Although Google was encouraging the use of SSL encryption (HTTPS) on all sites they are now beginning to lean toward penalizing non-encrypted sites still using non-encrypted HTTP. You will need to have a valid SSL certificate in order for your site to use HTTPS – that will get installed automatically after your domain is fully live on our servers. We also offer several options of paid private SSL certificates that we can issue and install for you; a paid private SSL certificate requires a dedicated IP address for your domain. Please contact us if you are looking for a paid private SSL certificate and dedicate IP address for your site.
Once you have your site working in HTTPS you will likely want to force all users to use HTTPS so that some of them do not bookmark or load the site in non-encrypted HTTP. Most content management systems such as WordPress will do this automatically for you if you enable HTTPS or update the site’s URL in the backend settings.
If you have a custom or static website, this can be accomplished through your “.htaccess” file. Your site can have multiple “.htaccess” files, one for each folder – they control rules for that web folder and all subfolders within it. In this case you want to modify your main “.htaccess” file in your website’s root web folder (usually “public_html”) or create the file there if one does not exist. The file is named “.htaccess” – it starts with a period and has no file name extension in its name. The order of the lines in the file matter and if you make a syntax mistake then it can cause your website to stop working giving a 500 error so be certain to copy the file before modifying it and always test the site after making changes. The following lines will force all requests to HTTPS – if there are other mod_rewrite lines in the file then you should not need to add “RewriteEngine on” a second time and can leave that line out if it is already in the file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L]