What Is HTTPS?
HTTPS (Hypertext Transfer Protocol Secure) is an internet communication protocol that protects the integrity and confidentiality of your users' data as it is sent from their computer to your website over public networks including WiFi hot spots. Secure sites running on HTTPS have an SSL certificate and a visible green padlock in their browser to show the connection is secure.
How You Migrate To HTTPS
There are a number of ways to migrate to HTTPS and we have created a downloadable guide for you at the bottom of this page.
If you wish to attempt to do it yourself you can also follow the instructions at the site Moving To HTTPS
REC Settings
Once you have installed your SSL certificate you need to change your REC / REC+ settings to enable it:
Go into Admin > Site Settings > Security tab
- Use SSL - tick this to only use SSL on your Login, Checkout and Registration pages, not every page of the site.
- Use SSL Everywhere - tick this to use SSL on every page of your website. Make sure you run mixed content scans to identify / fix any issues.
- Use Strict Security - tick this to enable HTTP Strict Transfer Security (HSTS) for an even greater depth of protection. Warning: Use with care, read note below first!
Warning: Strict Security
HSTS is used to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections. This is set after users have visited your site for the first time. It is only possible to reverse the affect on users after several months if you decide to turn it off. You should only consider using it once you have successfully migrated to SSL and have no issues on the site over a reasonable time period, for example at least a 3 month period.
Fixing Blog Posts
It is likely that you may have blog posts entered prior to 2017 which have links to HTTPS resources in the Reference block, such as images.
To quickly fix any such issues found in Blog post older reference blocks run: Admin > Blog Settings > "Fix Mixed Content Reference Blocks".
This replaces links to HTTP resources with HTTPS, for example <img src="http://site.com/image.png">
would need replacing with <img src="https://site.com/image.png">
so it loads over HTTPS instead.
Sometimes a HTTPS version of something may not yet be available, in this case you could download the resource and host it yourself on your new HTTPS site, which means it would automatically be a HTTPS resource.