Number 1
If you want your website to be ONLY accessible through HTTPS, you will want to add this piece of code to your .htaccess
file, replacing your domain’s name:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
</IfModule>
This will redirect any visits from non-SSL to SSL version of your website.
Number 2
Yes, you need to change the values of your Website Address
and Site Address
in the admin panel to HTTPS. It is better to do it before editing the .htaccess
file, since after editing the .htaccess
all traffics will be redirected to HTTPS while your website’s URL is in HTTP. Also make sure your scripts, styles and images are accessible over SSL to prevent rendering issues.
Number 3
Yes. The .htaccess
will redirect traffic from HTTP to HTTPS, while your Site Address
declares that your primary domain is using HTTPS.
If you see any conflicts in the .htaccess
file, the best practice is to copy it entirely to pastebin, and update the question with the link. I will try and see if there is a line causing any conflict in your .htaccess
file.