Browsers, like Chrome and Firefox, are showing insecure warnings on sites without SSL certificates. Therefore, using an SSL-encrypted connection for safety, accessibility or PCI compliance reasons is necessary.
HTTPS PCI compliance is required by credit card companies to make online transactions secure and protect them against identity theft, so it becomes very important to redirect from HTTP to HTTPS.
To make it work, in the .htaccess file (may be invisible in your control panel, you’ll need to activate “show hidden files” option) in the root directory of your script add following redirect rules:
1. From www to non-www
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
2. From non-www to www
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
3. To https
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
4. From https to http
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
5. Complex redirect from the following host names:
http://example.com
http://www.example.com
https://example.com
to
https://example.com
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
If instead of example.com you want the default URL to be www.example.com, then simply change the third and the fifth lines:
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [L,NE,R=301]