running on a wood bridge
Chrome, JavaScript, webdev

Protect Your Website With HTTPS


  1. Create (for free) an SSL certificate.
    One resource for that is
  2. Install it on your website’s server: – You just quickly choose the client that will match your server environment or do everything in your browser.
  3. Change all your website’s links from HTTP to HTTPS so that search engines are notified and users will get the HTTPS version.
  4. Go have a drink.


You should always protect all of your websites with HTTPS, even if they don’t handle sensitive communications. HTTPS helps prevent intruders from tampering with the communications between your websites and your users’ browsers. It might be a malicious attacker or legitimate (but intrusive) companies, such as ISPs or hotels that inject ads into pages. Your users will think that your site is ugly or worst because they can’t tell who is doing what to the pages.
If you care about your users, always protect them and serve them with HTTPS. It will also prevents intruders from being able to passively listen in on the communications between your website and your users. Another benefit we gain from HTTPS is the ability to work with new powerful web platform features:

Many older APIs are also being updated to require permission to execute, such as the geolocation API.


Check the TL;DR at the top of this post.

Three steps that won’t take you too much time and effort. However, there are few things you need to pay attention and make sure that the transfer of your site will be a smooth one.

Canonical Urls

You need to put a canonical link in the head of your page to tell search engines that HTTPS is the best way to get to your site. Here is an example:

<link rel="canonical" href="https://…"/>

Another option is to change your apache config file: .htaccess file in your root folder by adding:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Mix content

Site operators that monetize their site by showing ads want to make sure that migrating to HTTPS does not reduce ad impressions. But, due to mixed content security concerns, an HTTP iframe will not work in an HTTPS page. Advertisers should offer ad service via HTTPS and many already do. You may wish to work only with the ones that support HTTPS.

Search Ranking

It’s not a secret that HTTPS will help your ranking: Google is using HTTPS as a positive search quality indicator. There is a good guide for how to transfer, move, or migrate your site while maintaining its search rank.


Good luck and be secure!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s