Ever web hosting plan on Todhost comes with free SSL. This is automatically provisioned for every account and therefore referred to as Auto SSL. Although this feature is enabled by default, you still need to activate it on your website to see the padlock sign to indicate your secured website. In this post, we take you through the steps you need to take to activate your default Auto SSL.
Further reading:
How to Install an SSL Certificate in cPanel
How to renew an SSL certificate
SSL Installation: Common Problems and Solutions
Why is Enabling SSL Important?
Having SSL enabled on your website has become very necessary for two reasons.
The first is that not having SSL enabled indicates to your visitors that your website is not secured and this shows up in the browser. So not having SSL enabled on your site hurts your website reputation and gets visitors running away from your page. So, having your site run on https is a sign of trustworthiness.
The second reason and closely related to the first is that Google now uses website security as a ranking tool. Having SSL enabled is therefore important for the ranking of your website. Now we can look at how to enable Auto SSL for your website.
How to Enable Auto SSL in cPanel
1. Via cPanel Control Panel
- Login to cPanel using your credentials.
- Use the search bar and type in SSL
- Click on SSL/TLS Status
- Select all the items and click Run AutoSSL
Allow to process to complete and your auto SSL would have been enabled.
The shortcut to enable your auto SSL from the home of your cPanel control panel is to click on the security icon directly under the text: "primary domain". That will take you to the next steps enumerated above for you to enable auto SSL on your account.
2. Using The ,htaccess File
Enabling SSL simply means activating the https protocol on your website so instead of running on http, your website runs on https://www.yourdomain.com. Now follow these steps to enable your free SSL in cPANEL.
- Login to cPanel section of our website using the verified credential.
- Click on filemanager.
- Click public_html
- Locate the .htaccess file. If it does not exist, then create it.
- If you can't locate the .htaccess file in the public_html folder, then the settings icon at the top right and check show hidden files, then save. You should now be able to see the .htaccess file.
- Open the .htaccess file and insert the following code into it and save. That will be all. Now, below is the code you are to paste in your .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Further reading:
The htaccess file and its uses
How to force your website url with www or non-www using htaccess
How to Enable HTTPS on Popular Web Development Platforms
How to Enable HTTPS in WordPress
Update the WP-Config.PHP File
It is a good idea to secure the backend of your WordPress website so that whenever a user logs in, their information is exchanged securely.
To do so, open wp-config.php in your WordPress root folder and add the following line somewhere before where it says That’s all.
define('FORCE_SSL_ADMIN', true);
Now, save the file and test your WordPress website. Try to access your login page with HTTPS in the URL and see if everything wors correctly.
Update the WordPress admin interface
To use the administration interface to update the WordPress URL settings, follow these steps:
Log in to WordPress as the admin.
On the left-hand menu, click Settings, and then click General.
Under General Settings, in the WordPress Address (URL) text box, replace the current URL with the secure URL. That is, change the URL to begin with https.
Make sure you type the correct URL, or your WordPress installation will no longer be accessible.
Make sure the URL begins with https://.
Make sure the URL does not end with a forward slash (/).
In the Site Address (URL) text box, replace the current URL with the secure URL. That is, just repeat what you did in the case of the current URL and let your URL begin with https.
Make sure you type the correct URL, or your WordPress installation will no longer be accessible.
Make sure the URL begins with https://.
Make sure the URL does not end with a forward slash (/).
Save the Changes.
Also read: 7 Security Tips for a WordPress Website
Net, Implement 301 Redirects in .htaccess
The next step will involve setting up a redirect that sends visitors automatically over to the secure version. The .htaccess can do this effectively.
If you do not have a .htaccess file, then create it. Please note that the .htaccess is invisible by default. You need to click on the settings icon at the top right in your cPanel control panel and check the box to make hidden files visible then save. You will then be able to access the .htaccess file in cPanel.
Now, click to edit the .htaccess file and add the following lines to it:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
That’s it. Now, visitors (including Google bots) should automatically land on the HTTPS version of your WordPress site.
Force HTTPS With a WordPress Plugin
This makes things easy and can work without issues. There are couple of plugins out there that can handle this for you. You can look them up in the WordPress repository. For the choice of plugin you make, simply follow installation and configuration instructions.
One simple to use plugin is Really Simple. It is easy to install and use:
Activate this plugin
Activate SSL in your hosting environment, or generate a free Let’s Encrypt certificate in Really Simple SSL.
Enable SSL with one click
Enabling HTTPS in Joomla
It's pretty simple implementing HTTPS in Joomla. There are two simple steps involved:
Have SSL activated on your web hosting environment.
Force your Joomla website to run on https.
We have earlier discussed how to enable SSL on your hosting account with Todhost. Now we will briefly look at how to force https in Joomla.
Simply follow these steps to force your Joomla website to use https.
Login to the Joomla administrator area.
Go to system > global configuration
Under the server tab, locate force HTTPS and select entire site.
Save your settings. Test your site to see how it works.
That's all. Your Joomla website should now run on https.
Also read: How Secure is Your Joomla Website
How to Force HTTPS in Drupal 8
Drupal documentation recommends redirecting to HTTPS with settings.php. The Drupal documentation gives the following guidelines which is easy to implement. The benefit is that it does not get ovrwritten after a Drupal update so it appears to be a more permanent way to implement the https security on your site.
Insert the code below at the top of settings.php, right after <?php
<?php
// Force HTTPS
// PHP_SAPI command line (cli) check prevents drush commands from giving a
// "Drush command terminated abnormally due to an unrecoverable error"
if ( (!array_key_exists('HTTPS', $_SERVER)) && (PHP_SAPI !== 'cli') ) {
header('HTTP/1.1 301 Moved Permanently');
header('Location: https://example.org'. $_SERVER['REQUEST_URI']);
exit();
}
// Remove www
if ($_SERVER['HTTP_HOST'] == 'www.example.org') {
header('HTTP/1.0 301 Moved Permanently');
header('Location: https://example.org'. $_SERVER['REQUEST_URI']);
exit();
}
For generic domain you can use:
<?php
if ( (!array_key_exists('HTTPS', $_SERVER)) && (PHP_SAPI !== 'cli') ) {
if (substr($_SERVER['HTTP_HOST'], 0, 4) <> 'www.') {
$new_url = 'www.' . $_SERVER['HTTP_HOST'];
} else {
$new_url = $_SERVER['HTTP_HOST'];
}
$new_url .= $_SERVER['REQUEST_URI'];
header('HTTP/1.1 301 Moved Permanently');
header('Location: https://'. $new_url);
exit();
}
Further reading: Drupal Website Security Tutorial
How to Implement https in Suarespace
Getting your Squarespace website to use the HTTPS protocol is easy. You simply need a few clicks to get it implemented.
- Login to you Squarespace account and select the website you need to make secure.
- Head to Settings > Advanced > SSL
- Make sure you select Secure and HSTS Secure. That's it.
How to Enable HTTPS in Magento
The process is basically the same for Magento and Magento 2 websites. Now, let's go through the process.
- Open the admin panel of your Magento store and then navigate to System → Configuration
- Now, click on Web under General tab
- Update the Base URL field by changing http to https.
- Select Yes for Use Secure URLs in Frontend and Use Secure URLs in Admin fields.. By selecting yes to use Secure URLs on Storefront, all of your storefront pages will open with https. By selecting yes to use secure URLs in Admin, your store admin panel will be open with https.
- Click on Save Config button.
How to Enable HTTPS in OpenCart
You need to have your SSL certificate in place. In this tutorial, we presume you are using the auto SSL already installed on your account. Here are the steps you need to follow to get your site to run on https and not http in OpenCart
Change Settings in OpenCart Admin Backend
- Go to opencart installations admin section.
- Go to system> settings> edit store> Go to server tab . Switch on "USE SSL"
- save the change.
Change path to https on root config file
Login to file manager in cPanel control panel. The filemanager environment makes it really easy to edit files. Follow these steps.
- Find config.php open, highlight it and click edit. Within the file, you will find define('HTTPS_SERVER', 'http://opencart.transpacific-software.com/'); Change it to https ('HTTPS_SERVER', 'https://opencart.transpacific-software.com/') re-upload the file.
Edit the Config.php File
- Login to cPanel and locate filemanager.
- Go to public_html folder and locate the "admin”
- You will find the config.php file.
- Open the config..php file and edit / / HTTPS settings. Change all URL that begins with ttps to now begin with https.
What Next?
Update Your Site Environment
There are a few steps you need to undertake to complete this process especially for an already existing site:
Update your sitemap — An SEO plugin does this automatically. Check to be sure you update your sitemap and do so in your Google search console account. Don’t forget to include your sitemap or update it in your robots.txt file.
Add site to your webmaster tools — If that was not already done, add the HTTPS version of your site in Search Console. Upload the new sitemap and submit your URL to Google for a crawl update.
Update your CDN — If you were using a content delivery network (one of the ways to speed up your WordPress site), you also need to switch it to SSL.
Update your analytics account — Update your Google analytic account or any other related accounts to use the new prefix. For Google Analytics, you find the option under Admin > Property Settings > Default URL.