Are you secure? How to enable HTTPS on ecowebhosting
Does my site need HTTPS?
I have been looking at this article about how to make your site HTTPS: https://medium.freecodecamp.org/free-https-c051ca570324
It links to this article “Does my site need https? Yes” https://doesmysiteneedhttps.com/
For me the reason to do it is if there may be loss of traffic because your site becomes marked as not secure and the effect on SEO. Lately I have noticed that on my phone and tablet I frequently am not even allowed to open sites because it says they are not secure. I think this will become more frequent as Chrome implements marking all sites that are not HTTPS as insecure.
How to do it
I had to contact my hosting company to find out how to do it. Their instructions are here: https://support.ecowebhosting.co.uk/?a=110&c=21
I have implemented on this site and others I have.
Before I did anything I checked that all of my domains had the correct name server info. Then checked that I could log on to all of them and they all had up to date plugins. Then I installed and activated the redirection plugin (https://redirection.me/ https://wordpress.org/plugins/redirection/) ready to use when I had activated the processes outlined below.
Activating on my host server
I allowed 30 minutes for the free SSL certificate to be active, then another 30 minutes for the ‘Always Use HTTPS’ to become active.
Because all of my sites are WordPress I had to do a few other things too. That involved logging on to the dashboard (https://***.***/wp-admin).
Settings > General
Update the WordPress URL and Site URL to have HTTPS instead of HTTP. Then you have to log on again.
Once I was sure it was working, I then ticked the box on the redirection plugin to redirect any HTTP links to the new HTTPS location. This is for any links within the site or external, such as those shared on social media.
I tried the process on one of my domains that only has one site associated with it and that wouldn’t be major problem if it went down. Then moved on to another (this one) that has a number of sub-domains. The wildcard SSL certificate that I activated covers all sub-domains, but I need to log on to the dashboard of each one to change the wordpress ad site URLs and to tick the box in the redirect plugin.
What is this SSL Certificate?
SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser. Typically, SSL is used to secure credit card transactions, data transfer and logins, and more recently is becoming the norm when securing browsing of social media sites.
I have now found that the sites with HTTPS activated no longer work with the lightbox plugin that I am using. That is because the images that are embedded in posts all refer to links that are HTTP then the redirection plugin redirects to the new HTTPS link, but the plugin needs them to be linked to specific pages. So I think I need to do some kind of search and replace correction on all images, but that could easily all go wrong. So I am holding off doing that until it isn’t so hot and my brain is sharper.