Why You Should Force HTTPS in cPanel to Enhance Website Security
At EntreBase we want to make sure you always have the tools necessary to secure your information and data without the need for an enterprise security solution. This tutorial is provided to enable the beginner to experienced website administrator with basic security concepts around securing your personal or small business website and domain with best minimal security practices.
What is HTTPS and why should you use it?
HTTPS, displayed as a padlock icon in the web browser bar, indicates the SSL protocol is being used to send data between a web server and a website. Any website, especially those that require login credentials, sensitive data, should use HTTPS.
How does HTTPS redirection work?
Let’s say that you’ve just installed an SSL certificate on your website, whether through our one-click Let’s Encrypt installer or one that was provided through your webhosting company.
The force HTTPS redirect feature in cPanel allows you to automatically redirect visitors to the secure version of your website.
How to force HTTP to HTTPS redirect in cPanel?
Watch this video tutorial from the cPanel team:
Or follow this text-based tutorial:
1. Go ahead and log in to your hosting account cPanel (i.e.: https://yourdomain.com/cpanel or https://yourdomain.com:2083).
2. Once you are in the cPanel dashboard, scroll down to the “Domain” section and click on the Domain icon.
Then the domains interface will appear where you will see a list of all the domains on your cPanel account. You’ll see the “Force HTTPS Redirect” column.
3. Let’s locate the domain that you wish to redirect to https and set the appropriate force HTTPS redirect toggled to on, as in our example:
A success message will appear.
You can toggle several of your domains to enable or disable forced HTTPS redirects with the option at the top of the table. Just select the checkbox for each domain, and then select whether you want to toggle them all on or off.
4. Now let’s go back and access your website. Notice how it redirects us to the secure version, and we see a secure lock symbol in the location bar.
This means we’re using a secure connection to the site.
How to force HTTP to HTTPS redirect for Addon Domains?
There’s one other aspect that you need to know about this feature – Addon and parked domains inherit their settings from their associated domains.
1. Let’s click the gear icon and then click “Show Associated subdomains”
2. The associated subdomain for that addon domain will appear. Set the appropriate force HTTPS redirect toggled to on. A success message will appear.
In our example, we have forced HTTPS for domain.com which is added as an addon:
3. Now let’s go back and access your website. Notice how it redirects us to the secure version, and we see a secure lock symbol in the location bar.
That means we’re using a secure connection to the site.
Resolving SSL Mixed Content Warnings
Once doing the redirect from HTTP to HTTPS, if you are facing SSL mixed content warnings, you only need to add the following lines of code to your site’s .htaccess file (How To Access & Edit .htaccess):
<ifModule mod_headers.c> Header always set Content-Security-Policy "upgrade-insecure-requests;" </IfModule>
Now let’s go back and access your website. Notice how it redirects us to the secure version, and we see a secure lock symbol in the location bar.
Did you find this guide helpful? Please share & follow below and let us know via LinkedIn or Twitter as we would love to hear from you. As always, we’re here if you need someone to assist you and help you get the job done: Hire Us!