Chrome and Firefox now explicitly warn users when they visit sites without SSL certificates. This means that websites without SSL will be flagged as “insecure” to visitors, potentially affecting trust and traffic. To ensure safety, accessibility, and compliance with standards like PCI, it’s crucial to use an SSL-encrypted connection. Redirecting from HTTP to HTTPS is essential for guaranteeing a secure and trusted experience for all users.
What is SSL?
Secure Sockets Layer (SSL), now more commonly known as Transport Layer Security (TLS), is a crucial security protocol that safeguards sensitive data during online communication. It works by encrypting data as it travels between a web server and a browser, ensuring that it remains private and protected from interception. This encryption is essential for protecting sensitive information such as passwords, credit card numbers, and personal details.
Here’s a breakdown of SSL/TLS in action:
-
Secure Connection Establishment: When you try to access a website with SSL/TLS protection, your browser initiates a “handshake” with the web server. This handshake involves exchanging digital certificates that verify the identity of both parties and establish the secure connection.
-
Data Encryption: Once the secure connection is established, any data transmitted between your browser and the web server is encrypted using strong cryptographic algorithms. This means that even if someone intercepts the data, they won’t be able to decipher its contents.
-
Data Integrity: SSL/TLS also ensures data integrity, meaning that the data arrives at its destination unaltered and uncorrupted. This prevents attackers from tampering with the data in transit.
Key Indicators of SSL/TLS:
- HTTPS in the URL: Websites using SSL/TLS will have “HTTPS” (Hypertext Transfer Protocol Secure) in the address bar, instead of just “HTTP.”
- Padlock Icon: Most browsers will display a padlock icon in the address bar to indicate a secure connection.
Importance of SSL/TLS:
SSL/TLS is essential for protecting online transactions, sensitive information exchanges, and overall web security. It’s a cornerstone of modern online security and privacy.
In order to force your web traffic to use HTTPS, edit the codes in the .htaccess file.
Before we move onto redirecting HTTP to HTTPS, here’s how you can edit .htaccess file. If you already know skip to Redirection steps.
Editing .htaccess File
There are instructions/directives in the .htaccess file that tell the server how to act in certain scenarios and directly affects how your website functions. Common directives in .htaccess file:
- Redirects
- Rewriting URLs
Ways to edit an .htaccess file:
- Edit the file on your computer and upload it to the server using FTP.
- Use “Edit” mode in FTP program that allows you to edit a file remotely.
- Use a text editor and SSH to edit the file.
- Use the File Manager in cPanel to edit the file.
Editing .htaccess in cPanel File Manager
Note: Backup your website in case something goes wrong.
- Login to cPanel
- Files > File Manager > Document Root for:
- Now select the domain name you want to access
- Check “Show Hidden Files (dotfiles)”
- Click “Go”
- After a new tab or window opens, look for the .htaccess file.
- Right click on the .htaccess file and click on “Code Edit” on the menu.
- A dialogue box may pop up asking about encoding. Click “Edit” button to continue.
- Edit the file
- “Save Changes” when done.
- Test your website to make sure it is done correctly. In case, there is an error, restore to the previous version and try again.
- Once you are done, click “Close” to close the window.
Redirecting HTTP to HTTPS
1. Redirect All Web Traffic
If you have existing code in your .htaccess, add the following:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
2. Redirect Only a Specific Domain
For redirecting a specific domain to use HTTPS, add the following:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^yourdomain\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
3. Redirect Only a Specific Folder
Redirecting to HTTPS on a specific folder, add the following:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} folder
RewriteRule ^(.*)$ https://www.yourdomain.com/folder/$1 [R,L]
Note: Replace “yourdomain”
with your actual domain name wherever required. Also, in case of the folder, replace /folder
with the actual folder name.
1 Comment
Thank you for your sharing. I am worried that I lack creative ideas. It is your article that makes me full of hope. Thank you. But, I have a question, can you help me?