Installing SSL is step one. Step two is making sure every visit uses HTTPS — even people who type the bare URL.
WordPress sites
- WP Admin → Settings → General.
- Change both WordPress Address and Site Address from
http://tohttps://. - Save — you may be logged out, log back in.
- Install Really Simple SSL and click Go ahead, activate SSL. It fixes mixed-content warnings automatically.
Static HTML sites — .htaccess
Add this to the top of your .htaccess file in public_html:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]From cPanel (easiest)
cPanel → Domains → click Force HTTPS Redirect next to your domain. Toggle it on. cPanel updates .htaccess for you.
Verifying
Open http://yourdomain.com (without the s) — your browser should auto-jump to https://.