The Internet is ever changing. One of the latest endevours is to make HTTPS the default protocol. This is better for search engine ranking and required by the upcoming faster HTTP/2.0 protocol. Of course this is also an added measure in security and privacy too. Basically, SSL certificates are no longer only for sites that accept sensitive data like credit card information or login details.
To push this endeavour forward, certificate authorities have started offering free 90 day SSL certificates. cPanel, the control panel that we use at Hosting Nation, has also come out with a tool called AutoSSL. AutoSSL generates and installs a domain validated SSL certificate provisioned by Comodo on all active domains on a server that are not already protected with SSL. We have turned this on for ALL hosting accounts!
There are no forms to fill out or email verifications in this process. It is all automatic and will auto-renew as well.
AutoSSL will also install a valid certificate for use with email. Now you can switch on SSL/TLS in your email client with a server of mail.yourdomain.com and not get a verification error.
Note that AutoSSL does not force you to use SSL, and it will not make your website suddenly work via HTTPS. You still must tell your website to use HTTPS. There are suggested tools listed for Wordpress below. Also note that all links on your site must then be https or you will get warnings of mixed content in your browser.
So what about those other SSL certificates that one pays for? They still have a purpose. The AutoSSL certificates are functionally the same and are great for small websites and blogs. However, for owners who have a financial stake and do business online, the paid for certificates are the better option.
Trust is vital in e-commerce and the higher level of business verification shows your customers that it is you. You can also get that neat little site seal as well. For more advanced business needs we also provide Wildcard and EV SSL certificates.
So whether you just need a no-frills encrypted connection to your site or take sensitive information online, Hosting Nation has you covered.
How to make my Wordpress site SSL enabled
For the most basic of Wordpress sites, just changing the Site URL in Settings > General to https will do it. However due to today's complex themes, plugins and posts with absolute links, that usually isn't enough. Here are some plugins that can help
Insecure Content Fixer is a plugin we use at Hosting Nation. It will go through your entire site and update any insecure links it can find.
Velvet Blues Update URLs will go through you site and change one URL to another. You can use this to change http links to https
How to make my Joomla site SSL enabled
- Log into your Joomla Administrator Dashboard
- In the left menu, click the Global Configuration link
- There will be several tabs at the top of the page. Click the Server tab.
- Under the Server Settings heading, find the option labeled Force SSL. Use the drop down menu to the right of the setting to select the option you want, and then click the Save button in the top left of the page.
How do I force SSL using .htaccess (not Wordpress or other CMS)
To force all web traffic to use HTTPS you can insert the following lines of code into the .htaccess file in the root folder of your website. It is important that you insert this above any pre-existing mod_rewrite code.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Should you wish to only force a specific domain to HTTPS you would use the following code - making sure to replace "example\.com" with your actual domain name. The back slash "\" before the period is important.
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
If you force SSL using these .htaccess rules and you end up with an "endless redirection" or similar it is quite likely your script/software is trying to re-direct back to non-ssl which is then being re-directed by .htaccess back to SSL. In this case you will likely need to configure SSL usage within your script/software directly.
Comments
0 comments
Article is closed for comments.