Have you noticed when you visit your site in Google Chrome it says Not Secure next to your website address? Not sure? Go ahead and check, I’ll wait.
…
…
…
Welcome back. So, what do you see? Is there a padlock or some big scary looking Not Secure? If you don’t see a padlock, it’s time to make yours and your visitors connections to your site secure.
All of our clients automatically have a FREE SSL Certificate provided to them, signed by Comodo (the most trusted certificate authority). This SSL Certificate will encrypt information sent to and from your website, but only if you make use of it.
How Do I Set It Up?
Your SSL Certificate is automatically set up by cPanel within 24 hours of your account being created. There’s nothing you need to do to set it up if you’re an E-Starr client. If you’re not an E-Starr client, you’ll want to check with your host to see what they provide or look into getting your own from LetsEncrypt.
For the purposes of this article, we’re going to assume you’re an E-Starr client. If you’re one of our clients and your SSL Certificate is not working, please contact support so we can assist you.
How Do I Utilize It?
Unfortunately, simply having SSL doesn’t mean it’s being used. Unless you take specific steps, anyone could visit your website with HTTP instead of HTTPS and none of their interactions with your site would be secure. Follow the steps below to make sure everyone who visits your site automatically uses HTTPS.
If You Have WordPress
Achieving the padlock across your entire site with WordPress can be as simple as adding and activating a plugin, depending on how much customization you have on your pages and theme. If you’d rather let an expert do it, our WP Boost package will do this for you, as well as add some great essential plugins for security and speed.
Set Site & WordPress URL to HTTPS
Go in to the Settings > General section of WordPress and make sure both the URLs listed start with HTTPS:
Install Really Simple SSL
The free version of this plugin does enough for most sites to get the padlock and force visitors to access your secure website. It will automatically redirect anyone from HTTP to HTTPS, as well as change references in your coding. It’s a pretty awesome little tool.
Go To Plugins > New & Type In Really Simple SSL
Click Install Now, then when it’s ready click Activate.
Activating the plugin isn’t the end of it. Before anything is actually changed, the plugin will recommend a couple of changes and that you make a backup of your site. Once you’ve done that, go ahead and click Activate SSL.
And that’s it for activating SSL on a WordPress site. Great job!
.HTACCESS Method For Non-WordPress Sites
If you’re using another script or a handcoded site, you can achieve the same effect by adding the following code to your .htaccess file, which must be in the root directory:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
If you don’t see a .htaccess file in your File Manager or FTP, you’ll want to make sure it’s set up to show hidden files. If hidden files are showing and you still don’t see it, you don’t have one. Create a new file, paste the code, and save as .htaccess (no .txt).
How To Reveal Hidden Files in File Manager
While in the File Manager in cPanel, click the gear icon in the top right. Make sure the box labeled Show Hidden Files is checked and click Save.
Check Your Site In Chrome
To make sure your site is fully secured, load it again in Chrome. If you see that you still don’t have a padlock, right click on the page anywhere and click View source. Then, do a search for any instances of http:// and replace them with https:// or the relative address to the file.
Any of our clients are welcome to contact us via the ticket system in the Portal for assistance with this process.
0 Comments