In the past, SSL certificates were reserved for online shops and websites that handle sensitive data only. Things have changed. Right now, you must establish an HTTPS connection between your site and its visitors, regardless of whether you’re building a personal blog or a large ecommerce website. It’s not only important for users’ security; it could be crucial for the entire project’s future, as well.
So, how do you do it if you use Joomla?
Let’s find out.
What Is an SSL Certificate, and Why Is It So Important?
Browsers make it apparent whether or not a website uses an SSL certificate. If there is one, you see https:// instead of http:// in the address bar. The lock icon next to the URL is crossed out if there is no SSL certificate, and you get quite a few warnings if you try to enter any login credentials. If the certificate is not configured properly, you may get a full-screen alert telling you your connection is not private.
There’s a very good reason for all this.
The job of an SSL certificate is to encrypt the communication between your browser and the website you’re trying to visit. Without it, hackers can alter the server’s response to include anything from ads to malicious scripts or reroute the traffic to a phishing page. They can also intercept passwords and other personal information you enter on the website while logging in or signing up.
SSL certificates have changed quite a bit over the years. SSL actually stands for Secure Sockets Layer – the encryption protocol certificates used in the past. Although the name has stuck, SSL certificates now employ Transport Layer Security (TLS) – a more secure alternative.
They’ve become more accessible, as well. Years ago, SSL certificates were pretty expensive and only accessible to online businesses. Nowadays, thanks to certificate authorities like Let’s Encrypt, you can get one for free.
You should certainly consider it. In addition to keeping data safe, even the free certificates are considered a sign of trustworthiness. What’s more, the encryption they use is no weaker than what the premium SSL certificates have.
It must be said, though, that the paid ones could give your online business an extra layer of legitimacy, especially if you go for the more expensive options.
Installing And Configuring an SSL Certificate On a Joomla Website
The exact steps for installing an SSL certificate depend on numerous factors, including the type of certificate and your hosting setup. With some providers and management platforms, the process is completely automated.
For example, if you use one of ScalaHosting’s managed SPanel VPS solutions, you will have a free Let’s Encrypt SSL certificate installed within 24 hours of pointing your domain to the server. Like other popular web hosting control panels, there is also a facility for setting up a premium certificate.
On the other hand, if you have a self-managed account, the process is more complicated and will likely involve a lot of command-line work.
One common thing in all cases is that after you install your certificate, you need to make sure your web server uses it. Typically, this would mean editing its configuration files.
However, if you use Joomla, all you need to do is click a couple of buttons in the Administrator.
Go to System > Global Configuration and click on the Server tab. The drop-down menu you’re interested in is Force HTTPS, and it has three options:
- None – Leaves the site under HTTP.
- Administrator Only – Enables HTTPS only for the backend part of your website.
- Entire Site – Enables HTTPS for both the frontend and the Administrator section.
Ultimately, the choice is yours, but it’s highly recommended you choose the third option. This is the only way you can ensure both you and your site’s visitors are fully protected.