Implementing SSL on your Joomla website
- Published in Joomla Help
SSL or Secure Sockets Layer is a security standard for websites that encrypts data sent to and from a website. This means that if you are on a compromised or hacked network, the data you are sending and retrieving from the website cannot be seen, only the web address you are accessing can be seen. SSL has since been replaced with a stronger encryption protocol called TLS or Transport Layer Security but getting a certificate is still often referred to as buying an SSL certificate.
Having a security certificate in place has a number of great benefits. As the site owner you are helping to protect your visitors and the Internet more generally from malicious actors. Google and other major search providers prefer secure website and so will rank your site higher than competitor sites, all other things being equal. Lastly, browsers such as Chrome, Safari, Firefox and Opera will often display warnings to users where a site does not have a security certificate in place.
It is possible to get a free security certificates from services such as Let's Encrypt and Zero SSL which last for 3 months. Some web host control panels even integrate with these services to provide free SSL certificates automagically. There is a little bit of technical knowledge involved in generating the certificate and installing it, so if you don't have the energy for that, paid SSL certificate are available from Zero SSL and from your hosting partner and are typically not expensive.
How do I use SSL with Joomla 4?
When you have an SSL certificate installed, it will not automatically send all traffic through the HTTPS protocol, so there needs to be a redirect either at server level (with your host) or at application level (within Joomla 4) to make all traffic redirect from HTTP:// to HTTPS:// Fortunately for us, there is a feature built-in to Joomla 4 that manages SSL redirection for us. This setting allows you to force HTTPS for all traffic or just for traffic to the administrator area. Unless you have a specific reason to only encrypt administrator traffic, we suggest you encrypt all traffic to the site by selecting the 'Entire site' option.
In Joomla 4, the feature to switch on SSL security certificate redirection is located at System > Global Configuration > Server (tab) In the Server section, the Force HTTPS dropdown allows you to select SLL redirection for Administrator Only or the Entire Site. We recommend selecting Entire Site here. Once you have made the change it should be effective immediately.