Do I force SSL?

[dee]

hi all,

Just signed up with 20i that i see advertised here all the time with their hosted wordpress. They give SSL, which i'm using obviously for anything new. There is an option to force SSL all the time. Do I want to do that , or give a non SSL option ? I would have thought force is the way to go but anyone with more experience think otherwise ?

 

[Adam H]

If you mean HSTS , Then id highly recommend you are 100% sure you are going to stick with https ( I can't think of any reason why you wouldn't on a new site ) and/or set shorter time scales for HSTS implementation because once HSTS is set, then you can't go back to http until that time has elapsed and even then there could be issues indexing.

If I've jumped the gun and you don't actually mean force SSL, and you simply mean to to redirect the http to https equivalent..........then yes "redirect" https usage. There is no need to give people both options and it could be seen as duplicate content if the same content is accessible from more than one URL on the same site.

 

[Adam H]

P.S , you can redirect all requests to https by adding something like this to your .htaccess file ( assuming its apache )

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.co.uk/$1 [L,R=301]

 

[dee]

Thanks @Adam H . I figured as much but thought i'd ask. I guess its a redirect judging by the option text.

Always Use HTTPS
This will force SSL connections for all your visitors by enabling our load balancers to redirect all your users to use HTTPS. Please note this will only work if you have an SSL certificate on this package.

Hadn't even thought of the duplicate content possibilities.Cheers.

 

[Admin]

@dee - yes I would. I had the same thought as you so I checked what it did, you might want to bookmark this link as its often useful to check what method of redirection is used for changing a url (almost always want 301 permanent) http://redirectcheck.com i checked and its a 301 they are using at 20i for when you enable the force https option. Regards to duplicate content, you should always do a few things when you move from http to https or even start a new site on https. Fix insecure errors until you get the green padlock, add the url with its https to Google search console ( it is different!) and use a canonical url tag in the page header ensuring https is there not just http

 

[dee]

@dee - yes I would. I had the same thought as you so I checked what it did, you might want to bookmark this link as its often useful to check what method of redirection is used for changing a url (almost always want 301 permanent) http://redirectcheck.com i checked and its a 301 they are using at 20i for when you enable the force https option. Regards to duplicate content, you should always do a few things when you move from http to https or even start a new site on https. Fix insecure errors until you get the green padlock, add the url with its https to Google search console ( it is different!) and use a canonical url tag in the page header ensuring https is there not just http

thanks @Steve (Admin) You mean one of these in the metas ? Okay. Ta. Never knew that either.

<link rel="canonical" href="https://example.com/" />

 

[Admin]

Yes, and ensure it changes for each page to reflect the page url, you dont want the internal pages all having a canonical url pointing to home.

 

[dee]

okay .Thanks. Ill need to check the wordpress theme takes care of it or ill need to edit the header I guess

 

[Carlos]

An intersting thing happened to one of my sites, at the time I built it I didn't have plans for it to be SSL (like 3 years ago), it is hosted on a dedicated server with cPanel/WHM and about six months ago cPanel started installing free SSL certs on all my sites without me even noticing it.

To this day both versions are still live (HTTPS and HTTPS) and I haven't made a redirect or changed anything at all, but since February Google is sending me visitors only to the SSL version.

No rankings were affected and I only noticed because I logged into my Google search console and all the stats for that particular site were vanished. I verified the HTTPS version and saw that all the stats went there now.

If I search for "site:mysite.com" Google only shows https://mysite.com results, so Google has decided for me which version thinks is best.

 

[Adam H]

Yeah they've been doing for a long time, I noticed it a couple of years ago when I was diagnosing a clients indexing problems, they were using cloudflares flexible SSL as it was switched on by default when they setup cloudflare. As a result Google started crawling the https versions and before they knew it.............they had 50% of their indexed pages as https.

However just because you havent seen any differences in rankings, it doesnt mean you shouldnt put the redirects in place, you could be missing out or at least hindering better rankings as a result of not redirecting.