On July 2018, Google officially marked non-https websites as “non-secure”. This event shows how much search engines like google value the security of your website, and partly indicate that having HTTPs will have an impact on your SEO.
Therefore, setting HTTPs - SSL Certificate on your Joomla site is a must. This article will briefly show you how.
What is SSL/TLS?
Transport Layer Security (TLS) is the successor to Secure Sockets Layer (SSL) - although most people still refer to it as SSL in blog posts. Ever noticed the lock sign next to the URL when your browsing the internet? That means that all the data you send to that website is being sent encrypted so anyone who may have hacked your network (or similar) and can intercept your requests is unable to view any of the data - they can only see what URLs you are accessing.
Why Use TLS?
Google (and most other search engines) now treat sites using https with preference. Furthermore many browsers flag any website with a form (such as a login or contact form) that isn't using https
How do I setup TLS?
For setting up the certificate, the simplest way is to get your host to do it for you.
The correct certificate to buy depends on the security protections required on your website. If you don't know then probably the cheapest and easiest option is to use Let's Encrypt - it's free and depending on your host can be often be configured straight from your cpanel or plesk hosting dashboard.
If you've bought a Dedicated IP and SSL certificate, simply ask your host to help and they will get it signed and install it in the correct location for you.
How do I redirect all my traffic to https
The easiest way to enforce https traffic is to do it within Joomla. In Global Configuration there is a "Force HTTPS" option which allows you to force HTTPS either in the Administrator area only or for the entire site. You'll pretty much always want the latter.