Guess I already asked the question there. How’s it done? Thanks, again.
You need a SSL certificate. My host is giving them to all accounts for free, but a previous host forced us to purchase them.
I don’t think you need one if you don’t collect user’s information, but I say if you get one free, then use it.
My host sent me an email:
"Google’s decision to mark non-HTTPS websites “not secure” takes effect soon. So we’ve created a guide to help you prepare and keep your visitors protected. Simply follow the instructions in our Knowledge Base article and your free SSL certificate will be enabled in no time.
By enabling SSL, your website will be given the HTTPS label-giving your visitors the confidence that you’ve made their security a priority."
Once you enable the certificate, you need to redirect traffic to the secured site. I redirected through .htaccess; some hosts do it automatically, others use the 301 redirect.
There’s this older article (predates free Let’s Encrypt but the “basics” are still relevant)
There’s this more recent “how to” about using free Let’s Encrypt
If you have cpanel you might find you have a https version of your site already. I found out by chance last year it had created https versions of all the sites I had.
Try putting https in font of your site name in the URL and see what comes up.
Try HSTS the support send the request automatically
This was for later on, since I am only showing info, not storing any on the site just now.
While it is correct that you don’t need to use a secure transfer protocol (HTTPS) if you’re not dealing with secure transfers, if at some point in the future you will be, IMHO it would be a good idea to start with HTTPS right from the start. You can use HTTPS even if there is no secure data being passed. And there is a good chance “changing later” will cause at least a few problems for you to deal with. eg. changing absolute paths, redirects, etc.
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.