Nowadays every website should have an SSL certificate. Ideally every website should be 100% HTTPS, every page and every piece of content is served over an encrypted connection and with a trusted SSL security certificate. At Maxer Host, we help all our hosting clients to achieve this by offering SSL certificates for every website.

In the past, only e-commerce websites enforced HTTPS, to secure confidential data on checkout pages and logged-in areas. However, lots has changed in the last few years. There has been industry wide change to make ALL websites 100% HTTPS. This change has been supported by big firms like Google, Microsoft, Mozilla.

With this in mind, Maxer Host launched our free AutoSSL service in February 2017. It's available on all our shared hosting, enterprise hosting and reseller hosting plans. The AutoSSL feature is enabled by default so our hosting clients can enforce HTTPS on their websites.

Whether you use the 90-day AutoSSL provided with your web hosting or you use one of the big brand certificates we sell from Comodo, GeoTrust or GlobalSign, you can use the following code to enforce HTTPS mode across your website.

Step 1 - Is the website running WordPress software?

Almost 30% of the Internet runs on WordPress software!
If you have a WordPress site, please instead follow this guide: https://my.maxer.com/knowledgebase.php?action=displayarticle&id=165 

Otherwise proceed to step 2!

Step 2 - Use an .htaccess file to force redirect all HTTP requests to HTTPS. 

You can enforce HTTPS across your website so that all visitors are redirected to a page with SSL security encryption. This can be accomplished by adding code to your website's .htaccess file using a feature known as mod_rewrite. Simply add the following 3 lines to your .htaccess file:

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.exampledomain.com/$1 [R,L]

This code is pretty simple. It instructs the web server to redirect any visitor accessing the website on port 80 (HTTP) to the website address prefixed with https://

If you do not have an .htaccess file, simply create one in the main directory of your website. The main directory is normally called public_html unless you are working with a sub-domain or addon domain, which will have its own directory.

Don't forget to replace exampledomain.com in our code with your actual domain name!

Step 3 - Check your website for any non HTTPS content

Your website should now be running on 100% HTTPS, but if any part of your website theme or plugins use non-HTTPS images, stylesheets or other content, it will cause a warning on most web browsers. We recommend typing your website address into the site scanner at https://www.whynopadlock.com/

If the site scanner finds any "mixed content" on your website, you may need to manually go through the images/content and update the relevant code to use HTTPS instead of HTTP. 

If the site scanner continues to give warnings, we recommend discussing the issue with your website developer.

Extra Step 4 - Is there an active SSL certificate on your website?

To check SSL coverage, login to your cPanel control panel and navigate to the "SSL/TLS Status" page. This will list all your domain names, including addon domains and sub-domains, and they should all have protection. You can click "Run AutoSSL" and the system will re-check SSL coverage (this takes 10 minutes to run). 

You can also do a thorough check of an SSL certificate using this online tool: https://comodo.ssllabs.com/

Our paid certificates are issued by "Comodo", "GeoTrust" or "GlobalSign", and the free AutoSSL certificate is issued by "cPanel Inc".

If the SSL certificate has been issued by "Cloudflare Inc" you'll need to activate SSL via your Cloudflare dashboard. There is a guide here: https://my.maxer.com/knowledgebase/177/Enabling-HTTPS-on-your-website-via-Cloudflare.html

Was this answer helpful? 227 Users Found This Useful (432 Votes)