Secure Website for dummies

My website says is not https and that is not safe. I have no idea how to make it https so my clients feel it is safe. For someone who has no idea on to move from http to https can someone walk me thru how to do it. Any help more than welcome.

An SSL certificate is required. Does your hosting provider provide ‘free’ SSL certificates such as Lets Encrypt?

My hosting provider Siteground provides free Lets Encrypt thats is a simple one click install from the C Panel.

You then need to change your website address in Sparkle info panel…

Also if you have any documents such as images or media that is referenced outside of the Sparkle project file then you also need to change their URL to https://www.mywebsite.co.uk/images/image_1 as an example so they are not still referenced as http etc

Hope this helps,
Best,
Scott

4 Likes

If you are likely to have content linked to your website from http sources, you need to add an .htaccess file to the root of your domain containing the following:

Header set Content-Security-Policy: upgrade-insecure-requests

This will force the loading of http content into your web pages via an https request. If the content being accessed is not available via an https request, that content will not be displayed in your page, but your page will remain secured. If you don’t use this option, if your page attempts to display content via an http request, the content will display, but your page will become insecure.

2 Likes

@webmaker, Both @rimram and @francbrowne “are on the money”!

The one other thing I’ll had (which is also done in your cPanel) is force HTTPS by the function “Domain Redirect”. Although you have attached a SSL Certificate users that input (and even Google can do this) “http://www” or “www” can still rockup to your website with the “this site is insecure” message popping up which just sucks!

So redirect all www and non-www onto https://yourdomain.com

2 Likes

@greenskin Thats a nice tip as well :slight_smile: