HTTP to HTTPS – Here’s What to Do

HTTP to HTTPS is the key to making your customers feel safe from the bad guys out to steal their data. Here’s how to secure your site and your business.

Some of the major web browsers have begun to warn users when they visit websites without SSL certificates. Firefox is one. Chrome is another. But why should that bother you? Well, because anyone who visits your site will be told that it’s unsafe, and they might want to turn back, so a redirect from HTTP to HTTPS becomes a way to make sure you don’t start losing visitors.

Why Do We Need SSL Certificates Anyway?

Information Encryption

Everything you send over the Internet goes through other computers before it gets to the one that hosts the website you’re trying to reach, so all of your private and financially sensitive stuff could be stolen by others unless it’s disguised through encryption. That’s what an HTTP to HTTPS gives you: scrambled info that can only be unscrambled by the intended recipient.

Protection from Cybercriminals

Consultancy firm Cybersecurity Ventures predicts that by 2021, cybercrime will cost the world more than $6 trillion, a figure that’s hard to imagine, but to put it into perspective, that will be more than the amount generated by the world’s entire illegal drug trade. That’s serious!

With so much money to be made, criminals are getting more and more sophisticate. They know that there are rich pickings to be had from penetrating networks. To them, it’s a crime with far fewer risks than many of the other evil schemes they might pursue, and it offers potentially greater rewards.

That’s why they’ve been making efforts to intercept your information while it’s on route—in what are called transit-based attacks—and that’s why HTTP to HTTPS have become so important.

Security = Trust in Your Brand

Trust is one of those intangibles that every brand needs and earning it means making sure that every touch point in your customer’s journey builds on that trust. Have you ever noticed the little lock icon that sometimes appears in your address bar? Or sometimes how there’s red line through the name of the website you’re visiting instead? The first one means you’re connected safely thanks to HTTP to HTTPS and you’ve got well-trusted encryption. The second one means the connection isn’t protected. From a customer’s point of view, if they see the first one then their trust in your brand will grow. If they see the second one, then you can say goodbye to them.

Legit Referral Data

Since Google Analytics is not showing HTTPS to HTTP referral data – you will loose significant part of statistical data. Imagine that someone placed a link to your website on old and reputable website with huge amount of traffic. This site resides under HTTPS, yours – under HTTP. The referrer data in this case is completely lost, the traffic from linking website will be represented as Direct inside Google Analytics and is not really useful for any further marketing analysis.  So, migrating your website to HTTPS solves this issue and after migration referral data is passed properly from any linking site – under HTTP or HTTPS.

HTTP to HTTPS – implementation how-to

The first thing you need to do is to edit .htaccess file. This is a configuration file used by Apache web server software to provide a way to make configuration changes on a per-directory basis. Apache is one of the most popular web servers in the world, developed and maintained by Apache Software Foundation.

How to edit the .htaccess file

The .htaccess file contains information that tells the server what to do under various circumstances, so it has the capacity to change the functionality of your website. It does things like:

  • Redirects
  • URL Rewriting

Ways you can change an .htaccess file

  • Change the file on your machine and upload it to the server via sFTP/FTP
  • All FTP/sFTP/SCP apps have an “Edit” feature which allows remote editing of files.
  • Use a text editor and SSH to alter the file.
  • Use the file manager of Plesk Onyx or cPanel to amend the file.

 

Redirecting HTTP to HTTPS

Redirect All Web Traffic

If there’s existing code already in your .htaccess file, add the following:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourwebsite.com/$1 [R,L]

Redirect a Specific Domain Only

To redirect a specific domain to use HTTPS, add this:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^yourwebsite\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourwebsite.com/$1 [R,L]

Redirect a Specific Folder Only

Use this to redirect HTTP to HTTPS for a particular folder:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} yourfolder
RewriteRule ^(.*)$ https://www.yourwebsite.com/youfolder/$1 [R,L]

How To Setup HTTP to HTTPS redirection using Plesk Onyx

You can avoid manual modifications of .htaccess using the power of Plesk Onyx UI. To setup HTTP to HTTPS redirect you need valid and functioning SSL certificate on your website. The rest is about 5 easy steps:

  1. Log in to Plesk and click Websites & Domains in the left sidebar
  2. Choose the domain to configure and click Hosting Settings
  3. Select SSL/TLS support and Permanent SEO-safe 301 redirect from HTTP to HTTPS checkboxes under Security
  4. Select corresponding SSL certificate from the Certificate drop-down list
  5. Confirm changes by clicking OK button

From this moment your site is using a secure connection for all web page requests

2 Comments

  1. is there a way to do that for the Plesk domain too? For example when Plesk admin ui is accessible via plesk.mydomain.com. That domain is not created as a website so the steps from above will not work here.

    Thank you.

Add a Comment

Your email address will not be published. Required fields are marked *

GET LATEST NEWS AND TIPS

  • Yes, please, I agree to receiving my personal Plesk Newsletter! WebPros International GmbH and other WebPros group companies may store and process the data I provide for the purpose of delivering the newsletter according to the WebPros Privacy Policy. In order to tailor its offerings to me, Plesk may further use additional information like usage and behavior data (Profiling). I can unsubscribe from the newsletter at any time by sending an email to [email protected] or use the unsubscribe link in any of the newsletters.

  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden

Related Posts

Knowledge Base