HTTP to HTTPS is the key to making your customers feel safe from the bad guys out to steal their data. Here’s how to secure your site and your business.
Some of the major web browsers have begun to warn users when they visit websites without SSL certificates. Firefox is one. Chrome is another. But why should that bother you? Well, because anyone who visits your site will be told that it’s unsafe, and they might want to turn back, so a redirect from HTTP to HTTPS becomes a way to make sure you don’t start losing visitors.
Why Do We Need SSL Certificates Anyway?
Information Encryption
Everything you send over the Internet goes through other computers before it gets to the one that hosts the website you’re trying to reach, so all of your private and financially sensitive stuff could be stolen by others unless it’s disguised through encryption. That’s what an HTTP to HTTPS gives you: scrambled info that can only be unscrambled by the intended recipient.
Protection from Cybercriminals
Consultancy firm Cybersecurity Ventures predicts that by 2021, cybercrime will cost the world more than $6 trillion, a figure that’s hard to imagine, but to put it into perspective, that will be more than the amount generated by the world’s entire illegal drug trade. That’s serious!
With so much money to be made, criminals are getting more and more sophisticate. They know that there are rich pickings to be had from penetrating networks. To them, it’s a crime with far fewer risks than many of the other evil schemes they might pursue, and it offers potentially greater rewards.
That’s why they’ve been making efforts to intercept your information while it’s on route—in what are called transit-based attacks—and that’s why HTTP to HTTPS have become so important.
Security = Trust in Your Brand
Trust is one of those intangibles that every brand needs and earning it means making sure that every touch point in your customer’s journey builds on that trust. Have you ever noticed the little lock icon that sometimes appears in your address bar? Or sometimes how there’s red line through the name of the website you’re visiting instead? The first one means you’re connected safely thanks to HTTP to HTTPS and you’ve got well-trusted encryption. The second one means the connection isn’t protected. From a customer’s point of view, if they see the first one then their trust in your brand will grow. If they see the second one, then you can say goodbye to them.
Legit Referral Data
Since Google Analytics is not showing HTTPS to HTTP referral data – you will loose significant part of statistical data. Imagine that someone placed a link to your website on old and reputable website with huge amount of traffic. This site resides under HTTPS, yours – under HTTP. The referrer data in this case is completely lost, the traffic from linking website will be represented as Direct inside Google Analytics and is not really useful for any further marketing analysis. So, migrating your website to HTTPS solves this issue and after migration referral data is passed properly from any linking site – under HTTP or HTTPS.
HTTP to HTTPS – implementation how-to
The first thing you need to do is to edit .htaccess file. This is a configuration file used by Apache web server software to provide a way to make configuration changes on a per-directory basis. Apache is one of the most popular web servers in the world, developed and maintained by Apache Software Foundation.
How to edit the .htaccess file
The .htaccess file contains information that tells the server what to do under various circumstances, so it has the capacity to change the functionality of your website. It does things like:
- Redirects
- URL Rewriting
Ways you can change an .htaccess file
- Change the file on your machine and upload it to the server via sFTP/FTP
- All FTP/sFTP/SCP apps have an “Edit” feature which allows remote editing of files.
- Use a text editor and SSH to alter the file.
- Use the file manager of Plesk Onyx or cPanel to amend the file.
Redirecting HTTP to HTTPS
Redirect All Web Traffic
If there’s existing code already in your .htaccess file, add the following:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourwebsite.com/$1 [R,L]
Redirect a Specific Domain Only
To redirect a specific domain to use HTTPS, add this:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^yourwebsite\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourwebsite.com/$1 [R,L]
Redirect a Specific Folder Only
Use this to redirect HTTP to HTTPS for a particular folder:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} yourfolder
RewriteRule ^(.*)$ https://www.yourwebsite.com/youfolder/$1 [R,L]
How To Setup HTTP to HTTPS redirection using Plesk Onyx
You can avoid manual modifications of .htaccess using the power of Plesk Onyx UI. To setup HTTP to HTTPS redirect you need valid and functioning SSL certificate on your website. The rest is about 5 easy steps:
- Log in to Plesk and click Websites & Domains in the left sidebar
- Choose the domain to configure and click Hosting Settings
- Select SSL/TLS support and Permanent SEO-safe 301 redirect from HTTP to HTTPS checkboxes under Security
- Select corresponding SSL certificate from the Certificate drop-down list
- Confirm changes by clicking OK button
From this moment your site is using a secure connection for all web page requests
2 Comments
is there a way to do that for the Plesk domain too? For example when Plesk admin ui is accessible via plesk.mydomain.com. That domain is not created as a website so the steps from above will not work here.
Thank you.
Hi Joachim,
We kindly suggest addressing your specific question to the following thread on the Plesk Forum, where our community of Plesk professionals awaits you. Hope this helps.