SSL Hosting

Secure Sockets Layer (SSL) is a security protocol used between a web server and browser to establish an encrypted data link. The trust between the browser and the server depends upon the browser's ability to trust the SSL certificate. It does this by checking where the certificate was issued. If the SSL certificate is issued by a Certificate Authority (CA) that is known and trusted by the browser, the browser extends that trust to the web site secured by the SSL certificate.

Google now gives a page ranking boost to SSL sites. They wish to encourage all site owners to switch from HTTP to HTTPS in an effort to make the Internet more secure. In addition, most browsers will show a warning message when visiting a non-HTTPS site.

How it works

Our Pro-SSL hosting package

We provide a dedicated IP address with a 256-bit DigiCert Inc RapidSSL certificate installed on our professional level hosting package. The SSL certificate request is validated against the domain name using an automated process by the Certificate Authority (CA) rather than using physical documentation making these certificates cheaper to install. There's no difference in the level of encryption between this certificate and those used by the leading banks and they're also recognised by over 99% of all browsers.

Free SSL certificates from cPanel or Let's Encrypt™

Many of our hosting packages now include free SSL certificates from either cPanel (powered by Sectigo) or Let's Encrypt™. These certificates allow data to be encrypted in the same way as the leading brands but these are not installed on dedicated IP addresses. Because of this, they require SNI (Server Name Indication) to be enabled. SNI is an addition to the TLS encryption protocol that enables a client device to specify the domain name it is trying to reach in the first step of the TLS handshake. These certificates may not work with some card processors (payment gateways) or other facilities which may communicate with your site. Although most browsers support SNI, there are a few noteable exceptions as follows...

If you're using your site for e-commerce of any form, we recommend our Pro-SSL hosting package.

Using SSL

To check or use SSL on your site, simply type https:// in front of your www address rather than http://

To redirect your visitors to the secure HTTPS version of your site, you need to modify the .htaccess file within your public_html folder. If the file doesn't already exist, you will need to create this. Use the following code in your .htaccess file to automatically redirect visitors to the HTTPS version of your site:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

If you have an existing .htaccess file, do not duplicate RewriteEngine On and make sure that the additional lines beginning with RewriteCond immediately follow the existing RewriteEngine On.

When switching over to SSL, you will also need to ensure that all internal links on your site are also using HTTPS addresses. You should check your site carefully and check for any browser warnings. For external links, it's best to adjust the most important ones to the new HTTPS address.

If you're using a free 'Let's Encrypt™ SSL certificate' with a payment gateway such as WorldPay, you will need to make sure that the callback script does not use encryption. This defeats the main object of using SSL which is why we recommend using our Pro-SSL hosting instead. To do this, substitute the name of your own callback script in the following code and add this to the .htaccess file:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} !/CALLBACK-ADDRESS\.PHP
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

WordPress sites

If you're using WordPress, we would recommend that you add a plugin called Really Simple SSL as this will automatically detect all your settings and convert your site to SSL. If you're in the process of setting up WordPress, go to Settings » General and make sure that the site uses the HTTPS address in both your WordPress and site URL address fields.

To easily enable (and enforce) WordPress administration over SSL, the constant FORCE_SSL_ADMIN should be set to true in your site's wp-config.php file to force all logins and all admin sessions to happen over SSL: define('FORCE_SSL_ADMIN', true);
If you've already added redirection (as above), this will already be taken care of.