Although Google was encouraging the use of SSL encryption (HTTPS) on all sites they are now beginning to lean toward penalizing non-encrypted sites still using HTTP. You need to have a valid SSL certificate issued and installed on the server in order for your site to use HTTPS so that should be done first. If your site is hosted here at Zenutech and does not have an SSL certificate installed please contact

Once you have your site working in HTTPS you will likely want to force all users to use HTTPS so that some of them do not bookmark or load the site in non-encrypted HTTP. Most content management systems such as WordPress will do this automatically for you if you enable HTTPS or update the site’s URL in the backend settings.

If you have a custom or static website, this can be accomplished through your “.htaccess” file. Your site can have multiple “.htaccess” files, one for each folder – they control rules for that web folder and all subfolders within it. In this case you want to modify your main “.htaccess” file in your website’s root web folder (usually “public_html”) or create the file there if one does not exist. The file is named “.htaccess” – it starts with a period and has no file name extension in its name. The order of the lines in the file matter and if you make a syntax mistake then it can cause your website to stop working giving a 500 error so be certain to copy the file before modifying it and always test the site after making changes. The following lines will force all requests to HTTPS – if there are other mod_rewrite lines in the file then you should not need to add “RewriteEngine on” a second time and can leave that line out if it is already in the file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L]