Site Owners should force all connections to use HTTPS
314 views
Site Owners: If your website doesn't use SSL, you're going to lose your search engine rankings and the latest web browsers will warn visitors your site is not secure. I recommend you add two lines to your Apache .htaccess to force all connections to use HTTPS:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
Certificates are pretty inexpensive, and you can even get free ones. The only downside with Let's Encrypt certificates is you have to renew them multiple times a year, but it is free! I wrote a script to automate my renewals, and then I just check to make sure it completes successfully. Note: regardless of your expiration date, you want to run your CRON at least weekly, if not daily, just to check if there was a revocation issued by the CA!
Here's a link to a free Certificate Authority: letsencrypt.org