Joomla is a powerful, open-source content management system (CMS) that powers websites of all sizes and shapes across the globe. It’s a free application written in PHP and built on the robust Model-View-Controller (MVC) web application framework. The platform connects your website to multiple databases to ensure efficient content delivery and management for both the visitor and the site administrator.
Joomla treats security earnestly and is very proactive in solving issues that may occur. However, this doesn’t mean you have no role to play with regard to your site’s security. One thing that you can do to boost the security of your Joomla site is the installation of SSL (Secure Socket Layer) and activation of the HTTPS (Hypertext Transfer Protocol Secure). Setting up SSL/HTTPS will activate the built-in features to protect the site from easy exploits targeting your site or the site users.
To set up SSL/HTTPS on your Joomla site successfully, we’ll work on both the domain SSL control and your website’s hosting server side. Ready to go? Let’s get started!
Before we embark on the mission, there some conditions that you must meet for guaranteed success.
- You need valid SSL certificate.
- You need a dedicated IP address unique to single SSL certificate.
However, to take care of every user, we’ll start with the installation of the SSL certificate.
Special Note: Many web hosting services offer one-click Joomla installation, but some offer much more: 24/7 Joomla tech support, daily updates and backups, templates etc. Consult our Best Joomla Hosting Providers page to find the top Joomla hosts, including expert and user reviews.
STEP 1: GET THE CSR CODE AND SSL CERTIFICATE
The first step when installing the SSL certificate on your server is generating a CSR code. Navigate to the security section of the cPanel on your hosting account.
Once you have the private key go to:
Use the private key we have just generated. Submit all the details as requested, then click the generate button to get the CSR code. Once the CSR code is generated, you can move to the next step.
Purchase your ideal SSL certificate and use the CSR code to activate it. The CA will send you a verification email to the specified domain’s admin email address. Once you verify the email the certificate authority will send you the SSL certificate files namely:
STEP 2: INSTALL THE SSL CERTIFICATE
Install the SSL certificate on your web server. Select:
Select your domain, then copy & paste the codes into their correct fields. Make sure the intermediate.crt is copied in the CA Bundle field. Click install to finalize the SSL installation.
NB: The installation of the SSL certificate may vary depending on your server configuration and hosting provider check your documentation to obtained customized installation instructions.
STEP 3: CONFIGURE FORCE SSL ON JOOMLA
Once you install the SSL certificate, the other modification will be done on your Joomla website side. First, we’ll have to configure the Force SSL feature. Joomla Force SSL is a powerful built-in feature that empowers you to activate SSL certificate on your site without a hassle.
Login to your site and go to System> Global Configuration.
A new window will open. Click on the server button to access the Force SSL options.
There are three Force SSL options which you can choose from. Select:
- None: If you don’t want to active Force SSL on your site
- Administrator only: If you want the site administrator to be on HTTPS
- Entire site: If you want everything on your site to be on HTTPS.
In our guide, we’ll leverage the “Entire Site” option. Set the Force SSL parameter as “Entire site” and click the “Save & Close” button. This will activate the SSL on your entire Joomla site including the frontend and the admin side.
STEP 4: ACTIVATE THE CONFIGURATION.PHP FILE
To configure the configuration .php file, login to your cPanel and navigate to the “Your Website Folder.” Open the folder to access the “Configuration.php” file. Using a command-line editor find the line below:
public $live_site ='';
public $live_site = 'https://www.your-domain.com';
By editing the configuration. Php file you permit visitors accessing your site via the old HTTP protocol to be redirected to the HTTPS automatically.
STEP 5: CONFIGURE THE .htaccess FILE
Once you complete the configuration of the configuration.php file, the next step is editing the .htaccess file. Locate the .htaccess file;
Open the .htaccess file and add the following command lines at the bottom-most:
This code activates HTTPS on your entire Joomla site.
STEP 6: CONFIRM THE INSTALLATION
Once everything is set, open your browser and go to https//www.yourJoomlasite.com. If the page loads flawlessly without prompting any error windows, then it confirms your Joomla site is properly configured. You will need not worry even when logging in from a public WiFi since all details are completely encrypted.
By now, you have setup HTTPS successfully on your Joomla site. All connection within or those leading to your Joomla site will utilize the secure HTTPS protocol instead of the customary HTTP. However, some of the pages on your Joomla site may contain mixed content featuring the old HTTP-based URLs. These pages can be edited and fixed manually by implementing the secure HTTPS links to their fields.
NB: The Joomla site doesn’t provide an option to enable Force SSL in specific pages. However, this is not to mean that this is impossible. There are multiple Joomla extensions designed to allow you to redirect selected web pages into HTTPS.
Owing to the sensitivity of data processed via Joomla site, investing in top-class security is imperative. Learning how to set up HTTPS/SSL on your Joomla site is the first step towards a properly encrypted site. The exercise should not be as difficult as many perceive. However, the internet web has many narratives regarding this installation process, and it’s daunting to find one that will help you install without a hassle.
Our guide is the simplest you will find. It is prepared to be easy to implement with screenshots to simplify every step. We hope the guide has empowered you to successfully encrypt every communication and data on your Joomla site in minutes.