Has your Joomla already been updated to https? If it has not, then you should think about doing it now at the latest, otherwise you will have to accept some disadvantages. In our agency for search engine optimization in Vienna we are currently very busy converting the Joomla pages of our customers to https. In this article I will show you how you can secure your own website under Joomla with an SSL certificate.
The reasons why you should update your Joomla to support https are the same as I described in an article about updating WordPress to alow https. At the end of the article you will find a link to it.
But I would like to show you the most important reason right here:
SSL and the GDPR
On 25 May 2018, the General Data Protection Regulation has been ratified. From this date at the latest, SSL encryption will be mandatory for all websites that process personal data. Non-compliance with this regulation may result in high fines, some of which could threaten the existence of the company.
You can read more about this in our articles:
Here is another important aspect (perhaps the second most important):
Since January 2017, Google has marked certain websites in its web browser Google Chrome as unsafe if they are not switched to https.
Other browsers have also been warning in certain cases for some time that a website is unsafe. For example Firefox does so when filling out login forms on pages not protected by an SSL certificate.
Which websites are affected?
- Login forms
- Contact Forms
- Newsletter registration forms
- Payment forms
- And any other form of data collection
If you run such a site, you must have your Joomla allow https/ssl, otherwise you will get a security warning:
To avoid this, I'll show you now how to change your Joomla very easy to https.
Secure Joomla with https - step by step
1. Backup of your Joomla page
Any interference with the domain involves certain risks. So it is also possible that an error occurs during the activation of https. To restore the website you need a backup (you should do this at least once a week anyway).
We at ithelps use the extension "Akeeba Backup Pro" for this purpose. We have had a great experience with this. The creation of a backup, and also a possible recovery of the site, is very easy and fast.
Here is a video tutorial.
2. Get an SSL certificate
The easiest way is to contact your hosting provider and ask for the certificate. Either it's already included in your package (in which case it just needs to be activated) or you need to purchase one for a small monthly fee.
Normally, you should receive your provider's approval within a short time. Then you can proceed to the next step and switch your Joomla to SSL.
3. Force HTTPS
To activate https, go to the backend, to the configuration section. There you select the tab "Server" and at the point Force HTTPS you select the entry "Entire Website" in the drop down menu.
After you have clicked on "Save", your Joomla should now already be accessible with https, i.e. with SSL encryption. You can test this by entering your web address without http or https in the address line. If everything works fine, you will be redirected to the HTTPS address immediately.
It would also be possible to switch your Joomla to https via .htaccess entry. This is for example necessary for WordPress, if you want to do without plugins and do the changeover manually. With Joomla this is not necessary, because it is already integrated as a function. Just do it as show cased above, then everything will fit.
TIP: If for any reason your website is no longer available after this step, do the following:
Open the file with your FTP client: configuration.php and set the entry
public $force_ssl =' '; set the value to 0, probably with a 1.
The entry must then look like this: public $force_ssl = '0';
If you have problems with the conversion or if for some reason you can no longer create the page with the method just shown, please feel free to contact us. We will support you in making your online presence secure.
4. Test your Joomla pages and links
Call up one page after the other in your browser. If you see the (green) lock in front of your address, the contents are transmitted with an encryption.
If you see a callsign or a triangle instead of a (green) lock on a page, there is still "unsafe content" that you need to correct. There might still be some hard-coded http entries (e.g. scripts from third parties). This one you will have to deal with now.
To do this, proceed as follows.
I use the browser Google Chrome, but you can also use any other browser. Right-click anywhere on the page and select "Examine" or "Examine Element. An additional window will open. There you click on "Console" or "Console". You will now see all elements that are not transmitted via HTTPS.
Correct all http-links manually so that the browsers validate your SSL encryption and your page is displayed as secure in the address bar. If you don't do this, your site will be rated as "mixed content" and still be displayed as insecure.
After this process your Joomla website has now enabled valid https.
This procedure is suitable for small websites or those that are not yet very extensive.
If you have a page with many subpages, I recommend the following procedure.
5. Adjust the links in the database
This process sounds more complicated than it is. We use the extension "DB Replacer" for this.
Install the application as usual and activate it. Afterwards you call it in the backend under components. It looks like this:
You see the database tables and columns from left to right. Then follow the search and replace fields. Below that you can see in the preview how often the search term was found in the respective table. After you have replaced http by https, you can check if it worked correctly.
Okay. So much for the interface. Now the practical procedure.
Mark a table in the left field (Tables). Then select all entries in the Columns field by marking the first entry and the last one by holding down the Shift key.
In the search field, enter the term to be replaced including the colon. This is HTTP:
In the Replace field, enter the term to be replaced. In our case HTTPS:
Attention: Do not forget the colon.
Here's the reason for that. If there are already entries with https in the database, without the colon it would mean that these entries now contain an additional s after the replacement. This would then look like this: httpss://
We don't want that, because you will ruin your links.
So: HTTP: not HTTP and HTTPS: not HTTPS
Now click Replace. All HTTP entries are replaced with HTTPS entries.
Repeat this process with each table.
This is a bit time-consuming. But to my knowledge it's the best way how you can cleanly and completely switch Joomla to SSL. If you know a better and faster method, just tell me.
Here is a video tutorial about it:
You should still do this after having enabled HTTPS.
- Enter your HTTPS address in the Google Search Console
- Do the same in Google Analytics
- Change your URL in your social media accounts if you link to your page with them
I have now shown you how to change your Joomla website to https/ssl. In the article "Why and how you should switch WordPress to HTTPS [Instructions] you can read the reasons for a change. Now it's up to you to take action and provide for more security on your domain.
möchtest.And, as already mentioned, do not hesitate to ask us for support if you have problems with the changeover or do not want to do it yourself.
It doesn't cost the earth, and you're on the safe side.
Call right now - +43 1 353 2 353 - we'll get it done for you in no time.
If you have any questions or know another, better way to switch Joomla to https, please write it in the comments.