Once you have an SSL certificate installed, it is good standard practice to make sure that all requests on your website use HTTPS. Our last post concerning mixed content covered one aspect of this. One other important element, which we’ll discuss here, is to force HTTP requests to use HTTPS instead. This way, if someone tries to visit your site via http://domain.com the request will be redirected to https://domain.com.
There are many different ways to accomplish this but if you’re using something like WordPress, for example, you might want to see if the functionality is built-in or if a plugin is available that could make this process easier. In this case, the Really Simple SSL plugin for WordPress is a great option and can even correct mixed content issues automatically.
Another common but easy way to handle this is by adding a simple mod_rewrite rule to your site’s .htaccess file. There are a lot of perfectly valid variations of these rules to get the desired result. A good generic option is:
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}