Need to protect the customers of your Joomla website? Use SSL
This tip assumes that you have already installed SSL on your hosting server. If not, first you have to purchase a Secure Socket Layer (SSL) certificate from your Web hosting provider or other certificate reseller. While SSL encryption protocol doesn’t secure the site itself, since it encrypts traffic to and from the server it can prevent eavesdropping and protects sensitive data. If you are running a eCommerce website or Online Store, then it’s especially important to have SSL in your Joomla! website to secure Credit/Debit card information, confidential content, passwords and all that secure data. Proper use of SSL certificates will help you to gain your customers trust and sell more.
Joomla! 2.5, Joomla! 3.1 and later have greatly improved support for administration over SSL out of the box. Adding an SSL certificate and enabling it on your Joomla! site will allow to log in with the secure “https” protocol instead of the standard “http” prefix. You can turn SSL on for Administrators only, for the whole site (recommended) or selected pages.
To set the Force SSL option in Joomla 2.5 and 3.1 site:
- Global Configuration -> Server -> Force SSL : Entire site. Click Apply/Save. This will force SSL for your entire website, both Administrator and front end.
If you don’t have SSL enabled for your domain name you will immediately get an error upon saving.If you are going to use SSL for individual Joomla! pages, it’s a good idea to also turn on SSL for Administrator Only.
- Module Manager -> Login module (which you’re using as default) -> Encrypt Login Form [Yes]. When you have an SSL certificate on your Joomla! website, this setting will have the user’s browser encrypt their login data (username and password) before it’s sent over the Internet to your server. Do not enable this option if Joomla is not accessible using the https:// protocol prefix.
- You still have to setup the SSL certificate to work on VM. Virtuemart configuration -> Shop (tab) –> Enable SSL for sensitive areas [x] – turn on.
Please note!: The Joomla! global configuration allows you to configure SSL, but if a visitor enters a Joomla! page through non-HTTPS (I mean “old” URLs), this visitor is not automatically redirected.
Using a text editor open the configuration.php file from your site and find this line,
var $live_site ='';
Replace it with:
var $live_site = 'https://www.your-site.com';
Then go to your .htaccess file and add these lines to the end of the file:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Disadvantages of using SSL
Implementing SSL for web communication has one disadvantage. Serving HTTPS traffic costs more in resources than HTTP requests (both for the server and web browser). It makes this form of communication slower than communication without SSL. Because of this you may wish to use mixed HTTP/HTTPS where the site owner can decide which pages or users should use HTTPS. You can manually select Joomla! Menu-Items to which SSL should be applied, or you can choose Joomla! components (like the user-component) to which it should be applied. Overall, the disadvantages of using SSL are few and the advantages far outweigh them.
Error pages over HTTPS
This could indicate a setup issue with your certificate. It is advisable to contact your hosting provider to look into the problem.
This article was first published