Adding SSL/HTTPS to your website
Last updated: March 11, 2021
What is SSL and why is it important? Learn the basics here.
Even though the FareHarbor booking process is securely encrypted over SSL, we highly recommend adding SSL to the rest of your website and moving to HTTPS to increase trust for customers and search engines.
Depending on how your website is hosted, there are several different ways to do this. Find the section below that most closely matches your setup for recommendations on how to make your website more secure.
FareHarbor.me
If you use FareHarbor’s hosted website platform (FareHarbor.me), your entire website comes fully equipped with SSL by default.
Interested in learning more about FareHarbor.me? Get in touch with our team.
WordPress
WordPress.org is a CMS (Content Management System) that requires hosting your website on another server. Methods of adding SSL to WordPress sites vary. If you use a hosting provider to host your site, you may want to first check with your provider to see what options they offer. Otherwise, you can add SSL to your WordPress site with CloudFlare.
WordPress.com is a free hosting platform that allows you to host your website directly on WordPress with your own domain name, or a subdomain (like https://islandtours.wordpress.com). HTTPS is included for all websites hosted on WordPress.com.
Self-hosted websites
If your website is self-hosted (meaning you have complete control over your site content and the server it’s hosted on), you’ll need to purchase an SSL certificate and install it on your own server.
To add SSL to your self-hosted website, it’s best to check with someone who is already familiar with your setup. Asking your web developer or administrator is often the quickest way to determine how to add SSL in these cases.
Web hosting providers (BlueHost, GoDaddy, etc.)
Web hosting providers offer server space that you can own or lease to host your website. Many hosting providers can handle the logistics of enabling SSL for you, so it’s always good to review what options are available through your current provider and plan.
Some providers, like BlueHost and DreamHost, offer free SSL with all of their plans. Others, like GoDaddy, offer SSL with certain plans, like a business or commerce plan.
If you’re not sure what your current plan offers in terms of SSL, we recommend contacting your hosting provider to learn more. If your provider doesn’t offer SSL, they might partner with a service, like CloudFlare, that does.
Website builders (Squarespace, Weebly, Wix, etc.)
Website builders like Squarespace allow you to create websites without manually writing code.
Many website builders, including Squarespace, Weebly, and Wix, only provide SSL on their own e-commerce pages or checkout. Since FareHarbor’s booking process is independent from these checkout options, you would still need to install an SSL certificate in order for your entire website to be secure.
Unfortunately, many website builders currently do not have the capability to install SSL certificates from a third party. Some platforms like Wix have the ability to request and vote on features such as SSL support, meaning that with enough votes, it may be an option in the future.
Rest assured that even if the rest of your site does not have HTTPS, the FareHarbor online checkout process is always secured over SSL. Every online customer will see the “Securely encrypted” badge below when making a booking.
Adding SSL with CloudFlare
If your current setup does not include SSL, you can purchase an SSL certificate from a third party and install it on your server, whether it’s a shared server or a dedicated server just for your website.
We recommend obtaining your certificate from CloudFlare, a trusted web performance and security service that offers several SSL options. Using CloudFlare’s services requires creating a free account. Learn more.
Choosing an SSL option
CloudFlare offers several SSL options for various levels of security. We recommend choosing one of the following:
- Full SSL: This option requires the installation of an SSL certificate on your server, and offers full security on your website.
- Flexible SSL: This option does not require installing an SSL certificate, and provides a basic level of security while enabling HTTPS (displaying the green lock on your website).
Installing the certificate (Full SSL option only)
The certificate installation process varies depending on your hosting service. Because it’s a fairly technical process, we don’t recommend doing it yourself without prior experience. It’s best to get in touch with your hosting service directly or consult your web developer to install the certificate.
CloudFlare also offers several guides on how to install their Origin CA certificates on various hosting platforms.
Redirecting to HTTPS
Once the certificate has been installed, you’ll need to make sure that your website is redirecting all HTTP requests to HTTPS (this is what triggers the green lock icon in your browser). Learn how to do this with a CloudFlare certificate. WordPress users can also use the WP Force SSL plugin to do this.
You’ll also need to ensure all of your website assets (like images and links) are loaded over HTTPS. Otherwise, visitors on your website might see a “Mixed content” icon instead of the secure lock icon. This can be done by enabling Cloudflare’s Automatic HTTPS Rewrites option (or, on WordPress, with the SSL Insecure Content Fixer).
If you aren’t using CloudFlare or WordPress, we recommend checking with your web developer or hosting provider for the best method of redirecting to HTTPS.
Now what?
Once your website is set up with SSL and redirecting to HTTPS, you can confirm that everything is working normally by typing https://yourwebsitename.com
in your browser (be sure to include the ‘s’ at the end of ‘http’). Check that your website loads successfully with a lock next to the URL.