If you collect any sensitive information on your website (including email and password), then you need to be safe. One of the best ways to keep yourself safe is to enable an HTTPS certificate, also known as SSL (Secure Sockets Layers), so that all information going to and from your server is automatically encrypted. An HTTPS certificate prevents hackers from hacking your users' confidential information while it is stored on the Internet. They will feel safe when they see an HTTPS certificate when accessing your site - knowing it's protected by a security certificate.
Benefits of an HTTPS certificate
The best thing about an SSL certificate, like HTTPS, is that it's easy to set up, and once that's done, you'll need to direct people to use an HTTPS certificate instead of HTTP. If you try to access your site by placing https:// in front of your URLs right now, you will get an HTTPS certificate error. This is because you have not installed an HTTPS SSL certificate. But don't worry, we'll set it up right away!
Your visitors will feel safer on your site when they see an HTTPS certificate when accessing your site- knowing that it is protected by a security certificate.
What is
HTTP or HTTPS is displayed at the beginning of every website URL in a web browser. HTTP stands for Hypertext Transfer Protocol and the S in HTTPS stands for Secure. In general, this describes the protocol by which data is sent between your browser and the website you are viewing.
An HTTPS certificate ensures that all communication between your browser and the website you are viewing is encrypted. This means it's safe. Only the receiving and sending computers can see the information while the data is being transferred (others can access it, but not be able to read it). On secure sites, the web browser displays a lock icon in the URL area to notify you.
HTTPS should be on any website that collects passwords, payments, medical information or other sensitive data. But what if you can get a free and valid SSL certificate for your domain?
How does website protection work?
To enable the HTTPS security certificate, you need to install SSL (Secure Socket Layer). It contains the public key that is required to start the session securely. When an HTTPS connection to a web page is requested, the site sends an SSL certificate to your browser. They then initiate an "SSL handshake", which involves sharing "secrets" to establish a secure connection between your browser and the website.
Standard and Extended SSL
If the site uses a standard SSL certificate, you will see a lock icon in the URL area of your browser. If an Extended Validation (EV) certificate is used, the address bar or URL will be green. EV SSL standards are superior to SSL standards. EV SSL provides proof of the identity of the domain owner. Obtaining an EV SSL certification also requires applicants to go through a rigorous evaluation process to verify their authenticity and ownership.
What happens if you use HTTPS without a certificate?
Even if your website does not accept or share sensitive data, there are several reasons why you might want to have a secure website and use a free and valid SSL certificate for your domain.
Performance. SSL can improve the time it takes to load a page.
Search engine optimization (SEO). Google's goal is to keep the internet safe and secure for everyone, not just those who use Google Chrome, Gmail, and Drive, for example. The company said that security will be a factor in how they rank sites in search results. So far this is not enough. However, if you have a secure website and your competitors don't, your site may rank higher, which may be necessary to increase its popularity from the search results page.
If your site is not secure and collects passwords or credit cards, users of Chrome 56 (released January 2017) will see a warning thatthat the site is unsafe. Visitors unfamiliar with the technology (most website users) may be alarmed to see an "HTTPS certificate error" box and leave your site simply because they don't understand what it means. On the other hand, if your site is secure, it can make visitors feel more at ease, making them more likely to fill out a registration form or leave a comment on your site. Google has a long term plan to show all HTTP sites as insecure in Chrome.
Where can I get a free HTTPS certificate?
You receive an SSL certificate from a certificate authority. Such certificates are valid for 90 days, but a 60-day renewal is recommended. Some reliable free sources:
- Cloudflare: Free for personal websites and blogs.
- FreeSSL: free for nonprofits and startups at the moment; cannot be a Symantec, Thawte, GeoTrust, or RapidSSL client.
- StartSSL: Certificates are valid for 1 to 3 years.
- GoDaddy: Open source certificates valid for 1 year.
Certificate type and validity period depend on the source. Most authorities offer standard SSL certificates for free and charge for EV SSL certificates if they provide them. Cloudflare offers free and paid plans and various additional options.
What to consider when receivingSSL certificate?
Google recommends a certificate with a 2048-bit key here. If you already have a 1024-bit certificate that is weaker, it recommends updating it.
You will need to decide if you need one, multiple domains or a wildcard certificate:
- One certificate will be used for one domain (eg www.example.com).
- The multi-domain certificate will be used for multiple well-known domains (eg www.example.com, cdn.example.com, example.co.uk).
- Wildcard certificate will be used for a secure domain with many dynamic subdomains (e.g. a.example.com, b.example.com).
How do I install an SSL certificate?
Your web host can install a certificate for free or for a fee. Some hosts actually have the option to install Let's Encrypt in their personal cPanel, which makes things easier. Ask your current host or find one that offers direct support for Let's Encrypt. If the host does not provide this service, your website maintenance company or developer can install the certificate for you. You must be prepared for the fact that you will have to renew the certificate very often. Check timeframe with certificate.
What else needs to be done?
After obtaining and installing an SSL certificate, you need to enforce SSL on the site. Again, you can ask your web host, service company, ordeveloper to perform this action. However, if you prefer to do it yourself and your site is powered by WordPress, you can do so by downloading, installing and using the plugin. With the latter option, be sure to check compatibility with your version of WordPress.
Two popular SSL enforcement plugins: simple SSLWP, enforced SSLSSL plugin. Be sure to back up your site and be very careful when doing so. If you misconfigure something, it can have disastrous consequences: visitors won't be able to see your site, images won't display, scripts won't load, which will affect how some things on your site function, such as typography and colors not displaying properly. way.
You need to redirect users and search engines to HTTPS pages using 301 redirects in the.htaccess file in the root folder on the server. The.htaccess file is an invisible file, so make sure your FTP program is set to show hidden files. In FileZilla, for example, go to Server> Force view of hidden files. FileZillaBefore, before adding redirects, it would be a good idea to back up your.htaccess file. On the server, temporarily rename the file by removing the period (which makes it invisible in the first place), download the file (which will now be visible on your computer as a result of the period being removed), then add the period back to what's on the server.
Change settingsGoogle Analytics
After completing these steps, you need to change your preferred URL in your Google Analytics account to display the HTTPS version of your domain. Otherwise, your traffic statistics will be disabled because the HTTP version of the URL is treated as a completely different site from the HTTPS version of the certificate. Google Search Console treats HTTP and HTTPS as separate domains as well, so add an HTTPS domain account to it. Remember, when you switch from HTTP to HTTPS certificate, if your site has special access buttons, the counter will be reset.
