Enabling HTTPS on your site: Difference between revisions

Latest revision as of 00:05, 10 November 2022

What is SSL/TLS?

Transport Layer Security (TLS) is the successor to Secure Sockets Layer (SSL) - although many people still refer to it as SSL. Have you ever noticed the lock icon next to the URL when browsing the internet? That means that all the data you send to that website is being sent encrypted so anyone who may have hacked your network (or similar) and can intercept your requests is unable to view any of the data - they can only see what URLs you are accessing.

Why Use TLS?

Google (and most other search engines) now treat sites using https with preference^[1]. Furthermore many browsers flag any website with a form (such as a login or contact form) that isn't using https^[2]

How Do I Setup TLS?

To set up the certificate, the simplest way is to get your host to do it for you.

The correct certificate to use depends on the security protections required on your website. The least expensive and easiest option is to use Let's Encrypt - it's free and, depending on your host, can be often be configured straight from your cPanel or Plesk hosting dashboard.

If you've purchased a Dedicated IP and SSL certificate, ask your host to help and they will get it signed and install it in the correct location for you.

How Do I Redirect All Traffic to https

In Joomla

The easiest way to enforce https traffic is to do it within Joomla. In the Global Configuration there is a Force HTTPS option that allows you to force HTTPS either in the Administrator only or for the entire site. Prefer the latter.

In .htaccess

RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [QSA,R=301,L]
<IfModule !mod_ssl.c>
Redirect permanent / https://www.yourdomainname.com
</IfModule>

More Complex .htaccess Examples

To switch from HTTP to HTTPS on any page that has 'abc/def' or 'ghi' in the URL, add something like this:

Code:

RewriteCond %{HTTPS} off
RewriteRule ^(abc/def|ghi)(.*)/?$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,NC,L]

...and to switch from HTTPS back to HTTP on any page that has 'home' or 'help' in the URL, do something like this:

Code:

RewriteCond %{HTTPS} on
RewriteRule ^(home|help)(.*)/?$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,NC,L]

If you want to force SSL on a specific folder, insert the code below into an .htaccess file placed in that specific folder:

Code:

RewriteEngine On
RewriteCond %{REQUEST_URI} folder
RewriteRule ^(.*)$ https://www.example.com/folder/$1 [R,L]

Make sure you change the folder reference to the actual folder name. Then be sure to replace www.example.com/folder with your actual domain name and folder you want to force the SSL on.

[1] ttps://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html

[2] ttps://www.blog.google/products/chrome/milestone-chrome-security-marking-http-not-secure/

[1]

[2]

@@ Line 5: / Line 5: @@
 <translate>
 <!--T:2-->
-Transport Layer Security (TLS) is the successor to Secure Sockets Layer (SSL) - although most people still refer to it as SSL in blog posts.</translate>
+Transport Layer Security (TLS) is the successor to Secure Sockets Layer (SSL) - although many people still refer to it as SSL.</translate>
 <translate>
 <!--T:3-->
-Ever noticed the lock sign next to the URL when your browsing the internet? That means that all the data you send to that website is being sent encrypted so anyone who may have hacked your network (or similar) and can intercept your requests is unable to view any of the data - they can only see what URLs you are accessing.</translate>
+Have you ever noticed the lock icon next to the URL when browsing the internet? That means that all the data you send to that website is being sent encrypted so anyone who may have hacked your network (or similar) and can intercept your requests is unable to view any of the data - they can only see what URLs you are accessing.</translate>
 <translate>
@@ Line 14: / Line 14: @@
 <translate>
 <!--T:5-->
-Google (and most other search engines) now treat sites using https with preference<ref>https://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html</ref>. Furthermore many browsers flag any website with a form (such as a login or contact form) that isn't using https<ref>https://www.blog.google/products/chrome/milestone-chrome-security-marking-http-not-secure/</ref></translate>
+Google (and most other search engines) now treat sites using ''https'' with preference<ref>https://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html</ref>. Furthermore many browsers flag any website with a form (such as a login or contact form) that isn't using ''https''<ref>https://www.blog.google/products/chrome/milestone-chrome-security-marking-http-not-secure/</ref></translate>
 <translate>
-== How do I setup TLS? == <!--T:6--></translate>
+== How Do I Setup TLS? == <!--T:6--></translate>
 <translate>
 <!--T:7-->
-For setting up the certificate, the simplest way is to get your host to do it for you.</translate>
+To set up the certificate, the simplest way is to get your host to do it for you.</translate>
 <translate>
 <!--T:8-->
-The correct certificate to buy depends on the security protections required on your website. If you don't know then probably the cheapest and easiest option is to use [https://letsencrypt.org/ Let's Encrypt] - it's free and depending on your host can be often be configured straight from your cpanel or plesk hosting dashboard.</translate>
+The correct certificate to use depends on the security protections required on your website. The least expensive and easiest option is to use [https://letsencrypt.org/ Let's Encrypt] - it's free and, depending on your host, can be often be configured straight from your cPanel or Plesk hosting dashboard.</translate>
 <translate>
 <!--T:9-->
-If you've bought a Dedicated IP and SSL certificate, simply ask your host to help and they will get it signed and install it in the correct location for you.</translate>
+If you've purchased a Dedicated IP and SSL certificate, ask your host to help and they will get it signed and install it in the correct location for you.</translate>
 <translate>
-== How do I redirect all my traffic to https == <!--T:10--></translate>
+== How Do I Redirect All Traffic to ''https'' == <!--T:10--></translate>
 <translate>
 === In Joomla === <!--T:11--></translate>
 <translate>
 <!--T:12-->
-The easiest way to enforce https traffic is to do it within Joomla. In Global Configuration there is a "Force HTTPS" option which allows you to force HTTPS either in the Administrator area only or for the entire site. You'll pretty much always want the latter.</translate>
+The easiest way to enforce ''https'' traffic is to do it within Joomla. In the Global Configuration there is a ''Force HTTPS'' option that allows you to force HTTPS either in the Administrator only or for the entire site. Prefer the latter.</translate>
 [[Image:Enable_HTTPS_In_Global_Config-<translate><!--T:13--> en</translate>.png|800px|center|Image Showing the Force HTTPS option in the Joomla 3.x default backend template]]
 <translate>
-=== In .htaccess === <!--T:14--></translate>
+=== In ''.htaccess'' === <!--T:14--></translate>
-<source lang="apache">
+<syntaxhighlight lang="apache">
 RewriteEngine on
 RewriteCond %{SERVER_PORT} !^443$
@@ Line 49: / Line 49: @@
 Redirect permanent / https://www.yourdomainname.com
 </IfModule>
-</source>
+</syntaxhighlight>
 <translate>
-==== More complex .htaccess Examples ==== <!--T:15--></translate>
+==== More Complex ''.htaccess'' Examples ==== <!--T:15--></translate>
 <translate>
 <!--T:16-->
-As an example, to switch from HTTP to HTTPS on any page that has 'abc/def' or 'ghi' in the URL, add something like this:
+To switch from HTTP to HTTPS on any page that has 'abc/def' or 'ghi' in the URL, add something like this:
 <!--T:17-->
 Code:</translate>
-<source lang="apache">RewriteCond %{HTTPS} off
+<syntaxhighlight lang="apache">RewriteCond %{HTTPS} off
-RewriteRule ^(abc/def|ghi)(.*)/?$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,NC,L]</source>
+RewriteRule ^(abc/def|ghi)(.*)/?$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,NC,L]</syntaxhighlight>
 <translate>
 <!--T:18-->
-... and to switch from HTTPS back to HTTP on any page that has 'home' or 'help' in the URL, do something like this:
+...and to switch from HTTPS back to HTTP on any page that has 'home' or 'help' in the URL, do something like this:
 <!--T:19-->
 Code:</translate>
-<source lang="apache">
+<syntaxhighlight lang="apache">
 RewriteCond %{HTTPS} on
-RewriteRule ^(home|help)(.*)/?$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,NC,L]</source>
+RewriteRule ^(home|help)(.*)/?$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,NC,L]</syntaxhighlight>
 <translate>
 <!--T:20-->
-If you want to force SSL on a specific folder you can insert the code below into a .htaccess file placed in that specific folder:
+If you want to force SSL on a specific folder, insert the code below into an ''.htaccess'' file placed in that specific folder:
 <!--T:21-->
 Code:</translate>
-<source lang="apache">
+<syntaxhighlight lang="apache">
 RewriteEngine On
 RewriteCond %{REQUEST_URI} folder
-RewriteRule ^(.*)$ https://www.example.com/folder/$1 [R,L]</source>
+RewriteRule ^(.*)$ https://www.example.com/folder/$1 [R,L]</syntaxhighlight>
 <translate>
 <!--T:22-->
-Make sure you change the folder reference to the actual folder name. Then be sure to replace www.example.com/folder with your actual domain name and folder you want to force the SSL on.</translate>
+Make sure you change the folder reference to the actual folder name. Then be sure to replace ''www.example.com/folder'' with your actual domain name and folder you want to force the SSL on.</translate>
 <noinclude>

Enabling HTTPS on your site: Difference between revisions

From Joomla! Documentation

Latest revision as of 00:05, 10 November 2022

Contents

What is SSL/TLS?

Why Use TLS?

How Do I Setup TLS?

How Do I Redirect All Traffic to https

In Joomla

In .htaccess

More Complex .htaccess Examples