So you got your HTTPS (SSL Security Certificate) from one of the SSL Certificate Authority (CA) and have it installed on your web server. What are the next steps to make sure you leverage the HTTPS to maximize the benefits that it would bring for your website.
Common mistakes by website owner over HTTPS
A very common scenario by most website owner is they would thought once the SSL is installed, their website is safe ; their user will be protected. Well, there’s some additional custom setup needed to be done in order to make sure your website is default to be HTTPS. Otherwise, your user will still be browsing with the normal HTTP.
So, how do you make sure your website is always on HTTPS
There are couple of options available depending on how your website is being managed.
Using htaccess Rewrite Rules to Redirect HTTPS
You can setup custom rewrite access rules on your website to inform your web server to auto redirect all your HTTP request to HTTPS. This is both supported on both Windows IIS Web server via URL Rewrite and Linux Web Server mod_rewrite (commonly use Apache). If your website is hosted by a hosting provider, mostly this would be supported.
For Windows, have the following code applied to your web.config on your web root directory.
<?xml version=”1.0″ encoding=”UTF-8″?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name=”HTTP/S to HTTPS Redirect” enabled=”true” stopProcessing=”true”>
<match url=”(.*)” />
<conditions logicalGrouping=”MatchAny”>
<add input=”{SERVER_PORT_SECURE}” pattern=”^0$” />
</conditions>
<action type=”Redirect” url=”https://{HTTP_HOST}{REQUEST_URI}” redirectType=”Permanent” />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
For Linux Apache, add the following to your .htaccess file on your web root directory as well
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
If you are on Nginx, use the following code instead
server {
listen 80;
server_name yoursite.com www.yoursite.com;
return 301 https://yoursite.com$request_uri;
}
Using Custom Module or Plugins to Redirect HTTP to HTTPS
If your website runs on any open source project – such as WordPress, you can leverage a couple of plugins to make your life easier.
Some of the common and famous plugins include Really Simple SSL, CM HTTPS Pro, WP Force SSL, Easy HTTPS Redirection and WordPress HTTPS
What this plugin does was it will automatically redirect your entire website to HTTPS once it’s activated. A word of precaution, do a backup on your website before enabling any 3rd party plugin if you are on a production website.
But if you are just starting up a new WordPress site, you can also turn HTTPS on at the Settings > General
Upon you have successfully switch your website to running HTTPS, remember to login to your Google Webmaster Tools to request for a website change of URL. This is to ensure that the next Google crawl on your website, it will mark your website with HTTPS and give you the extra points on ranking higher on your SEO effort. Resubmit your website Sitemap to all the search engine so that they would get the latest update that has been applied on your web pages.
