# Enforcing HTTPS redirect using .htaccess on Cpanel

HTTPS stands for **<mark>Secured Hyper Text Transfer Protocol.</mark>** HTTPS uses **Secure Socket Layer (SSL)/Transport Layer Security (TLS)** to encrypt HTTP requests and responses. In simple terms, any information sent over HTTPS is transformed into an unreadable format that is only readable by the sender or receiver after being decrypted.

This is a more secure way to handle passwords, credit card information or any sensitive information. Websites with https usually have a padlock icon in the address bar, denoting that the connection is secure.

<div data-node-type="callout">
<div data-node-type="callout-emoji">💡</div>
<div data-node-type="callout-text">HTTP (without SSL) sends data through plain text. For example, if you were to access your bank's web page and they are using HTTP, <strong>a hacker may be able to access it and read any information that you send</strong>. This is where HTTPS comes in.</div>
</div>

Using HTTP only(without SSL) is highly discouraged as it poses lots of security concerns on a website. This article guides on how to setup secured HTTPS.

### Step 1: Setup Let's Encrypt™ SSL on Cpanel

We will start by setting up [Let's Encrypt™ SSL](https://letsencrypt.org/) which helps you get a free SSL certificate on your server. Skip this step if you already have it running. If not, on your [Cpanel dashboard](https://cpanel.net/), scroll to the Security section and set it up.

![Cpanel Security Section](https://cdn.hashnode.com/res/hashnode/image/upload/v1689547218753/1d1c9733-68f3-4b06-bdb7-cd0fe490175e.png align="center")

### Step 2: Create a dot htaccess file (.htaccess)

Suppose you have an existing .htaccess file in the root domain folder(one that contains the website), you may skip this step. To create one use the **"File Manager"** option in your Cpanel dashboard.

![Cpanel File Manager Section](https://cdn.hashnode.com/res/hashnode/image/upload/v1689548201105/2998dc01-3cb0-40db-bab9-f9080793443f.png align="center")

On the File Manager panel, open the folder that contains the website (in most cases, is the **"public\_html"** folder. Click on the **+File** option.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689548657656/186a18d1-a8e8-4f1b-9672-bf37ab96b753.png align="center")

Proceed to create the .htaccess file as shown in the image below. **PS: For *this particular file, its name must be preceded by a dot (.)***

![Creating a .htaccess file](https://cdn.hashnode.com/res/hashnode/image/upload/v1689548964655/b2900ec2-1e7b-400f-b3e4-686bbbeb7d35.png align="center")

### Step 3: Locate the .htaccess file

By default, Cpanel dashboards are configured to hide dot files thus you may not immediately see your .htaccess file. To make the file visible, head to the Cpanel "**Settings**" option at the top right of your dashboard. Ensure the "**Show Hidden Files**" is checked as shown in the image below.

![Enable Show Hidden Files](https://cdn.hashnode.com/res/hashnode/image/upload/v1689550056137/3dd73a17-b407-4ad1-b002-d7bf73f41c49.png align="center")

### Step 4: Add the HTTPS redirection code

After locating the .htaccess file, right-click on it and choose the "**Edit**" option. Copy the following lines of code and paste them into your file.

```plaintext
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
```

### Conclusion

As simple as that, our website now has its traffic encrypted using the SSL/TLS protocol. Remember security goes beyond implementing HTTPS and thus you should configure other security measures to prevent internet attacks.
