<![CDATA[CleverPeople.com: Site Owners should force all connections to use HTTPS}]]> https://cleverpeople.com/blog/view/304/site-owners-should-force-all-connections-to-use-https https://cleverpeople.com/blog/view/304/site-owners-should-force-all-connections-to-use-https Sun, 11 Jun 2017 13:17:50 -0400 https://cleverpeople.com/blog/view/304/site-owners-should-force-all-connections-to-use-https <![CDATA[Site Owners should force all connections to use HTTPS]]> Site Owners: If your website doesn't use SSL, you're going to lose your search engine rankings and the latest web browsers will warn visitors your site is not secure. I recommend you add two lines to your Apache .htaccess to force all connections to use HTTPS:

 
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
 
Certificates are pretty inexpensive, and you can even get free ones. The only downside with Let's Encrypt certificates is you have to renew them multiple times a year, but it is free! I wrote a script to automate my renewals, and then I just check to make sure it completes successfully. Note: regardless of your expiration date, you want to run your CRON at least weekly, if not daily, just to check if there was a revocation issued by the CA!
 
Here's a link to a free Certificate Authority: letsencrypt.org
]]> Gary Wright II