In this article, Change http to https Using htaccess 2019 I will show how you can enable SSL on PHP websites and redirect HTTP to HTTPS URLs.
In this age of information insecurity, all websites, that handle sensitive customer information such as passwords, credit card numbers etc., must offer secure and encrypted communication channels. In the absence of such channels, intercepting and stealing customers’ information becomes quite easy for anyone.
A Secure Socket Layer (SSL) certificate encrypts the connection between the customer and your web server so that the information is rendered unreadable by all third parties (identity thieves and hackers).
Buy a SSL Certificate
Next you’ll need something that proves your website is your website – kind of like an ID Card for your site. This is accomplished by creating an SSL certificate. A certificate is simply a paragraph of letters and numbers that only your site knows, like a really long password. When people visit your site via HTTPS that password is checked, and if it matches, it automatically verifies that your website is who you say it is – and it encrypts everything flowing to and from it.
Technically this is something you can create yourself (called a ‘self-signed cert’), but all popular browsers check with “Certificate Authorities” (CA’s) which also have a copy of that long password and can vouch for you. In order to be recognized by these authorities, you must purchase a certificate through them.
Godaddy.com is where I buy my certificates. They have a few options, but the one that I find best is the Hostgator.com. At this time it’s $90 per year, and it comes with a site seal that you can place on your pages to show you’re secure – which is good for getting your customers to trust you. You’ll simply buy it now, and then set it up by activating and installing it in the next steps.
Update your site to use HTTPS
At this point if you go to https://yoursite.com you should see it load! Congrats, you’ve successfully installed SSL and enabled the HTTPS protocol! But your visitors aren’t protected just yet, you need to make sure they’re accessing your site through HTTPS!
Keep in mind that you typically only need to protect a few pages, such as your login or cart checkout. If you enable HTTPS on pages where the user isn’t submitting sensitive data on there, it’s just wasting encryption processing and slowing down the experience. Identify the target pages and perform one of the two methods below.
You can update all links to the target pages to use the HTTPS links. In other words, if there’s a link to your cart on your home page, update that link to use the secure link. Do this for all links on all pages pointing to the sensitive URLs.
However, if you want to ensure that people can only use specific pages securely no matter what links they come from, it’s best to use a server-side approach to redirect the user if it’s not HTTPS. You can do that with a code snippet inserted on top of your secure page. Here’s one in PHP:
Copy and Paste The Code in .htaccess File
RewriteEngine On RewriteCond %{SERVER_PORT} 80 Rewrite Rule ^(.*)https://yourdomainname.com/$1 [R,L]
