You must have noticed that all the big websites and eCommerce websites open with HTTPS and a green padlock. You might have been wondering what is that and why can’t I see this on my website? Well, this is because their connection is secure and they are using SSL certificate. An unsecured website opens with HTTP and a secure website opens with HTTPS that means that the website is using an SSL certificate. SSL certificate is now mandatory for all websites and there are many advantages to use SSL (HTTPS).
Secure Connection
When a user processes very sensitive information through an insecure connection, all the data can be easily hacked by hackers. But while you use the SSL certificate, it encrypts all the sensitive data, i.e., password, credit card information, session cookies etc. and it can’t be decryptable. So, the connection between the user’s browser and the server remains secure.
Google ranking factor
Google officially announced that SSL/ HTTPS enabled websites will get a ranking boost in the search results. However, this boost is not a massive boost, but any kind of boost is good for your site.
Build trust
When you are selling online products or running a membership portal, users always alert about the site’s security. If your site is secure, it means your customer will trust you and dare to buy products from your site. Moreover, the green padlock bar of your site is also created trust to your audience.
If you run a normal blog site, then you can get free SSL certificate easily from "let’s encrypt". But if you run an eCommerce site or sell products online, then you must need a premium SSL which costs around $70-$250 per site.
But adding SSL certificate is not enough because when you enter your site, it will open with HTTP instead of HTTPS. So, from the browser bar, it will show your site is not secure. In this case, you need to redirect the HTTP to HTTPS so that all the visitors will be accessible through secure (HTTPS) connection.
There are several ways you can redirect an HTTP connection to HTTPS automatically and I am sharing the two easiest methods to force SSL on your website.
Redirect HTTP to HTTPS using Apache mod rewrite
This is the easiest method to redirect the HTTP to HTTPS. If your web server runs on Apache, then you can force SSL or redirect the SSL using .htaccess file. Simply add the following code to your site .htaccess file and save it.
- RewriteEngine On
-
- RewriteCond %{HTTPS} off
- RewriteRule ^(.*)$ https:
HTTPS redirection using Nginx
If your web server runs on Nginx, then you can redirect all the visitors through a secure (HTTPS) connection. To do this, simply follow this method below. First, go to your Nginx config file(/etc/nginx/nginx.conf) and add the following code.
- server {
- listen 80;
- server_name domain.com www.domain.com;
- return 301 https:
- }
Now, simply save the file. Now, refresh your webpage and you will see your site opening with SSL and it can only accessed with HTTPS protocol.