Knowledge Base
Know what you're looking for? Use the search feature to quickly find answers to your questions.

Home > Tutorials > Web Hosting Tutorials > cPanel Tutorial > cPanel Security Section > How to enforce your website to use HTTPS instead of HTTP

How to enforce your website to use HTTPS instead of HTTP

As announced in September, Google Chrome web browser soon will mark non-secure pages containing password, credit card input or any other text fields as Not Secure as shown on below image:

https chrome unsecure connection


Google's most likely idea of making Internet safer will be  supported in near future and from a many other web browsers and applications that will soon show similar errors in transmitting data in plain text through the standard Hypertext Transfer Protocol (HTTP) protocol.  Additionally from the SEO point of view, the website opened via HTTP is different from website opened via HTTPS no matter that the content and domain names are the same. In order to avoid such mistakes which will reduce your SEO score, we recommend to enforce your website to use only the secured https:// protocol. 

If you don't know how to do that, please follow the steps below :

In this tutorial you will learn:


What is HTTPS and SSL ?
Why do I need HTTPS and SSL ?
How to get a FREE SSL Certificate for my website ?
How to Setup WordPress to Use SSL and HTTPS?
How to Setup Joomla to Use SSL and HTTPS?
How to Setup Drupal to Use SSL and HTTPS?
How to Setup OpenCart to Use SSL and HTTPS?
How to Setup Magento to Use SSL and HTTPS?
How to Enforce HTTPS protocol to general website?



What is HTTPS and SSL ?


Secure Socket Layer  (SSL) is an encryption method that secures the connection between users’ browser and your server. This makes it harder for hackers to eavesdrop on the connection.As result you can share your personal information with the website without worry that unauthorized bad guys will steal your identity, bank information or any other data. You can recognize that a website has installed SSL if the browser address bar have green padlock as on the image below.

How to check if SSL is installed




Why do I need HTTPS and SSL ?



Internet becomes more dangerous environment every single day. Hackers all over the world can steal the personal information of your visitors and use it for their own purposes. Then the victims of the attack can blame you for misuse of their personal data.  As a result, this will cause problems with authorities as well as undermine the prestige of your business. To avoid such potential problems and to protect your clients. installation of SSL on your website is mandatory!  The usage of SSL is mandatory for PCI Compliance standard, for popular payment gateways like PayPal, Skrill, 2Checkout and etc. The usage of SSL on your website will improve your SEO rankings and will increase the trust of the buyers to your services.




How to get a FREE SSL Certificate for my website ?


Most of the hosting companies provide SSL certificates to their clients which comes from 3rd party vendors at the price between $50-$2000 ( depends on the certificate type ). NextPointHost offers FREE SSL certificate and setup to all clients.


All web hosting plans comes by default with preinstalled Free SSL certificate and detailed instructions how to issue new SSL for each new added domain name. Do not hesitate to contact our support team if you have additional questions!



How to Setup WordPress to Use SSL and HTTPS?


In order to force your wordpress website to use HTTPS and SSL everywhere, then you need to update your site URL. You can do this by going to your Admin wordpress account. Navigate to the Settings menu and fill the website URL to be opened with "https".

Enforce wordpress website to use https



How to Setup Joomla to Use SSL and HTTPS?


If you have Joomla website, on which you want to use SSL, please follow the steps below.

1. Log in to your Joomla administrator panel, point to "System" and click on Global Configuration.

Enforce joomla website to use ssl https version 3.7.5

2. Go to the Server tab and choose "Entire Site" from the Force SSL drop down menu.

Joomla ssl setup for website



How to Setup Drupal to Use SSL and HTTPS?



If you have a Drupal website and you want to force it to use SSL HTTPS protocol, please follow the instructions here: 

How to Enforce HTTPS protocol to general website?





How to Setup OpenCart to Use SSL and HTTPS?


 

If you have an OpenCart based website, there is an easy way to setup SSL HTTPS for it. Please follow the instructions below:

1. Log in to your OpenCart admin panel -> navigate to the left bar menu -> System -> Settings

OpenCart settings for SSL HTTPS usage

2. Go to the Server tab

enforce opencart website to use https ssl

3. Scroll down to the SSL option and choose Yes for "Use SSL" option.

Use SSL option for https usage of opencart website


How to Setup Magento to Use SSL and HTTPS?



If you have a Magento website and you want to force it to use SSL HTTPS protocol, please follow the instructions here : 

How to Enforce HTTPS protocol to general website?



How to Enforce HTTPS protocol to general website?



This is a server level enforce, that does not perform any change to your application configuration and database. It is a cool way to make the HTTPS enforce super easy for the possible biggest majority of users. Of course, such automated switches can fail in some rare cases. The changes below required to have already installed SSL for your domain name as shown here

Open the File Manager in your cPanel.

enforce.website.to.use.ssl

Go to the public_html folder, and edit the .htaccess file under it as shown with the red arrows. If you don't have such file you have, first to create the file.

enforce.website.to.use.ssl.htaccess

Put the following new rules (lines) on the top, before all other lines and Save the changes. 

Below you will find the exact rules that you need to put in your .htaccess file.

#Redirect HTTP to HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


enforce.website.to.use.ssl.htaccess


Rule of thumb is to always check if your site and admin area are normally loading under https after the switch. If for some reason the rules it doesn’t work for you, you can simply remove the above .htaccess lines and everything will be back to the previous state, without any damage to your site. In this case, we advise you to contact our highly qualified support experts.

Was this answer helpful?

Also Read
Install Lets Encrypt SSL and remove Chrome security warning (Views: 259)
NextPointHost has been supporting the global initiative to create free SSL certificates for...