Force HTTPS with HSTS in .htaccess
This tells the browser to not accept any unsecured connection. In other words, http will no longer work, only https.
In your .htaccess file you can add this line:
<IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=31536000" </IfModule>raw
This will make your browser remember to always use the secured version of your website. It makes use of the "HTTP Strict Transport Security" policy and improves security by eliminating the risks of man-in-the-middle TLS-protocol-downgrade attacks. Be careful: setting this header will tell the browser never (or that is: until max-age) to use http:// again. So if you later on decide to serve (parts of) your site using no encryption, all those clients (browsers) which saw the header will not comply and keep using https://.
Found a tpyo?Edit