To force all web traffic on your site to use HTTPS, you can use the following code in your .htaccess file. This file should be located in your website’s root directory. If it’s not there, you will need to create it.

Here is the code you can use:

RewriteEngine On 
RewriteCond %{HTTPS} off 
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Here’s a breakdown of what this code does:

  • RewriteEngine On activates the rewriting engine of the Apache server.
  • RewriteCond %{HTTPS} off is the condition under which the rewrite rule will be executed. In this case, the condition is that the HTTPS is off (meaning the current connection is not secure).
  • RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] is the rule that will be executed if the above condition is met. This rule redirects all traffic to the same URL but with the HTTPS protocol. The L flag means this is the last rule to be processed if it gets applied, and R=301 sends a 301 (permanent) redirect status, indicating to browsers and search engines that the page should always be accessed via HTTPS in the future.

Please note, for these rules to take effect, the Apache mod_rewrite module must be installed and enabled on your server.