This article provides you with information on how to enable HTTP on your Joomla website.




Why Use TLS?

Google (and most other search engines) now treat sites using https with preference[1]. Furthermore many browsers flag any website with a form (such as a login or contact form) that isn't using https[2]


How do I setup TLS?

For setting up the certificate, the simplest way is to get your host to do it for you.

The correct certificate to buy depends on the security protections required on your website. If you don't know then probably the cheapest and easiest option is to use Let's Encrypt - it's free and depending on your host can be often be configured straight from your cPanel or Plesk hosting dashboard.

If you've bought a Dedicated IP and SSL certificate, simply ask your host to help and they will get it signed and install it in the correct location for you.


How do I redirect all my traffic to https in Joomla

  • In Global Configuration there is a "Force HTTPS" option which allows you to force HTTPS either in the  Administrator area only or for the entire site. 
Image Showing the Force HTTPS option in the Joomla 3.x default backend template

In .htaccess

RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [QSA,R=301,L]
<IfModule !mod_ssl.c>
Redirect permanent / https://www.yourdomainname.com
</IfModule>

More complex .htaccess Examples

As an example, to switch from HTTP to HTTPS on any page that has 'abc/def' or 'ghi' in the URL, add something like this:

Code:

RewriteCond %{HTTPS} off
RewriteRule ^(abc/def|ghi)(.*)/?$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,NC,L]

... and to switch from HTTPS back to HTTP on any page that has 'home' or 'help' in the URL, do something like this:

Code:

RewriteCond %{HTTPS} on
RewriteRule ^(home|help)(.*)/?$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,NC,L]

If you want to force SSL on a specific folder you can insert the code below into a .htaccess file placed in that specific folder:

Code:

RewriteEngine On 
RewriteCond %{REQUEST_URI} folder 
RewriteRule ^(.*)$ https://www.example.com/folder/$1 [R,L]

Make sure you change the folder reference to the actual folder name. Then be sure to replace www.example.com/folder with your actual domain name and folder you want to force the SSL on.