Secure Socket Layer’s (SSL’s) are nothing new. They were mainly used for E-Commerce sites in which credit card details had to be encrypted. This need for them still very much exists.
In August 2014, Google stated that using https would give sites a gentle nudge up the search rankings. It got a lot people thinking again about SSL’s!
Whenever you are sending a form over the web however, without https that form data is subject to man in the middle attacks.
Think about your Craft or ExpressionEngine logins… Those are forms like any other and without encryption you are open to attacks.
Problems with SSL’s
- They can slow your site down. Although minimal effects.
- They are an extra thing to do and worry about. As we will see with Let’s Encrypt it’s a lot easier than you think.
- Once set up, can cause indexing problems with Google.
Let’s Encrypt is a free service for absolutely anyone and any website.
It’s incredibly simple to use and you can have your site using https in less than 2 button clicks!
I can’t emphasise how easy it is to get an live SSL up and running with Let’s Encrypt.
Once you have your SSL in place, you are not finished. You want to set up redirects. This is no search engines and others navigate to the correct pages as the urls will change.
In the case of Media Surgery: We Decided to lose the ‘www’ at the same time going https.
To confirm you have set up everything correctly
Keep an eye on your Google Search Console (previously WebMaster Tools).
Google query “site:yourdomain.com” and see what’s been indexed.
In your EE config.php file set:
$config[‘site_url’] = “https://yourdomain.com”;
Craft CMS config
In your Craft CMS general.php file set:
return array( ‘yoursite.com’ => array( ‘siteUrl’ => ‘https://yoursite.com', ‘environmentVariables’ => array( ‘basePath’ => ‘path/to/files‘, ‘baseUrl’ => ‘https://yoursite.com/', ) ) );
Weighing things up
- Adds Trust for users
- More secure
- Better search rankings
- Feels like the right thing to do
- Performance issues (small effect)
- Can be tricky / time consuming to instal (With Let’s Encrypt very easy)
- Search indexing issues (mainly on HUGE sites)
Use an SSL / https but key an eye on your site and make sure you have tested your redirects thoroughly!
What’s your experience with SSL’s?