Let’s keep it simple – Converting to HTTPS
Table of Contents
This is the first article in a new series called “Let’s keep it simple”. The idea is to help non-technical bloggers gain a little understanding and assist navigating through the complex world of running and maintaining a blog site. Let’s try and do this without the meaningless technical terminology commonly known as techno babble.
Being the other half of a blogging couple I quite often read and hear many bloggers having difficulty in maintaining their sites or getting confused with false information being sprouted by people who think they understand the technology.
In saying that, let me be the first person to put my hand up and admit I don’t know everything (see Honey I said it). But I do have 36 years in the computer industry behind me, from database and website development, to repair and service of computer and peripheral equipment and most importantly, the ability to use Google.
What is HTTPS?
HTTPS is the secure version of HTTP and means all the information you send to a website is encrypted and secure, minimising the possibility of your information being intercepted by undesirables.
Do I need HTTPS?
If you’re collecting subscription information or have an online shop you should have a HTTPS enabled site. HTTPS will also help your search rankings in Google.
Which sites are secure?
Depending on the browser, whether it be Chrome or Internet Explorer both will give you some indication of the security of the site. This could be the address bar going green or the appearance of a padlock or the details of the SSL certificate.
How do I do it?
Firstly you need to purchase a SSL Certificate, now this is like walking into Amazonian jungle with vipers hanging from every branch and marshy swamp holes in your path. But fear not, most SSL providers offer a fairly good selection of plans based on your requirements and prices vary greatly. Most bloggers can get by using the basic SSL. To make things easier, see if your hosting company offers SSL Certificates as part of their hosting packages.
Once you’ve purchased your chosen certificate you will need to have your host apply the certificate to your site. This can normally done by contacting their support. In our case we use BlueHost who offer a range of SSL certificates and apply them automatically. The next steps can vary greatly based on your websites hosting company, so hang in there and I’ll walk you through, step by step.
Login to your host’s control panel and navigate to the SSL tab or button. With BlueHost I noticed ours was not visible, but by clicking on the “Security” button this made the “SSL” button visible.
By selecting the “SSL” button this allowed me to select the required SSL plan, I selected the free plan (well free for 90 days) as this is all we need. You will also need to select the renew options.
Select your certificate plan, the free or the Positive SSL plan is all we required.
Once done, I received an email from BlueHost with an invoice for the free SSL. I next browsed to our website, aholeinmyshoe.com and to my amazement all the pages where now being displayed as secure pages.
One more thing to do and this is the most difficult part of the process, as we need to edit one file within our websites’ structure. By adding a few lines of code we can tell the browsers to go to the HTTPS pages instead of the HTTP page, thereby eliminating broken links and the scary 404 error page.
From your hosting control panel select “file manager settings” then check “Home Directory” and “Show hidden files” are selected, the click “submit”
The file we need to edit is called .htaccess and it is a hidden system file and it can be found under your public_html folder.
Once you’ve opened the .htaccess you need to add the following lines of code;
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.domain.com/$1 [R,L]
</IfModule>
Remember to replace the domain.com with your domain name.
Last step is to save the newly edited file and you’re done. Do a few tests on your site by navigating to some pages and checking all your menu links work.
Whilst this post was based around using BlueHost as our hosting provider, if you’re using a different hosting provider, then the steps may be different. Please contact your hosting provider if you have any problems.
Update
As pointed out by a reader recently, it appeared our site was not totally secure. There was no need for concern as the site was secure but because of a few badges not hosted on secure sites the browsers didn’t trust our site.
Easy fix, with the aid of a tool I was able to quickly identify the links that were the cause for concern. I copied the offending badges to our site then changed the HTML code to reflect their new location.
I’ve include the link to Why No Padlock which was a great aid, it’s easy to use and best of all it free.
Was it as difficult as you thought?
Do these tips give you the confidence to change your site over?
If this is your first time to our page, welcome. If you are a regular reader let us know if you’d like to see more of these Techno Talk posts.
Since you’re already here we have a small favour to ask and that is to please share this post or leave a comment below. If you like this post and want to read more like it why not subscribe to our Newsletter? We won’t spam you or share your personal details. If you’re not doing so already, please follow us on Facebook, Twitter and Instagram or click the Mix, Flipboard or other social media buttons below to share this post with others who might enjoy reading it. What are you waiting for?
If you signup to BlueHost via this link we will get a small kick back which contributes to keeping this site online.
Thank you for the article, it was really helpful. I have followed the directions, including show hidden files but cannot get “.htaccess” to show. Please help!
Hi, if you cant find the .htaccess file contact your service provider and they will help. The article was written around WordPress users which I noticed you’re using. Sometime the file may be located in a different folder.
Steve recently posted…Taman Festival, the Bali you haven’t seen
Thanks for the reminder – this is still on our To Do list and, yes, we’ve been putting it off because of a few horror stories and some misinformation. Good to hear a (fairly) simple success story!
Rob+Ann @TravelLatte(.net) recently posted…The Charming Medieval Village of Èze
This is great to know – we have been talking about switching over but haven’t done it yet. Neither of us use Bluehost (I did when I first started blogging though) so the process would be a little different I think. Would love to know if you have experienced any major benefits or drawbacks since switching.
Jessica @ Independent Travel Cats recently posted…Royal Edinburgh Ticket: How to Save Money on Edinburgh’s Royal Attractions
Hi Jessica, haven’t noticed any difference in traffic or Google’s interaction. But I guess if it helps protect the identity of your subscribed users then its probably the right thing to do. Most hosting providers will have very similar processes so you may find some steps will be the same. You can go through the motions without switching over and find any potential problems before switching over.
This is a great how-to Steve. We jumped into the https wagon a few weeks back. It went smoothly enough, but with a mixture of caching and CDN configurations, it was a little touch and go for a few hours. Now we just need to get comment luv to recognize the https… Thanks for linking in this week at #wkendtravelinspiration!
Sounds like the process got your blood pumping. Glad you can see light at the end of the tunnel. Once finished find a nice chicken and corn soup recipe. Enjoy.
Steve recently posted…Reflection, my travel partner through life
I have hear about converting to HTTPS and I was freaking out a little bit. After reading this post, I feel like I can relax about this. It is not as complicated as it sounds. I am ready to take some action. #wkendtravelinspiration
Ruth recently posted…Red Rock Canyon: Unique Park in California
Take the bull by the horns and go for it. If necessary ask your hosting company if they can assist before jumping off the bridge. Many thousands of bloggers have gone down this path with varying levels of complications. Don’t freak if something goes wrong, take a deep breathe and venture forward. Embrace the unknown. Your ready. I’m happy to answer any questions.
I’m with Siteground and they changed both of my travel sites over with a minimum of fuss.
I’m intrigued to know Steve which tool you used to discover the links that were causing a glitch in your system, as I would like to ensure that my travel blogs are appearing fully secure.
Sally’s Tips 4 Trips recently posted…How to Cull Your Travel Packing and Pack Light
Another positive transition, good to hear. The tool I used is provided by LexiConn Internet Services, follow this link and you can easily check your site as well as others.
Thanks Steve
Sally’s Tips 4 Trips recently posted…How to Stay in Touch When You Travel
I appreciate the simplicity! I am starting the process of updating my site – and a few other tweaks so the timing on your post is excellent.
Once you start blogging you realise very quickly that a site never remains static. Updates, new ideas and keeping up with the mob keep us busy ensuring our site is current and thats even before we think about the content.
Thanks for the detailed explanation – I’m on the fence about this as I don’t have a shop yet. You mention collecting subscriber information, and I was wondering of what nature? Also, how much faster does it help an average site to load?
Suze recently posted…Escaping the Everyday at Andaz Mayakoba on the Riviera Maya
Hi Suze, As with most blog sites we ask readers to subscribe to our “yet to be” newsletter which involves collecting names and email addresses. We need to reassure our subscribers that their information is safe and secure hence the secure site. Your second question is open for debate, and you’ll get a different answer from anyone you ask. We haven’t noticed any difference in the sites performance since changing. If you have any question please do not hesitate to contact us.
Great article Steve. We host with Siteground, and once I paid for the SSL certificate, they did the rest. It took less than 20 mins and seemed like I have no dead links or other technical issues. I know a lot of people are having significant problems. So much so I feel like maybe I missed something and am blissfully ignorant!
Thanks Paula, I have some feedback regarding the level of difficulty some have faced. We have some bad site links on our pages that are stopping us from looking as secure as we could. I’ve been tasked to rectify these bad links and should have them sorted out tonight. I will explain more in the update to the article.