We’ve talked about SSL (secure socket layer) certificates both on the cPanel blog and at the 2018 cPanel Conference in Houston, Tx as well as many other avenues at length. The importance of having an SSL for services and websites on your server cannot be understated. One of the most common support requests for both hosting providers and end-users is: once an SSL certificate is installed for your website, how do you redirect traffic to the “secure,” or HTTPS version of the URL? In Version 80, we’re adding a new feature to make that redirection even easier!
Please note- Force HTTPS redirection is not available until v80, which is currently in EDGE, but
plan to roll out to the rest of the tiers within the next two months.
How Does it Work?
In the Domains interface in cPanel (Home >> Domains), there’s an option to enable Force HTTPS Redirection from the insecure version (HTTP) to the secure version (HTTPS) with a toggle switch. This information is stored in the account’s userdata files (/var/cpanel/userdata), and the redirection is built into the domain’s vhost configuration.
All domains with valid SSL certificates can have redirection enabled. Aliases (historically called Parked Domains) will inherit their redirection status from their parent domain. No longer will a manual .htaccess redirect, plugin, or Apache configuration update be required. Now, an end user can toggle a switch to redirect visitors to the secured version of your sites!
Why is this a good thing?
Last year on the cPanel blog, I wrote up a breakdown of “Which SSL is Right For Me,” briefly touching on topics such what an SSL is, and why you need one, as well as the different types of available certificates. Symantec has a more in-depth breakdown and insights on their website explaining the ins and outs of SSLs and how they work. The very short answer is that SSLs provide a level of security and encryption protecting the transfer of your data across the internet.
Having an SSL on your website enables the padlock icon in the left side of the URL bar of your browser:
This informs your site’s viewers that the site is secured and that data transferred back and forth between the end user and the site is encrypted. There are several added benefits (aside from security) that having an SSL on your site provide.
If you’re a WordPress user (as many of you are), or are actively trying to increase your page’s rank in Google searches, Google announced that websites using HTTPS would get a slight ranking factor boost in searches using their engine. Additionally, the newer HTTP/2 protocol has proven to have faster performance than the standard HTTP but requires HTTPS due to browser support.
If you are tracking data in Google Analytics, a user who redirects from an HTTPS site to an HTTP site (by clicking links or redirects, etc.), it’s been shown that that referral data is lost. Traffic from HTTPS to HTTP usually ends up getting lumped together with “direct traffic.” HTTPS to HTTPS is counted as referral data. By using an SSL, Google Analytics will provide you with more accurate data.
Building on top of both AutoSSL and cPanel Market features that make it easier than ever to secure your websites with an SSL, we hope that the Force HTTPS Redirect will encourage users to take advantage of the opportunity to secure their websites and data.
For more information, or to discuss further, please join us on our Slack or Discord channels, or subscribe to our official cPanel Subreddit!