Merely securing a website
with a valid SSL/TLS certificate from a trusted CA
is not enough to get all-round protection.
SSL is a complex technology,
which has a number of features (key encryption algorithm, OSCP stapling,
HSTS, and much more) that can
enhance the security of your website’s visitors and
improve your website performance.
Enabling these features can improve your websites’ search engine rankings:
- “Redirect from http to https” sets up a permanent,
SEO-safe 301 redirect from the insecure HTTP
to the secure HTTPS version of the website and/or webmail. - HSTS prohibits web browsers from accessing the website
via insecure HTTP connections. - OSCP makes the web server request the status of the website’s certificate
(can be good, revoked, or unknown)
from the CA instead of the visitor’s browser.
Caution: Before turning these features on,
ensure that your website can be accessed
via HTTPS without any issues.
Otherwise, visitors may have trouble accessing your website.
To enhance the security of your websites:
-
Secure your website with a valid SSL/TLS certificate from a trusted CA.
-
Go to Websites & Domains > your domain > SSL/TLS Certificates.
-
Turn on “Redirect from http to https” if it is not already on.
“Redirect from http to https” will be applied
to both the website and webmail.Note: If your webmail is not secured with a valid SSL/TLS certificate
or you do not have any webmail,
clear the “Include webmail” checkbox. -
Enable HSTS:
-
Turn on HSTS.
-
Make sure that an SSL/TLS certificate
that secures your website will be valid
during the “Max-age” period.
Do the same for subdomains and the webmail subdomain.
Otherwise, if the SSL/TLS certificate expires earlier
than the “Max-age” period and HSTS is turned on,
visitors will not be able to access your website. -
If your subdomains are not secured with valid SSL/TLS certificates
or you do not have any subdomains,
clear the “Include subdomains” checkbox. -
If your webmail subdomain is not secured with a valid SSL/TLS certificate
or you do not have any webmail,
clear the “Include webmail” checkbox. -
Click Enable HSTS.
Note: If your SSL/TLS certificate expires earlier
than the “Max-age” period but you still want to use HSTS,
we recommend that you turn on “Keep websites secured”.
Then when…
-