How We Switched a Large Joomla Website to HTTPS

Back in August 2014, Google stated on their official webmasters blog that their ranking algorithm will start giving an advantage to HTTPS sites over HTTP sites. Back then, many people simply did not care, and did not switch their sites to use HTTPS. However, in the beginning of the last autumn (“the beginning of the last autumn” should be the title of a book), Google raised their tone significantly, insisting that all pages that have forms must use HTTPS, or else their browser (Google Chrome, which has more than 50% of the current market share) will display a big warning for the visitors (since content transmitted in HTTP mode will be transmitted in clear text, unlike content that is transmitted in HTTPS, which is transmitted in encrypted format) as of October 2017. This, of course, will increase the bounce rate, which will negatively affect the SEO rankings of the site. Naturally, this decision by Google has forced most businesses who are serious about their websites to switch from HTTP to HTTPS. Owners of small Joomla sites had very little work to do: all they needed was to install an SSL certificate (which is provided for free for WHM accounts), and then Force HTTPS on their entire site in the Joomla backend. For large Joomla sites, the process is more complex, and that’s why we, at itoctopus, decided to share our experience on how we switched a large Joomla website from HTTP to HTTPS.

Here’s the process from A to Z:

  • We installed the SSL certificate.

    Since the client was using WHM, we installed the SSL certificate that was provided for free with a WHM account. Here’s how:

    • We logged in to WHM as root.
    • We clicked on Manage AutoSSL under SSL/TLS on the left panel.
    • Under AutoSSL Providers, we clicked on the radio button next to cPanel (powered by Comodo).
    • We clicked on the Options tab, and then we clicked on all the checkboxes there.
    • We clicked on the Manage Users, and then we clicked on the Enable AutoSSL for the cPanel user.
    • Finally, we clicked on Run AutoSSL For All Users at the very top.

    We waited a few minutes, and then, it happened! AutoSSL generated a cPanel-Comodo branded SSL certificate for the website. Yoohoo!

  • We checked if the Joomla website had any HTTPS redirect plugins.

    In our case, we didn’t find any HTTPS redirect plugins. But, if we did find such plugins, we would have disabled them immediately (not doing that may cause an infinite loop). We also disabled the Joomla Redirect Manager extension since the client didn’t even know how it worked (and also didn’t need it in the first place).

  • We updated all the internal links in the #__content table to use HTTPS:

    • We logged in to phpMyAdmin.
    • We selected the database powering the Joomla website, and then we issued the following queries (note that we replaced #__ with the table alias of the Joomla website [you can find the table alias in the configuration.php file]):

      UPDATE `#__content` SET `introtext`= REPLACE(`introtext`, 'http://www.ourclientjoomlawebsite.', 'https://www.ourclientjoomlawebsite.') WHERE `introtext` LIKE '%http://www.ourclientjoomlawebsite.%';
      UPDATE `#__content` SET `introtext`= REPLACE(`introtext`, 'http://ourclientjoomlawebsite.', 'https://www.ourclientjoomlawebsite.') WHERE `introtext` LIKE '%http://ourclientjoomlawebsite.%';
      UPDATE `#__content` SET `fulltext`= REPLACE(`fulltext`, 'http://www.ourclientjoomlawebsite.', 'https://www.ourclientjoomlawebsite.') WHERE `fulltext` LIKE '%http://www.ourclientjoomlawebsite.%';
      UPDATE `#__content` SET `fulltext`= REPLACE(`fulltext`, 'http://ourclientjoomlawebsite.', 'https://www.ourclientjoomlawebsite.') WHERE `fulltext` LIKE '%http://ourclientjoomlawebsite.%';

    Let us explain the 4 queries above a bit. The first query and the third query replace every instance of http://www.ourclientjoomlawebsite. with https://www.ourclientjoomlawebsite. in the introtext and the fulltext fields respectively. The second query and the fourth query replace every instance of http://ourclientjoomlawebsite. with https://www.ourclientjoomlawebsite. in the introtext and the fulltext fields respectively. The reason why we did that is because some links in the database are http://ourclientjoomlawebsite. instead of http://www.ourclientjoomlawebsite.. Note that if your website uses non-www links instead of www links, then you will need to remove every instance of www. from the links above, and add www. to the links not containing www.. On a side note, we prefer using www, since Google themselves use www.

    If you are using K2, then all you need to is to replace `#__content` with `#__k2_items` in the above queries.

  • We updated all the internal links in the #__menu table to use HTTPS.

    Essentially, the below queries were used to address menu items of type URL with hardcoded internal links.

    UPDATE `#__menu` SET `link`= REPLACE(`link`, 'http://www.ourclientjoomlawebsite.', 'https://www.ourclientjoomlawebsite.') WHERE `link` LIKE '%http://www.ourclientjoomlawebsite.%';
    UPDATE `#__menu` SET `link`= REPLACE(`link`, 'http://ourclientjoomlawebsite.', 'https://www.ourclientjoomlawebsite.') WHERE `link` LIKE '%http://ourclientjoomlawebsite.%';

  • We updated all the internal links in the #__modules table to use HTTPS.

    This step should not be ignored as typically there are quite a few modules (especially modules of type Custom) that have hardcoded links pointing to the Joomla website. Here are the queries that we used:

    UPDATE `#__modules` SET `content`= REPLACE(`content`, 'http://www.ourclientjoomlawebsite.', 'https://www.ourclientjoomlawebsite.') WHERE `content` LIKE '%http://www.ourclientjoomlawebsite.%';
    UPDATE `#__modules` SET `content`= REPLACE(`content`, 'http://ourclientjoomlawebsite.', 'https://www.ourclientjoomlawebsite.') WHERE `content` LIKE '%http://ourclientjoomlawebsite.%';

  • We did a search on the whole database for any remaining entries containing http://www.ourclientjoomlawebsite. (or http://ourclientjoomlawebsite.).

    We did that the following way:

    • We clicked on the “Search” button after selecting the database in phpMyAdmin.
    • We entered the search keyword, which is %http://www.ourclientjoomlawebsite.% in the search box.

    • We clicked on the Exact Phrase radio button and then we clicked on Select All to select all the tables.

    • We clicked on the Go button, and then we fixed every item that contained a hardcoded link.

    • We repeated the above process for %http://ourclientjoomlawebsite.%.

  • We searched through the filesystem for any hardcoded links the following way:

    • We logged in to the Joomla backend and then we cleared the cache. This step is important as it reduces the time it takes to search the whole folder – it is also necessary, as we just changed all the internal links in the database from HTTP to HTTPS, and we don’t want the search to return some false positives from the cache.
    • We ssh’d to the server.

    • We cd’d to the following directory /home/[cpanel-user]/public_html/:

      cd /home/[cpanel-user]/public_html

    • We ran a grep searching for any internal HTTP links in the filesystem:

      grep -R 'http://www.ourclientjoomlawebsite.' *

    • We fixed any file (including JS and CSS files) that has harcoded HTTP link(s).

    • We cleared the Joomla cache again.

    • We repeated the process for ‘http://ourclientjoomlawebsite.’.

  • We instructed the Joomla website to use HTTPS.

    • We went to System -> Global Configuration -> Server in the Joomla backend.
    • We changed the value of Force HTTPS under the Server Settings section to Entire Site.

    • We clicked on Save on the top left and then we cleared the Joomla cache.

  • We added an HTTP to HTTPS redirect in the .htaccess file.

    Now while Joomla automatically redirects from HTTP to HTTPS after doing the above step, it is better to let Apache handle such redirection, since the redirection will be much faster (the Joomla engine doesn’t need to be loaded to redirect the traffic). Here’s the code that we added in the .htaccess file in order to do this:

    RewriteCond %{HTTPS} off
    RewriteRule (.*)$1 [R=301,L]

  • We removed the value of $live_site from the configuration.php file.

    This step is important because some backend activities (such as updates) will become unstable if $live_site is set to the HTTP version of the website.

  • We fixed the code of the social sharing plugins to use HTTPS instead of HTTP.

    We edited the code of the social sharing plugin and ensured that it was referencing the HTTPS version of the website, and not the HTTP one. Of course, the question is, what about the counters? For example, what if the HTTP version of a link was shared 100 times on Facebook, will that number be preserved after switching to HTTPS? The answer is yes, the number is preserved. Social websites consider the HTTPS and the HTTP version of a link as just one page (unlike Google). In any case, among all 3 major social websites (Facebook, LinkedIn, and Twitter), only Facebook now displays the number of shares. Twitter dropped the counter last year, and LinkedIn dropped it early this month (February 2018).

  • We tested the website thoroughly.

    We cleared the Joomla cache and then we tested the website thoroughly, and ensured that all the links still work and are loaded through HTTPS. We also ensured that there were no “mixed content” errors in the console.

  • We added the HTTPS version of the website in Google’s Search Console.

    For some odd reason, Google’s search engine (and Google’s search console) still considers the HTTP version of the website and the HTTPS version of that same website to be different websites, which means that we had to re-add (and re-verify) the HTTPS version of the website to Google’s Search Console (formerly Google’s Webmaster Tools). Note: There is no need to do any action in the Google Analytics account when switching from HTTP to HTTPS.

  • That’s it! That was the whole process!

We hope that you found our lengthy guide useful for the HTTPS transition of your Joomla website. If you need help with the implementation, then look no further. All you need to do is to contact us and we’ll take care of the whole thing swiftly, professionally, and cleanly. Please note that our fees apply.

No comments yet.

Leave a comment