How to secure your website with HTTPS?

Move from http to https with SSL certificate

  • slide

https requires a SSL certificate. But the protocol doesn't require a paid certificate from a Certificate Authority, so a self-signed one may be sufficient for internal use.


Security is a major concern with websites nowadays. As the number of people accessing online features has increased, the number of cyber crimes has also increased to a great extent. So, before using a website or entering your valuable credentials in a site, it is important to know whether the website is secure with ‘https’ in the url.

What is ‘https’?



Hypertext Transfer Protocol Secure (HTTPS) is an extended version of the Hypertext Transfer Protocol (HTTP). It is used to make communication more secure over a computer network and is widely used on the Internet. The additional security is achieved by using an SSL (Secure Sockets Layer), which is a standard security protocol for establishing encrypted links between a web server and a browser in an online communication. Employing SSL technology ensures that all information transmitted between the web server and browser remains encrypted.

Online browsers like Google Chrome and Firefox have already started showing insecure warnings on sites that doesn’t have an SSL certificate. A site without ‘https’ is not considered safe for visitors, as the information transferred through them can be hacked by third parties. Therefore, using an SSL-encrypted connection that provides safety, accessibility and PCI (Payment Card Council) compliance is necessary.

Benefits of SSL Certificate



Here are a few reasons why SSL becomes important in a network communication.

1. Protects Data

The main purpose of SSL certificate is to protect data within a server-client communication. SSL encrypts every bit of information and allows no one else to decode the data other than the recipient browser or server. This helps protect sensitive data like IDs, passwords, credit card numbers etc from the attack of hackers.

2. SSL Affirms Your Identity

It provides authentication to a website and confirms your identity. Identity verification is a major aspect in web security. There have been numerous cases in which people have lost much money through fraudulent websites. SSL certificate can be of great help in such cases.

When someone installs an SSL certificate, he must follow a validation process set by a Certificate Authority (CA) and depending on the type of certificate, CA verifies your identity. After verification, your website gets trust indicators proving your integrity. Such verification prevents phishing and helps users from entering valuable data in some fraud websites with your identity and being cheated.

3. Improves Search Engine Ranking

SSL protection helps your website to achieve top ranking on Google search engine, because Google has modified its algorithm to give preference to ‘https’ enabled websites.

4. Compliance with PCI/DSS Requirements

Only those websites with SSL certificates are allowed to accept online payments as per the requirements set by the payment card industry (PCI).

5. Improves Client Trust

SSL certificates are vital in gaining the trust of customers. The ‘https’ sign on the url inform the users that the data they send will be secured. An OV or EV SSL also helps the customer see your organization’s details, which adds to your credibility and earn their trust.



Share

Redirecting http to https

First we need to edit the codes in the .htaccess file.
[Instructions are given in the .htaccess file that tells the server how to act in certain situations and directly affects how your website functions.]
Common directives in .htaccess file are:
Redirects
Rewriting URLs
 
Ways to edit an .htaccess file are:

Edit the .htaccess file on your computer and upload it to the server using FTP
Take “Edit” mode in FTP program that lets you to edit a file remotely
Using a text editor and SSH to edit the file
Employing the File Manager in cPanel

 How to edit .htaccess in cPanel File Manager?

[Backup your website for safety]
Login to cPanel
Files > File Manager > Document Root for:
Select the domain name you want to access
Check “Show Hidden Files (dotfiles)”
Select “Go”
After a new tab or window opens, look for the .htaccess file.
Right click on the .htaccess file and click on “Code Edit” on the menu.
A dialogue box may pop up asking about encoding. Click “Edit” button to continue.
Edit the file
Save Changes
Test your website to make sure everything is correct. If there is an error, restore to the previous version and try again.
Close the window

How to redirect HTTP to HTTPS?

1. To redirect all Web Traffic, add the following (if you have existing code in your .htaccess)

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

2. Add the following to redirect only a Specific Domain

RewriteEngine On
RewriteCond %{HTTP_HOST} ^yourdomain\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

3. Add the following to redirect only a Specific Folder

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} folder
RewriteRule ^(.*)$ https://www.yourdomain.com/folder/$1 [R,L]

[Please remember to replace “yourdomain” with your actual domain name and in case of the folder, replace /folder with the actual folder name, wherever required.]

Conclusion

How safe would a customer feel to use a website that is not secure, and that too when the browser itself warns him about being insecure? This may affect your business in a considerable way. So, instead of wasting your time just thinking, migrate to JachOOs cloud hosting service that provides free SSL certificate protection for your website.




Leave a Reply

Your email address will not be published.


Comment


Name

Email

Url