Nowadays every website should have an SSL certificate. Ideally, every website should be 100% HTTPS, with every page and every piece of content served over an encrypted connection and with a trusted SSL certificate. At Maxer Host, we help all our hosting clients to achieve this by offering SSL certificates for every website through AutoSSL.
In the past, only e-commerce websites enforced HTTPS to secure confidential data on checkout pages and logged-in areas. However, a lot has changed in the past few years. There has been an industry-wide change to encourage websites to run through the HTTPS protocol by default. This change has been supported by big firms like Google, Microsoft, Mozilla, etc.
With this in mind, Maxer Host launched our free AutoSSL service in February 2017. It's available on all our shared hosting, enterprise hosting and reseller hosting plans and usually on any server running the cPanel control panel. The AutoSSL feature is enabled by default so our hosting clients can use HTTPS on their websites.
Whether you use the 90-day AutoSSL provided with your web hosting or you use one of the commercial certificates we sell from Sectigo, GeoTrust or GlobalSign, you can easily update your WordPress website to run through HTTPS.
Step 1 - Is the website running WordPress software?
Almost 30% of the websites run on WordPress! If you have a WordPress site, please instead follow this guide: Enabling HTTPS on a WordPress website
Otherwise, please proceed to step 2.
Step 2 - Use an .htaccess file to force redirect all HTTP requests to HTTPS.
You can enforce HTTPS across your website so that all visitors are redirected to the same page, but through the HTTPS protocol. This can be accomplished by adding the following code to your website's .htaccess
file:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
This code is pretty simple. If the mod_rewrite module is installed on the server (it is on all our servers), it checks if the request has been made through the HTTPS protocol and redirects all non-HTTPS requests to HTTPS.
The .htaccess
file should be located in the main directory. The main directory is normally called public_html
, unless you are working with a sub-domain or addon domain, which may have its own directory.
If you do not have an existing .htaccess
file, you can simply create one. If you use the cPanel File Manager, make sure to enable "Show Hidden Files (dotfiles)" under "Settings" in the top-right corner.
Step 3 - Check your website for any non HTTPS content
Your website should now be running 100% through HTTPS, but if any parts of your website (the theme or plugins) link to non-HTTPS elements (images, stylesheets or other content), it will cause a warning on most web browsers. We recommend typing your website address into the site scanner at Why No Padlock?
If the site scanner finds any "mixed content" on your website, you have two options. You can manually go through the images/content and update the relevant code to use HTTPS instead of HTTP, or you can use a WordPress plugin to force the content to be delivered over HTTPS. For example, a plugin such as Really Simple SSL.
If the site scanner continues to give warnings, we recommend discussing the issue with your website developer.
Extra Step 4 - Problems with SSL coverage?
To check the SSL coverage for your domains, login to your cPanel control panel and navigate to the "SSL/TLS Status" page. This will list all your domain names, including addon domains and sub-domains, and they should all have protection. You can click "Run AutoSSL" and the system will re-check SSL coverage (this takes about 10 minutes to run).
You can also do a thorough check of an SSL certificate using this online tool: SSL Server Test (Powered by Qualys SSL Labs)
Our commercial SSL certificates are issued by Sectigo, GeoTrust or GlobalSign, and the free AutoSSL certificates are issued by cPanel Inc. in collaboration with Sectigo.
If the SSL certificate has been issued by "Cloudflare Inc.", you'll need to activate SSL via your CloudFlare dashboard. We have a guide for this here: Enabling HTTPS on your website via CloudFlare
Updated by SP on 22/12/2022