Always use HTTPS on your Website Builder site

To ensure that visitors always access your Website Builder site over HTTPS, all you need to do is to publish and you are set. We take care of the rest in the background.

If you get a warning about overwriting a .htaccess file or you want to know what happens in the background, continue reading.

Don't have access to Website Builder? You can try it out for free for 14 days and create a website in no time. Start your free trial now

How are visitors forced always to access my site via HTTPS?

SSL is by default enabled on all domains hosted with one.com, making it possible for your visitors to access your site via the secure HTTPS. However, this doesn't mean that they have to use HTTPS; if someone tries to access your site via the insecure HTTP, they will also be able to.

If you prefer to disable HTTPS, you can do so by turning off the toggle in the Website Builder dashboard under Website settings > Security.

Screenshot of the Website Builder dashboard where a red arrow is pointing to the toggle under SSL/HTTPS.

To make sure visitors always use HTTPS, we automatically add a rewrite rule to a file called .htaccess, which redirects all HTTP requests to HTTPS. This ensures your site is always accessed over a secure connection, no matter how visitors try to reach it.

When you publish your site, the .htaccess file is created automatically in your web space. See the screenshot below for an example.

Screenshot of the opened .htaccess file in File Manager.

I am asked whether to overwrite an existing .htaccess file; should I?

If you already have an .htaccess file on your webspace and try to publish your website in Website Builder, you'll get a warning message asking if you want to overwrite the existing file.

Whether you want to do this depends on what's in your current .htaccess file. You can check this via File Manager. Reasons why you have an existing .htaccess file could be because you've added password protection, installed WordPress or already added a rewrite to HTTPS.

If you are in doubt, it's better to leave it and simply add the rewrite configuration manually to the existing file.

Check this guide for more information: How do I force visitors of my site to always use HTTPS?

Screenshot of the warning message in Website Builder.

I (re)published my site, but HTTPS still isn't working

If HTTPS isn't working, for example, if you get an error when you try to access your site with "https://" in the address bar, this might be because SSL isn't properly activated.

Please contact our chat support to have this checked and fixed.

Related articles:

Was this article helpful?

Can’t find what you are looking for?

Start a chat

It's the quickest way to get in touch, every day of the year.

Start chat

Give us a call

Available on weekdays from 10am to 2pm (UTC).

Call +44 20 8106 0910