Why do I need SSL and HTTPs?
Lately, privacy and security issues have been all over the news – from applications and games stealing user’s information, to data breaches affecting millions of people, to the sweeping changes in EU privacy laws that have had global effects. These events really highlight how important privacy and security is and that everyone needs to worry about it, especially people who run a website. As of July this year, Google began marking any site without an SSL certificate as ‘insecure.’ This means without it, your website is no longer ranking well in Google searches. It is also a mark of credibility to your users and potential consumers, as it shows a sincere concern for their well-being online.
What is SSL and HTTPs?
SSL stands for “Secure Socket Layer” and it creates an encrypted link between the web server where your site is hosted and the user’s browser. This means that information sent to and from the website remains private. HTTPs stands for “Hyper Transfer Protocol Secure” and is a secure version of HTTP which uses your SSL to provide a secure connection to the website.
Think of SSL (HTTPs) like this:
You’re at a crowded party with a friend and you want to have a private conversation. So you start speaking in a secret language that only the two of you understand. Others in the room can still hear you but they can’t understand what you are saying.
You’ll know a website runs off HTTPs if a padlock icon shows up next to the website URL in the address bar.
*As of July 2018 Google will mark any site without an SSL certificate as insecure. Also having an HTTPs site will help you in the search rankings.
How do I get an SSL Certificate?
To setup SSL you will need an SSL certificate from your hosting. This is a file from a Certificate Authority (CA) that will encrypt the information of your website. Some hosting companies will provide these for free in their hosting packages or they may provide them at a cost. You will need this certificate before proceeding.
Some hosting companies that provide free SSL Certificates:
*Ask your hosting company if they support Let’s Encrypt – an initiative to provide free SSL certificates.
How do I change my WordPress site to HTTPs?
Once you have your SSL Certificate you will need to change WordPress over to HTTPs. The easiest way to do this is by installing the plugin “Really Simple SSL” which will:
- Check if you have a SSL certificate
- Make WordPress use HTTPs in URLS
- Set up redirects from HTTP to HTTPs
- Look for and fix insecure mixed content (URLS still running off HTTP)
When activated you will get a prompt to migrate to SSL. Make sure to backup your website before performing this step.
You can also activate SSL on the WordPress Dashboard under Settings > SSL.
You will now see check-marks next to what is active.
If your website is still having issues with insecure mixed content then you may want to try the more aggressive plugin “SSL Insecure Content Fixer” . There are different options in this plugin to turn on and off from “Simple” to “Capture All”, however please be warned some aggressive settings could break things so be sure to test the settings in a production environment first. If you’re not sure how to do that you should contact your website maintenance person for help.
That’s it, you should now have a site that runs off HTTPs.
*Don’t forget to add the HTTPs URL version of your website to your Google Search Console as it is considered a different entity.
If you follow the steps in this guide your website will be more secure than before. By joining the growing ranks of websites who have made the switch to HTTPs you have demonstrated to your users that you care about their online safety and privacy, have improved your search rankings and have made if more difficult for hackers to steal sensitive information.
If you have any questions please leave them below. If you are looking for help setting up your SSL please contact me here.
* means uses my affiliate link