Blog

Your go-to resource for Joomla knowledge, tutorial, information and latest news in Joomla world

How to setup HTTPs - SSL on Joomla ?

How-to-install-HTTPs-SSL-on-your-Joomla-site-_

On July 2018, Google officially marked non-https websites as “non-secure”. This event shows how much search engines like google value the security of your website, and partly indicate that having HTTPs will have an impact on your SEO.

Therefore, setting HTTPs - SSL Certificate on your Joomla site is a must. This article will briefly show you how.

Table of contents

How to change from HTTP to HTTPs

Ask your hosting provider

Before you spend any more time reading further down this article, I suggest asking your hosting provider first if you want to implement Https in your Joomla site. Because most of hosting provider services have an in-app option or extra offer for implementing SSL - HTTPs.

Through them, even though it may cost extra money for the service, it will be faster and more compatible with your hosting panel. Save yourself a lot of time digging into this technically heavy stuff, and rest assured that your site is in expert hands.

Implement HTTPS manually

If you prefer to do it by yourself, this is a summary of the 4 steps you need to do to install SSL on your Joomla site:

  1. Host your site with a dedicated IP address
  2. Purchase a certificate from a trusted authority site.
  3. Active - Install the certificate on your website
  4. Enable Force SSL in Joomla

Step 1: Host your site with a dedicated IP address

In simple words, a dedicated IP address is an IP address that is exclusive to your website. There are 2 types of IP addresses, one is shared IP address, which usually used in any economic hosting plan, and the other is dedicated IP address.

Having a dedicated IP address is an optimal choice to implement HTTPs on your site but it is not compulsory if your hosting uses SNI (Server Name Indicator) technology, which makes it possible to install SSL - HTTPs in a shared server.

However, it’s still preferred to have since having a dedicated IP address to implement HTTPs has other benefits besides ensuring the encrypted data information transfers only through your exclusive IP:

  • Compatible with an older browser (SNI won’t work on old version browser, you must use dedicated IP in this case)
  • Reduce the change of DDOS
  • Getting harm or penalty by the wrongdoing of others website via share IP.
  • Visit your site via the IP Address

Step 2: Purchase a certificate from a trusted reseller

If you search “Buy SSL certificate" on Google, millions of vendors, ads, and the search results will confuse you. Therefore to minimize the time you spend searching through thousands of websites and comparing each option, you only need to pay attention to 3 things:

  1. Identify what type of SSL certificate you need
  2. Your budget range
  3. Find a provider that offers quality support

For the first criteria, there are often 5 types of SSL certificates:

  • Domain Validation SSL Certificate: for simple website, blog, general information, low to medium traffic ones
  • Business Validation SSL Certificate or Extended Validation: for an official business website, it had better trust indicator than domain validation (business name, green bar included)
  • Wildcard Certificate: if you want to install HTTPs on a subdomain of your website.
  • Multi-domain Certificate: as its name, it’s best to install in multiple websites.

You can check this SSL Wizard tool to find a suitable SSL certificate for your site.

For validation methods, you can look at the picture below. It indicates the level of trust for each validation method:

All SSL Validation Types

For so many different types of certificates, it may all be down to your budget. However thanks to SSL Certificate reseller like SLLDragon, namecheap, or gogetssl, the price can be much lower when you buy directly from Certificate Authority (CA) providers like: Comodo or DigiCert.

Many hosting providers offer SSL Certificates in hosting combos. You may consult your hosting provider first before checking out all the reseller on the internet.

Step 3: Activate and install the certificate on your site

For this step, you can ask your hosting provider to do it, since it’s quite confusing if you aren’t a technical person.

If you tend to do it manually, remember that with each provider, and web hosting, there will be a slightly different method, however, all can be done easily within their control panel. Simply look for its documentation or ask them via support chat.

After installing, you can verify your installation using this tool. It will tell you if you have successfully implemented HTTPs on your website or not.

Step 4: Enable Force SSL in Joomla

In Joomla, there is another step you must do to force your site to load with HTTPs.

  • Go to System/ Global Configuration
  • Find Server Tab
  • Change Force HTTPs to Entire Site
  • Save the setting

Force HTTPs in Joomla

Now, you have successfully installed HTTPs on your Joomla site.

Note: Having HTTPS doesn’t mean your website is 100% secure, it only protects the transfer of data from your visitor’s computer to yours, and the other way around. Your website is still vulnerable to hacking, breaking and other types of dangerous malware on the internet.

Additional modification on your site after installing HTTPs

Now, you have SSL enabled in your Joomla, but if visitors use other methods that use the HTTP protocol to visit your site (direct, old referral, etc) they will not be automatically redirected to HTTPS. Therefore, you will need to add some modification code to your Joomla files.

In the root folder of your Joomla site, you will find the configuration.php file. Use a text editor and replace the following line:

var $live_site ='';

With:

var $live_site = 'https://www.yourdomain.com';

Next steps, you will find the .htaccess file. Also, use a text editor to add these lines at the bottom of the file:

RewriteEngine On

RewriteCond %{HTTPS} OFF

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

About HTTPs - SSL

SSL or Secure Sockets Layer and, in short, it's the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between your site and the hosting server, preventing criminals from reading and modifying any information transferred.

HTTPs or HyperText Transfer Protocol appears in the URL when your website has an SSL Certificate. 

According to Digicert

Why SSL- HTTPs will bring great benefit for your site ranking

Not only has Google officially announced that they favor all websites with https protocol, they go an extra step for any website that doesn’t have an SSL certificate and mark them as non-secure like this:

How Google Mark non-secure website 

If you are a visitor, do you want to come to those sites? Probably not.

So, you click the back button, and it will significantly increase the bounce rate in the long run. Result: no traffic, zero time spent on-site, and your ranking will have a 3-digit number.

Sad isn’t it?

In Summary,

Having an SSL certificate, or HTTPs on your Joomla site brings great benefits, not just for your ranking, but it also brings an extra security layer for all of your sensitive data between you and your users. Therefore, installing an SSL on your site is a must. You can follow these 4 steps: 

  • Having a dedicated IP Address
  • Purchase SSL certificate from a trusted reseller
  • Active and Install to your site
  • Force SSL in Joomla Global configuration

After that, make sure all of your visitors will be directed to https version despite what method they use to enter your site.

Hoping this article can help you setup SSL - HTTPs on your Joomla Site.

Learn more about SEO in Joomla: 

[Monthly Update] 15 Template and Extension Updates...
How To Install Google Analytics In Joomla - Step-b...
 

Getting Started Series

Step-by-step guide to build quality website with JSN Template

Learn More