Before we go on to the process of enforcing HTTPS onto your domain, though, we’ll give you the basics of the difference between HTTP and HTTPS as a web communication protocol.
You may notice that web addresses that you navigate to on your browser’s address bar are either “http://” or “https://”. The simple explanation is that “http://” is “HyperText Transfer Protocol,” which allows you to access a website when you type the full address on the browser unsecured, while “https://” is “HyperText Transfer Protocol Secure,” which is a transfer of data from the website to your browser with encryption involved.
This means that as you access the website over the internet through WiFi or Data (4G/LTE or 5G), HTTP is open for hackers to intercept the data being transferred, while HTTPS secures the connection via encryption, and will protect the end user from data interception, especially when transferring sensitive information. Isn’t that cool?
Google has also been marking “HTTP”-only websites as “not secure.” In a search for a keyword you are targeting your website for, Google might exclude your website from the results, as it has been marked “not secure.” Not only that, Google Chrome users will be warned that your website is not secure, and will not load your page outright. The website visitor will be provided with an option to continue to your website if they choose to take a risk, and this might cause frustration, distrust, and, as a given, increase page load times.
As we mentioned in our Knowledgebase article, “How to install WP Super Cache to speed up your WordPress website?” page load times are super important because it increases conversion rates and possible profitability, and so, if users get to go directly to your website without Google Chrome’s warning, it will be better for you and your brand or business.
Speaking of profitability, HTTPS is also important in maintaining an eCommerce site. As you well know, shopping carts employ the use of payment facilities such as credit and debit cards, or payment processors like PayPal, Skrill, and the like, so users need to be given extra security when they provide you with their personal and more importantly, financial data.
HTTPS is enforced using an SSL, or a secure sockets layer file, which is accessible via the “SSL/TLS Status” menu on the “Security” section of your CLDY cPanel.
When you purchase a domain and hosting service from CLDY, your website is accessible via the “http://” and “https://” protocols both. So, in order to ensure that your website’s visitors will only be visiting your site via the secure protocol, “https://”, you need to enforce “https://” on your domains and websites.
Now that you know the importance of using HTTPS, it’s time to apply it to your website.
- Log In to your CLDY cPanel.
- Usually, the cPanel Web Address can be navigated to through your domain, in this format:
- Scroll down to the Domains section and find the “Redirects” option.
- Go in to “Redirects.”
- On the “Type” field, set “Type” to “Permanent (301).”
- On the section “https?://(www.)?” select the domain name from the drop-down.
- Under the section “Redirects to,” enter your website’s URL.
- On the section “www. Redirection:” choose “Redirect with or without www. Selected.”
- When this option is selected, whenever a user visits your website, SSL via the “https://” protocol will be served to the visitor.
- Whether the website visitor uses “www.yourdomain.com” or “yourdomain.com,” they will still be directed to the SSL or “https://” version of your website.
- This option will ensure that all of the subdomains and files under your domain will use SSL or “https://”.
- This option will ensure that all of the subdomains and files under your domain will use SSL or “https://”.
- Click “Add.”
- Clicking “Add” saves your changes, so please don’t forget this step!
- Clicking “Add” saves your changes, so please don’t forget this step!
- There you have it, your domains and websites are now secure!
Here’s an alternative method in enforcing HTTPS via cPanel:
- Login to cPanel
- Click on “Domains”
- Toggle the button for your domain to enable “Force HTTPS Redirect”