How to Add SSL and HTTPS in Joomla
- by Editorial Staff
- on Tutorials
Google announced on December 2015 that they have boosted their ranking for websites which use HTTPS. It has been a long time coming that websites which have gone to great lengths to ensure their users privacy and security ought to be recognized for that and receive this preferential treatment by Google. Joomla can function absolutely fine under an HTTPS environment and we're going to see how.
What is HTTPS and SSL?
A website using HTTPS will have all of its URLs starting like this, https://www.joomlabeginner.com. Whereas an unsecured website will have all of its URLs starting like this, http://www.joomlabeginner.com. Did you notice the "s" missing from the http portion?
HTTPS is a protocol which derives from your server's usual HTTP capabilities in conjunction with an SSL certificate. Your server uses an SSL certificate to encrypt the communication that occurs between it and your visitors. As you can imagine there can be no HTTPS communication if there is no SSL certificate to begin with.
Why do you need HTTPS and SSL?
With the communication being encrypted, anyone who might intercept it will have a really hard time decrypting it and using it for malicious purposes, if they can decrypt at all.
It is apparent that you need HTTPS and SSL because of the added security which they provide to your users. Of course, with Google's recent announcement you get the added bonus of a boosted ranking.
Also if you are running an e-commerce website which handles sensible payment data such as credit cards then it is of absolute importance that you have HTTPS enabled
Requirements for using HTTPS/SSL
Fortunately there is only one requirement for using HTTPS/SSL. That is having an SSL Certificate.
Popular hosting providers around the world offer SSL Certificates bundled with hosting packages. On top of that, you will find that they can be purchased separately as well in case you want to extend your current hosting plan.
If by chance your hosting provider does not sell SSL Certificates, there are third-party providers which are selling them to anyone who is interested.
Whatever way you choose to own an SSL Certificate, it is up to your hosting provider to install it for you when you ask them.
Setup Joomla to Use SSL and HTTPS
Most of the side-wide configurations of Joomla can be found its Global Configuration panel. Enabling HTTPS is also a site-wide configuration and now we'll see how to do that. Before you actually move on and enable it for your website, confirm with your hosting provider that the SSL certificate has been installed and HTTPS can be used.
First you need to login to your Joomla administrator panel and navigate to System > Global Configuration
Then you need to click the Server Tab. In there you'll see a section called "Server Settings" and within this section there is an option called "Force HTTPS". To enable HTTPS for your entire website you should choose "Entire Website". If you want to enable it only for your administrator panel then you should choose "Administrator Only".
Finally just click "Save" to save your Joomla configuration and you are done!
Verify the SSL and HTTPS is correctly installed
Enabling HTTPS to your Joomla website isn't always the last step. There can be various errors regarding the validity of your SSL Certificate and in order to check if everything is correctly installed you can use dedicated websites such as https://www.sslshopper.com/ssl-checker.html.
To use the SSL Checker, simply enter your server's hostname, which must be publicly accessible, in the box and click the Check SSL button.
You will be able to see the results of your check right under the search box. You can see in the screenshot above that for example www.joomla.org is HTTPS enabled and working as intended.
Useful Joomla Extensions
The Joomla Global Configuration allows you to configure HTTPS and SSL, but if your visitors request one of your Joomla pages through regular HTTP, this visitor will not automatically redirected. On top of that, you are not able with Joomla's default capabilities to enable SSL only for some pages while others remain with regular HTTP.
To solve these problems the Joomla Extension Directory offers various solutions with the first one being the "Yireo SSL Redirection" extension which solves all the above problems and more.
If you are interested in learning more about Joomla, you can sign up to our Newsletter or follows us on Twitter and be one of the first to read our new content!