Earlier this week, we published a post on the importance of switching your Joomla website from HTTP to HTTPS, mainly because of a new setting in Chrome and Firefox labeling pages with sensitive forms (such as login forms) as insecure if they are not running in HTTPS mode.
Most Joomla administrators think that switching from HTTP to HTTPS simply consists of buying an SSL certificate, installing it on the server, and then forcing SSL on the Joomla website by setting the Force HTTPS field (under System -> Global Configuration -> Server) to Entire Site. Unfortunately, in most cases, the process is not that simple. You see, when you switch from HTTP to HTTPS there are many considerations that you must take into account. In fact, there are 7 important questions that you must ask yourself when you make the switch:
1- What will happen to all the social interactions?
Social interactions, such as likes, shares, etc… took place on the HTTP version of your website. This means that, by default, you will lose all these interactions when you switch to HTTPS. However, there is a way to keep these interactions, and it is by setting the data-url attribute to the HTTP version of links for the pages that were created before the switch, and to the HTTPS version of the links for all the other pages. Typically, this change is done in one plugin.
2- Is the website “301 redirecting” all the HTTP links to their HTTPS equivalents?
You must ensure that your website is redirecting (using 301 redirects) all your previous (non-secure) links to your new (secure) links. If it doesn’t, then you should address that immediately, or else you will have a duplicate content issue and your search engine rankings will drop.
3- Do all the extensions on my Joomla website fully support the switch?
Some poorly written templates/modules/plugins/components have some HTTP links that are hardcoded. For example, they request images, CSS files, and JS files from HTTP sources. This, of course, will cause a mixed content issue on your pages. The quickest way to catch the offending extensions is to thoroughly test every functionality on your website once you switch, and note, in the browser console, which images/libraries are being loaded over HTTP, and then fix the associated extensions. Ideally, you should do this on a test environment before switching.
This task is actually much more complex and important than you think it is, and we have numerous examples on how overseeing this task has caused major unhappiness.
4- Is my Joomla website displaying fatal errors on some pages because of the switch?
This is really similar to the previous point – but with a twist. Some badly written extensions may crash (or, at best, may not work properly) when you switch from HTTP to HTTPS. What makes this even more challenging is that some of these extensions may only fail under certain conditions. In order to address problems arising from such extensions proactively, you will need to closely monitor your PHP error log for the following few weeks after the move, and immediately address any errors caused by the switch.
5- Is my “$live_site” set to the HTTP version of the website?
We never recommend setting the $live_site value in the configuration.php file, and we are not very clear on why people like to set it. In fact, we have nothing good to say about this particular variable, which caused hardship for many Joomla administrators out there. However, if you feel you are compelled to set it, then make sure it points to the HTTPS version of your domain.
6- Have I disabled all SSL redirect plugins on my website?
On more than one occasion, we have fixed a problem where an SSL redirect plugin caused an infinite loop on the website as soon as the Force HTTPS setting was set to Entire Site. Make sure you disable (or, better yet, uninstall) any SSL redirect plugin that you have on your website before making the switch (they are pointless anyway and the only thing that they can do is create problems).
7- Have I checked my .htaccess file for any weird redirects?
A couple of days ago, we had a weird case of an infinite loop on a Joomla website. The infinite loop was everywhere, on both the backend and the frontend, so we disabled all the non-core system plugins on the Joomla website using phpMyAdmin, but the problem remained. It turned out eventually that the client had a redirect, in his .htaccess file, from HTTPS to HTTP, and there was another redirect in Joomla from HTTPS to HTTP. Naturally, deleting the .htaccess redirect fixed the problem.
Switching your Joomla website from HTTP to HTTPS is seldom an easy task – but worry not – we are always ready to help. Just contact us and we’ll ensure a very smooth transition of your website for very little money.