How to secure your site against the Facebook hack – Part 3

In the first part of this blog post series I wrote about the hack against user accounts on several popular sites like Facebook and Salesforce. I also mentioned that it’s easy to secure your own site from this problem by using a SSL certificate, so in this blog post we will focus on redirecting your existing traffic to your newly setup secure web site.

To make the SSL certificate we setup in last part of this blog post series work 100% you need to make sure all your web site traffic to and from your members area/site go via the HTTPS protocol (i.e. is encrypted). That’s easily done using .htaccess.

To redirect all non-encrypted traffic to and from your site you need to setup a .htaccess file with the following content:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.sampleaddress.com/$1 [R,L]

To see an example check out http://secure.xaviermedia.com/ssl-demo/ . If you look in the link you see that the un-encrypted HTTP protocol is used, instead of the more secure HTTPS protocol. When you click on the link you are automatically redirected to the HTTPS protocol for the site (see the address bar of your web browser).

The above example will redirect all traffic to your site to your secure site instead of the un-encrypted site, but if you only want to redirect just one folder/directory, then you should use the following code instead:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} sampledirectory
RewriteRule ^(.*)$ https://www.sampleaddress.com/sampledirectory/$1 [R,L]

So by using the .htaccess redirection you don’t need to change all links to your site and you don’t need to inform your visitors to update their bookmark. All visitors no matter how they get to your site will be redirected to the secure site using HTTPS.

If you don’t already have an SSL certificate you can easily get one from eXavier.com.

My FREE Insider’s Kit will show you how to earn more money!

Carroll B. Merriman says:

Who wrote this post? Do you have a part time writter?