Your website has just gone live, but it’s not got that lovely green padlock yet! What do you do?
Secure Socket Layers
SSL (which stands for Secure Socket Layers), is a cryptographic internet protocol that ensures an authentic connection when moving data on the internet.
Is SSL new?
No! It’s been around since 1995! But it’s become near essential in recent years, largely due to Googles push for securing websites. In 2018, Google started to punish insecure sites in Google search results, and in the address bar of the Chrome browser.
So SSL is a nightmare to setup right?
Nope. These days, it’s really simple and can often be automated by your website host. AutoSSL is a free alternative to paid SSL certificates. Plus, it’s now included in web panels such as cPanel and CentOS.
Forcing HTTPS
Once SSL is installed, it’s best practice to redirect users to secured access of your site. So if the user navigates to http://yoursite.com, the site redirects them to httpS://yoursite.com (note the S in https:// )
To do this on an Apache / WordPress setup, add this redirect rule to your .htaccess file:
#REDIRECT TO HTTPS <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTPS} !=on RewriteCond %{ENV:HTTPS} !=on RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L] </IfModule>