = "True" destination = "https://yourdomain.com" exactDestination = "False" httpResponseStatus = "301" }
Use URL Rewrite, not HTTP Redirect module: The HTTP Redirect module redirects all paths to a single destination URL, which means http://yourdomain.com/about/ lands on https://yourdomain.com — not https://yourdomain.com/about/. The URL Rewrite rule preserves the full path using {R:1}.

macOS (Homebrew Apache / Nginx)

On macOS with Homebrew, use the identical Apache .htaccess or Nginx server {} block shown above for Linux — the syntax is the same. The only difference is the config file location: /opt/homebrew/etc/httpd/ for Apache, /opt/homebrew/etc/nginx/ for Nginx.


Check your redirect chain

Trace exactly how your HTTP-to-HTTPS redirect behaves — spot loops, double redirects, or missing steps.