#8 Why you should be using an SSL on every Craft + EE site you build

Secure Socket Layer’s (SSL’s) are nothing new. They were mainly used for E-Commerce sites in which credit card details had to be encrypted. This need for them still very much exists.

In August 2014, Google stated that using https would give sites a gentle nudge up the search rankings. It got a lot people thinking again about SSL’s!

Whenever you are sending a form over the web however, without https that form data is subject to man in the middle attacks.

Think about your Craft or ExpressionEngine logins… Those are forms like any other and without encryption you are open to attacks.

Problems with SSL’s

  • They can slow your site down. Although minimal effects.
  • They are an extra thing to do and worry about. As we will see with Let’s Encrypt it’s a lot easier than you think.
  • Once set up, can cause indexing problems with Google.

Let’s Encrypt

Let’s Encrypt is a free service for absolutely anyone and any website.

Let's Encrypt

It’s incredibly simple to use and you can have your site using https in less than 2 button clicks!

It’s available as a manual install or plugin for Plesk or CPanel.

I can’t emphasise how easy it is to get an live SSL up and running with Let’s Encrypt.

301 Redirects

Once you have your SSL in place, you are not finished. You want to set up redirects. This is no search engines and others navigate to the correct pages as the urls will change.

In the case of Media Surgery: We Decided to lose the ‘www’ at the same time going https.

To confirm you have set up everything correctly

Keep an eye on your Google Search Console (previously WebMaster Tools).

Google query “site:yourdomain.com” and see what’s been indexed.

Google Site Colon

ExpressionEngine config

In your EE config.php file set:

$config[‘site_url’] = “https://yourdomain.com”;

Craft CMS config

In your Craft CMS general.php file set:


return array(
    ‘yoursite.com’ => array(
        ‘siteUrl’ => ‘https://yoursite.com',
        ‘environmentVariables’ => array(
            ‘basePath’ => ‘path/to/files‘,
            ‘baseUrl’  => ‘https://yoursite.com/',
        )
    )
);

Weighing things up

Pros:

  • Adds Trust for users
  • More secure
  • Better search rankings
  • Feels like the right thing to do

Cons

  • Performance issues (small effect)
  • Can be tricky / time consuming to instal (With Let’s Encrypt very easy)
  • Search indexing issues (mainly on HUGE sites)

Conclusion

Use an SSL / https but key an eye on your site and make sure you have tested your redirects thoroughly!

What’s your experience with SSL’s?

Leave a comment

" What you do not want to happen to you, do not do it yourself either" Sextus the Pythagorean