How to setup HTTPs - SSL on Joomla ?
On July 2018, Google officially marked non-https websites as “non-secure”. This event shows how much search engines like google value the security of your website, and partly indicate that having HTTPs will have an impact on your SEO.
Therefore, setting HTTPs - SSL Certificate on your Joomla site is a must. This article will briefly show you how.
Table of contents
- How to change from HTTP to HTTPs
- Ask your hosting provider
- Implement HTTPS manually
- Step 1: Host your site with a dedicated IP address
- Step 2: Purchase a certificate from a trusted reseller
- Step 3: Activate and install the certificate
- Step 4: Enable Force SSL in Joomla
- Additional modification on your site after installing HTTPs
- About HTTPs - SSL
- Why SSL- HTTPs will bring great benefit for your site ranking?
How to change from HTTP to HTTPs
Ask your hosting provider
Before you spend any more time reading further down this article, I suggest asking your hosting provider first if you want to implement Https in your Joomla site. Because most of hosting provider services have an in-app option or extra offer for implementing SSL - HTTPs.
Through them, even though it may cost extra money for the service, it will be faster and more compatible with your hosting panel. Save yourself a lot of time digging into this technically heavy stuff, and rest assured that your site is in expert hands.
Implement HTTPS manually
If you prefer to do it by yourself, this is a summary of the 4 steps you need to do to install SSL on your Joomla site:
- Host your site with a dedicated IP address
- Purchase a certificate from a trusted authority site.
- Active - Install the certificate on your website
- Enable Force SSL in Joomla
Step 1: Host your site with a dedicated IP address
In simple words, a dedicated IP address is an IP address that is exclusive to your website. There are 2 types of IP addresses, one is shared IP address, which usually used in any economic hosting plan, and the other is dedicated IP address.
Having a dedicated IP address is an optimal choice to implement HTTPs on your site but it is not compulsory if your hosting uses SNI (Server Name Indicator) technology, which makes it possible to install SSL - HTTPs in a shared server.
However, it’s still preferred to have since having a dedicated IP address to implement HTTPs has other benefits besides ensuring the encrypted data information transfers only through your exclusive IP:
- Compatible with an older browser (SNI won’t work on old version browser, you must use dedicated IP in this case)
- Reduce the change of DDOS
- Getting harm or penalty by the wrongdoing of others website via share IP.
- Visit your site via the IP Address
Step 2: Purchase a certificate from a trusted reseller
If you search “Buy SSL certificate" on Google, millions of vendors, ads, and the search results will confuse you. Therefore to minimize the time you spend searching through thousands of websites and comparing each option, you only need to pay attention to 3 things:
- Identify what type of SSL certificate you need
- Your budget range
- Find a provider that offers quality support
For the first criteria, there are often 5 types of SSL certificates:
- Domain Validation SSL Certificate: for simple website, blog, general information, low to medium traffic ones
- Business Validation SSL Certificate or Extended Validation: for an official business website, it had better trust indicator than domain validation (business name, green bar included)
- Wildcard Certificate: if you want to install HTTPs on a subdomain of your website.
- Multi-domain Certificate: as its name, it’s best to install in multiple websites.
You can check this SSL Wizard tool to find a suitable SSL certificate for your site.
For validation methods, you can look at the picture below. It indicates the level of trust for each validation method:
For so many different types of certificates, it may all be down to your budget. However thanks to SSL Certificate reseller like SLLDragon, namecheap, or gogetssl, the price can be much lower when you buy directly from Certificate Authority (CA) providers like: Comodo or DigiCert.
Many hosting providers offer SSL Certificates in hosting combos. You may consult your hosting provider first before checking out all the reseller on the internet.
Step 3: Activate and install the certificate on your site
For this step, you can ask your hosting provider to do it, since it’s quite confusing if you aren’t a technical person.
If you tend to do it manually, remember that with each provider, and web hosting, there will be a slightly different method, however, all can be done easily within their control panel. Simply look for its documentation or ask them via support chat.
After installing, you can verify your installation using this tool. It will tell you if you have successfully implemented HTTPs on your website or not.
Step 4: Enable Force SSL in Joomla
In Joomla, there is another step you must do to force your site to load with HTTPs.
- Go to System/ Global Configuration
- Find Server Tab
- Change Force HTTPs to Entire Site
- Save the setting
Now, you have successfully installed HTTPs on your Joomla site.
Note: Having HTTPS doesn’t mean your website is 100% secure, it only protects the transfer of data from your visitor’s computer to yours, and the other way around. Your website is still vulnerable to hacking, breaking and other types of dangerous malware on the internet.
Additional modification on your site after installing HTTPs
Now, you have SSL enabled in your Joomla, but if visitors use other methods that use the HTTP protocol to visit your site (direct, old referral, etc) they will not be automatically redirected to HTTPS. Therefore, you will need to add some modification code to your Joomla files.
In the root folder of your Joomla site, you will find the configuration.php file. Use a text editor and replace the following line:
var $live_site ='';
With:
var $live_site = 'https://www.yourdomain.com';
Next steps, you will find the .htaccess file. Also, use a text editor to add these lines at the bottom of the file:
RewriteEngine On
RewriteCond %{HTTPS} OFF
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
About HTTPs - SSL
SSL or Secure Sockets Layer and, in short, it's the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between your site and the hosting server, preventing criminals from reading and modifying any information transferred.
HTTPs or HyperText Transfer Protocol appears in the URL when your website has an SSL Certificate.
According to Digicert
Why SSL- HTTPs will bring great benefit for your site ranking
Not only has Google officially announced that they favor all websites with https protocol, they go an extra step for any website that doesn’t have an SSL certificate and mark them as non-secure like this:
If you are a visitor, do you want to come to those sites? Probably not.
So, you click the back button, and it will significantly increase the bounce rate in the long run. Result: no traffic, zero time spent on-site, and your ranking will have a 3-digit number.
Sad isn’t it?
In Summary,
Having an SSL certificate, or HTTPs on your Joomla site brings great benefits, not just for your ranking, but it also brings an extra security layer for all of your sensitive data between you and your users. Therefore, installing an SSL on your site is a must. You can follow these 4 steps:
- Having a dedicated IP Address
- Purchase SSL certificate from a trusted reseller
- Active and Install to your site
- Force SSL in Joomla Global configuration
After that, make sure all of your visitors will be directed to https version despite what method they use to enter your site.
Hoping this article can help you setup SSL - HTTPs on your Joomla Site.
Learn more about SEO in Joomla: