Tips & Tutorials

Joomla Tips & Tutorials

Joomla Force SSL is a Joomla feature to activate the SSL Certificate on your Joomla website.

SSL stands for Secure Sockets Layer, it is a security protocol that transmits private data across your Joomla site to the encrypted format. Accordingly, connections to/within your site will be on the secure https protocol instead of the standard http prefix.

Your site really needs SSL Certificate?

If you own an eCommerce or business website, SSL Certificate is nearly a must to protect your critical data. See the Further Knowledge section for the detailed appraisal.

Joomla Force SSL feature

Joomla Force SSL feature

How to set up SSL in your Joomla site?

Let’s consider if SSL Certificate is necessary for your site.

1. Checklist for your set up

To get SSL Certificate enabled for your Joomla site, you should have these followings in advance.

  • SSL Certificate, which has been installed successfully on your server. You can learn about how to get SSL Certificate HERE.
  • Your dedicated IP Address, which is unique for one SSL Certificate.

2. Enable Force SSL in your Joomla site

Note: we used Joomla 3 in this tutorial, for Joomla 2.5, it’s the same.

Step 1: configure your configuration.php file

Open your configuration.php file

Find the following line:

var $live_site ='';

Replace with:

var $live_site = 'https://www.your-domain.com';

Next, open .htaccess file then add the following code to the bottom of the file.

RewriteEngine On
RewriteCond %{HTTPS} OFF
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Step 2: enable Force SSL in your Joomla site

In the Admin Panel, navigate through System >> Global Configuration or simply click the Global Configuration button.

Access Global Configuration in the back-end setting

Access Global Configuration in the back-end setting

Within the Server tab, in the Server Settings section, there are 3 Force SSL alternatives that you can select, namely:

  • None: SSL will not be enabled in your Joomla site.
  • Administrator Only: connections to your administrator will be on HTTPS.
  • Entire Site: connections all over your website will be on HTTPS.
Joomla Force SSL feature

Configure Joomla Force SSL

Hit the Apply/Save button. You are done now! So let's check your site now.

Joomla Force SSL feature

Joomla Force SSL is enabled

Tips:

If you want to enable Force SSL in some specific pages of your Joomla site. This option is actually not available in Joomla back-end settings. However, there are various Joomla extensions allowing you to redirect your selected pages into HTTPS. SSL Redirect could be a great pick, this extension is compatible with both Joomla 2.5 and Joomla 3.

Further knowledge about SSL Certificate

Pros and cons of SSL Certificates

Pros:

  • Higher security level for communication data and eCommerce transaction.
  • Customers are guaranteed while making payment in your Joomla site.
  • SSL Certificate is compulsory for the PCI compliance, which is required by card providers such as Visa, MasterCard, Discover Network, American Express, Diners Club International, etc. to accept your credit card payment.

Cons:

  • HTTPS traffic consumes much more resources than HTTP does to encrypt and decrypt the data for both the server and web browser.
  • As all the critical data is hidden, the troubleshooting components such as URL path, SQL responses or parameters, etc. are hidden as well.

Types of SSL Certificates

There are 3 types of SSL Certificate:

  • Dedicated SSL
  • Shared SSL
  • Wildcard SSL

If this is your first time with SSL, Shared SSL is recommended. You then can get used to with this security method without having to pay the most costly type.

Want to see examples with screenshots of each SSL type? Check it out.

SSL tools

One of the biggest problems you may meet with SSL Certificate is that you may face with difficulty while troubleshooting problems in your Joomla site. Nevermind, you can use tools to overcome this at ease. One of the most popular SSL troubleshooting tool providers in SSLShoppers. Visit them just in case you need any tool for troubleshooting, testing, checking, generating and so on.

Our recommendation

If your website are half of community and half of eCommerce, turning on SSL Certificate for some pages only is much of help instead of having HTTPS for the whole site. At the moment, Joomla back-end settings does not support you to do that, but you can use the suggested third party Joomla extensions.

In case you do not want SSL Certificate for your eCommerce site, it is applicable to use third party services from PayPal, Google Checkout or Amazon Payments. While processing payment, your customers will be redirected into these service providers’ websites instead.

Further Readings you might be interested in:

BLOG COMMENTS POWERED BY DISQUS