https://blog.superhosting.bg/en/next-step-to-make-the-web-more-secure-and-autossl.html

Press enter to see results or esc to cancel.

Google Takes the Next Step Towards a More Secure (HTTPS) Web, SuperHosting.BG Also Moves on With AutoSSL

2017-10-03
News and events
google chrome, chrome, https, https everywhere, secure web, firefox, https web, autossl, comodo

Google’s plan for a more secure web is still in progress as the key tool for its implementation is the Chrome Web Browser. The next phase of marking HTTP as non-secure web element has already started. As of October 2017 Google Chrome v.62 will display a Not Secure warning message in front of all HTTP pages containing forms no matter if their purpose is logging in, comments, feedback or other. Until recently this notification was displayed only for HTTP pages with password or credit card form fields.

Chrome v.62 will display the Not Secure message in front of all HTTP pages with forms.

Mozilla Firefox will do the same!

Many big companies followed Google’s steps towards the idea of HTTPS everywhere. Mozilla also plans to drop the non-secure HTTP in Firefox.

Firefox v.51 will start displaying a crossed out lock in the address bar on all sites that don’t use HTTPS and contain a login form.

Firefox 52 will visibly display a warning message in the fields of a login form when a certain webpage loads via HTTP. A broken lock icon will also be loaded in the address bar.

 

The Next Step for Chrome and Firefox

Google and Mozilla announce one and the same goal in their plan to quit the non-secure HTTP – their browsers will soon start marking in red each page that doesn’t use HTTPS no matter what its contents are.

Firefox will display the crossed out lock for every HTTP webpage.

Google Chrome will display a triangle in red, containing the Not Secure notification.

Some users may not have paid much attention to an HTTP’s URL, but from now on it will be much easier since its shining red appearance. This surely will make visitors uncomfortable and they might start avoiding such websites. Many HTTP websites will lose the trust and attention of their regular users, especially if they are online stores or handle sensitive data.

Luckily this time has not come yet and all HTTP websites still have time to migrate to HTTPS (or HTTP/2).

HTTPS (+HTTP/2)
If you still have not migrated to HTTPS here are some benefits and reasons fair enough to convince you into finally doing it:

  • Secure User Connection.
    The secure HTTPS connection protects your visitors’ data from interception or counterfeiting. This is crucially important for activities such as online banking, shopping, communication or others.
  • Website Protection
    Secure HTTPS connection between the user and a website protects the website itself by preventing third parties’ access and modification before the content reaches the user’s browser.
  • Better Ranking on Google.
  • Creating Reliability and Sense of Security.
    All web browsers will mark the website as secure by adding a green icon next to its URL and a text stimulating all your visitors’ trust.
  • Speeding up Your Website
    HTTPS will enable the connection between the website and its visitors to work with the newer and faster HTTP/2 protocol.

You host a website with us, but still do not have an SSL certificate?

Do not worry! You can test HTTPS right now, because your website already has an installed SSL certificate. The only thing that you need to do is enable the secure HTTPS connection in your website’s settings. Please note that the SSL certificate is installed in your hosting account, but enabling the HTTPS connection is up to you.

All SuperHosting.BG customers that still have not installed an SSL certificate are secured by such and they do not need to install another one. All domains pointed to a hosting account by SuperHosting.BG have installed free cPanel/Comodo SSL certificate by default.

Open your website in a new tab by adding https:// at the beginning of the URL. You will see the green lock no matter what your browser is.

If, after the website is loaded, the icon does not display a green lock, this means that the site is not completely HTTPS ready. You have to work a bit more on its settings. All non-secure HTTP resources will need to be changed to HTTPS. If you own a WordPress website, changing non-secure HTTP resources to HTTPS can be automatically performed through WordPress Manager in cPanel.

In case of an error message displayed while loading a HTTPS website, please send a query to our Technical Support Department.

cPanel AutoSSL – SSL certificate for each domain

Recently we enabled the AutoSSL feature for all hosting plans and Managed VPS servers. This is a system feature in cPanel/WHM that allows you to automatically install SSL certificates.

The new SSL certificates installed via AutoSSL are specially developed by cPanel in cooperation with Comodo. The cPanel/Comodo certificates have the same parameters as Let’s Encrypt. They are completely free, issued for a 3 months period and are automatically renewed. The only difference with Let’s Encrypt is that here the certificate is automatically installed without requiring the participation of any user.

Installing an SSL certificate requires placing a few system files into your hosting account. However, to enable a secure HTTPS connection, the admin needs to perform a further setup in the website.

The free SSL certificate by cPanel/Comodo can be viewed by going to cPanel – menu „SSL/TLS“-> „Managing SSL Certificates“.

For more information about AutoSSL, please visit our help page. cPanel AutoSSL – SSL certificate for each domain

Short guide for migrating from HTTP to HTTPS

1. Activate the secure HTTPS connection

You can manually enable HTTPS in WordPress by modifying settings in the General section and then Settings. For the WordPress URL and URL options you need to change the URL from http:// to https://.

Automatic HTTPS Activation for WordPress can be performed with the Move option available in WordPress Manager in cPanel. When doing this you need to change the URL protocol, for example: http://mysupersite.com has to be changed into: https://mysupersite.com. After you finish the procedure, use the option Check for HTTP Resources (loaded on HTTPS Website). The option allows you to automatically edit the HTTP resources in your website so that they start loading via HTTPS.

For websites powered by another CMS, check their settings or help documentation.

2. Update all HTTP Website Resources to HTTPS

If the website is running on WordPress you can automatically update all HTTP resources to HTTPS by using cPanel -> WordPress Manager and clicking on Check for HTTP Resources (loaded on HTTPS Website).

For websites running on other CMS you can check and change the HTTP resources manually.

3. Set up 301 Redirecting to New HTTPS URLs

Setting up 301 Redirecting to New HTTPS URLs can be implemented by using a few .htaccess rules. For example, add the following code below the RewriteEngine On line:

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R=301,L]

By doing this you will redirect your website and all its pages to always loading through HTTPS.

4. Check and Set up Canonical URLs

After the website is already loaded only via HTTPS, check whether the webpages code contains a correct meta tag rel=“canonical“. The canonical Address should be HTTPS. If you have a WordPress website and up to now you used a plugin to generate meta tags, you only need to check if they begin with https://.

5. Google Search Console and Google Analytics

After the website already loads through HTTPS you will need to change the URL in the respective Google tools by replacing the old http:// with the new https://.

You first need to add the website starting with https:// in the Google Search Console as a new website.

After opening Google Search Console go to the Home page and Add a Property.

5.1. Add a Property. Add your website’s URL starting with https:// (e.g. https://mysupersite.com/).

5.2. Sitemaps. Submit the sitemap starting with https:// (e.g. https://mysupersite.com/sitemap.xml).

5.3. Fetch as Google. After Google verifies the website, enable indexing and the related links – Request indexing -> Crawl this URL and its direct links – Go.

5.4. Google Analytics. Log into your Analytics profile and access the Admin settings. In both sections: Property Settings and View Settings change the Default URL from http:// to https://. Save all changes.

Read more information for migrating from HTTP to HTTPS on Google: HTTP–>HTTPS migration FAQs.

Technical Support Specialist

Megan is our support guru – she can answer every technical question. She knows everything about new technologies. Megan's SuperPower is that she can explain even the most complicated technologies in plain language.

500px270px
SuperHosting.BG

Related Posts

Leave a Reply

Be the First to Comment!

Notify of
avatar
wpDiscuz