Do you care what the heck is ‘HTTP‘ or ‘HTTPS‘ when you type a URL in your browser? Well!! If you own a website, you should be aware that data is sent over internet either un-encrypted or encrypted. For a site with only online contents, un-encrypted data transmission may be fine, but for websites dealing with online business or eCommerce platform, data encryption is mandatory.
In layman terms, every URL that begins with HTTP uses a basic type of “hypertext transfer protocol” where no data encryption is implemented. (HTTP is a protocol that allows web browsers and servers to communicate with each other through the exchange of data). HTTPS is HTTP (HyperText Transfer Protocol) plus SSL (Secure Socket Layer). Essentially websites using HTTPS establishes an encrypted connection between a web server and a browser.
So, websites with HTTPS implemented are more secure and trustworthy.
Another advantage of HTTPS is that it helps with SEO of your website. Google or any search engine ranks websites with HTTPS higher over HTTP.
I recommend that HTTPS should be enabled on your Website.
There are 3 steps you need to implement in order to switch your website from default HTTP to HTTPS:
- Obtaining an SSL certificate
- Installing it on your site’s hosting account
- Notifying search engines that your site’s addresses have changed from HTTP to HTTPS.
Note: An SSL certificate is a digital certificate that activates HTTPS protocol and enables an secure connection from a web server to a browser and vice versa.
Today, I will explain how we can implement HTTPS on your site. Since my hosting account is in ‘GoDaddy“, I will take reference from it while discussing the steps. The process is similar across all hosting companies.
Step1: Buying your SSL Certificate from domain hosting company.
Go to GoDaddy Site (https://in.godaddy.com/).
You will notice “Web Security” tab.
Under ‘Web Security‘, click on ‘SSL Certificates‘.
There are various plans in Godaddy that you can buy for your site.
Buy any of the plan that suits your budget.
Step2: Ordering your SSL certificate
Once you purchase your SSL certificate, you go to ‘My Products‘ section of your GoDaddy Account.
Under ‘SSL Certificates‘ , you will see an entry for your domain – ‘Standard SSL‘. Go to ‘Set Up‘.
Click ‘New Certificate‘.
Under ‘Certificate Setup’, you will have to insert your domain for which SSL Certificate is requested. Press ‘Continue‘.
GoDaddy will generate ‘Private Key‘ and CSR.
Save both the files in your local machine by clicking ‘Save File‘. Press ‘Continue‘
Now, you have to prove your domain control. Select option 2 as below:
You need to agree to Subscriber Agreement.
You are done for the time being. Your application for SSL Certification will be verified by SSL Certificate issuing authority. A mail will be sent once certificate is issued.
Step3: SSL Certificate Installation
You have to wait for a day or two. Check your mails regularly.
Once certificate is issued, you will be notified in your mail with instructions:
Instructions in the mail body:
Follow the link in Step 1. Under ‘Certificates‘, your domain will be displayed. You need to click on your domain name.
Now, you have to download your certificate.
Use ‘Server Type‘ – Other. Download the Zip File and store in your computer.
Now, you have to navigate to your domain’s cPanel.
Under cPanel, go to ‘Security –> SSL/TLS‘:
Under Certificates (CRT), click Generate, view, upload, or delete SSL certificates.
Now, you have to upload the certificate that you have saved in your local machine. Uuzip the certificate files and upload the primary certificate (.crt file with randomized name)
Ensure that you have uploaded the .crt file with correct domain name. Click ‘Go back‘
Click Return to SSL Manager
Under Install and Manage SSL for your site (HTTPS), click Manage SSL Sites.
Use ‘Browse Certificates’.
From the list, select the certificate that you want to activate and click Use Certificate.
Your certificate details will be filled automatically.
For the Private Key, you copy and paste the contents of the ‘Private Key‘ file that you saved in Step2.
At the bottom of the page and click Install Certificate.
Click OK when you get a pop up on successful installation.
Go to your WordPress admin Dashboard —> Settings —> General. GoDaddy by default will populate the ‘WordPress Address (URL)‘ and ‘Site Address (URL)‘ with HTTPS against your domain name. If not, you can update the entries manually.
Now, use your website URL in your browser. You should see the secured lock.
There can be situation where you will not see the secure lock as your site might still have entries with HTTP. It can be any external references, pages or images within the website contents.
Let me discuss in short two methods to fix it.
1. Install plugin – Really Simple SSL
After you Install and Activate this plugin, you will be asked to activate SSL. Click ‘Go ahead, activate SSL!‘.
The plugin will try to update your website entries with HTTPS.
2. Use the site ‘Why No Padlock?‘ and scan your site.
The site will let you know all the contents in your website which have HTTP entries. You have to manually fix all of them.
Post fixing, your website will have the secure padlock.
One last step!!
Do not forget to update your website address from HTTP to HTTPS in ‘Google Search Console’ and ‘Google Analytics’.
Read related articles:
Congrats buddies!! You have just migrated your site from HTTP to HTTPS. Now you are the owner of a secure site. Happy Blogging!!!