Joomla Force SSL is a Joomla feature to activate the SSL Certificate on your Joomla website.
SSL stands for Secure Sockets Layer, it is a security protocol that transmits private data across your Joomla site to the encrypted format. Accordingly, connections to/within your site will be on the secure https protocol instead of the standard http prefix.
Your site really needs SSL Certificate?
If you own an eCommerce or business website, SSL Certificate is nearly a must to protect your critical data. See the Further Knowledge section for the detailed appraisal.
How to set up SSL in your Joomla site?
Let’s consider if SSL Certificate is necessary for your site.
1. Checklist for your set up
To get SSL Certificate enabled for your Joomla site, you should have these followings in advance.
- SSL Certificate, which has been installed successfully on your server. You can learn about how to get SSL Certificate HERE.
- Your dedicated IP Address, which is unique for one SSL Certificate.
2. Enable Force SSL in your Joomla site
Note: we used Joomla 3 in this tutorial, for Joomla 2.5, it’s the same.
Step 1: configure your configuration.php file
Open your configuration.php
file
Find the following line:
var $live_site ='';
Replace with:
var $live_site = 'https://www.your-domain.com';
Next, open .htaccess
file then add the following code to the bottom of the file.
RewriteEngine On RewriteCond %{HTTPS} OFF RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Step 2: enable Force SSL in your Joomla site
In the Admin Panel, navigate through System >> Global Configuration or simply click the Global Configuration button.
Within the Server tab, in the Server Settings section, there are 3 Force SSL alternatives that you can select, namely:
- None: SSL will not be enabled in your Joomla site.
- Administrator Only: connections to your administrator will be on HTTPS.
- Entire Site: connections all over your website will be on HTTPS.
Hit the Apply/Save button. You are done now! So let's check your site now.
Tips:
If you want to enable Force SSL in some specific pages of your Joomla site. This option is actually not available in Joomla back-end settings. However, there are various Joomla extensions allowing you to redirect your selected pages into HTTPS. SSL Redirect could be a great pick, this extension is compatible with both Joomla 2.5 and Joomla 3.
Further knowledge about SSL Certificate
Pros and cons of SSL Certificates
Pros:
- Higher security level for communication data and eCommerce transaction.
- Customers are guaranteed while making payment in your Joomla site.
- SSL Certificate is compulsory for the PCI compliance, which is required by card providers such as Visa, MasterCard, Discover Network, American Express, Diners Club International, etc. to accept your credit card payment.
Cons:
- HTTPS traffic consumes much more resources than HTTP does to encrypt and decrypt the data for both the server and web browser.
- As all the critical data is hidden, the troubleshooting components such as URL path, SQL responses or parameters, etc. are hidden as well.
Types of SSL Certificates
There are 3 types of SSL Certificate:
- Dedicated SSL
- Shared SSL
- Wildcard SSL
If this is your first time with SSL, Shared SSL is recommended. You then can get used to with this security method without having to pay the most costly type.
Want to see examples with screenshots of each SSL type? Check it out.
SSL tools
One of the biggest problems you may meet with SSL Certificate is that you may face with difficulty while troubleshooting problems in your Joomla site. Nevermind, you can use tools to overcome this at ease. One of the most popular SSL troubleshooting tool providers in SSLShoppers. Visit them just in case you need any tool for troubleshooting, testing, checking, generating and so on.
Our recommendation
If your website are half of community and half of eCommerce, turning on SSL Certificate for some pages only is much of help instead of having HTTPS for the whole site. At the moment, Joomla back-end settings does not support you to do that, but you can use the suggested third party Joomla extensions.
In case you do not want SSL Certificate for your eCommerce site, it is applicable to use third party services from PayPal, Google Checkout or Amazon Payments. While processing payment, your customers will be redirected into these service providers’ websites instead.