Menu

Securing Your WordPress Website with HTTPS

No HTTPS

Is Chrome marking your site as Not Secure?

Since October 2017, the Google Chrome browser has shown a "Not Secure" warning on:

  • non-HTTPS pages that allow visitor to enter any data
    (contact forms, login, search bar, etc.)
  • any non-HTTPS page visited in Incognito Mode
  • non-HTTPS pages that have password fields
  • non-HTTPS pages with credit card fields

So you are guaranteed to have at least some (if not all) pages in your WordPress site marked "Not Secure".

What is HTTPS?

HTTPS is the secure version of HTTP. The website and the browser's communication are encrypted through the use of a secured socket layer (or SSL). This helps to keep any communication between your visitor and the website safe from hackers and other bad guys. 

How does not having HTTPS affect my site?

  • check
    If you use HTTP and your website allows any type of communication from the visitor, Google Chrome will show a Not Secure warning. This may cause visitors not to trust your website and lead to a decrease in traffic or higher bounce rates.
  • check
    The Google search engine has started using HTTPS as a ranking signal. Not having your site HTTPS ready will cause your site to rank lower. 
  • check
    And any page that relays credit card information will be marked as Not Secure” if you don't have HTTPS. This can discourage visitors from trusting your website and impact your sales.

Should I move my site to HTTPS?

If you are serious about your website and your business, then YES. It's a new world out there and Google has implemented policies that make the web more secure. This is a good thing...

HTTPS makes your website more secure, earns your visitors’ trust, and can help your site ranking, performance, and traffic. 

So, How?

[1] Obtain an SSL Certificate

An SSL certificate encrypts whatever communication happens between your website visitor and your website.

Instead of purchasing an SSL Certificate you can get one free from Let's Encrypt. Let’s Encrypt is a nonprofit with a mission to create a more secure web by promoting the widespread adoption of HTTPS.

The easiest way to obtain the Let’s Encrypt certificate is by asking your host. If your host offers Let’s Encrypt support they can request a free certificate, install it, and renew it automatically every 3 months.

Check the list of hosts. On the list? Great! Contact your host to install the Let's Encrypt certificate.

Otherwise, you can obtain a Let’s Encrypt SSL certificate from ZeroSSL.com.

[2] Enable WordPress to work with HTTPS

Install the Really Simple SSL plugin from the WordPress repository and enable it. If you have the security certificate properly installed it will start serving up the website the secure connection HTTPS.

Really Simple SSl Plugin

The plugin handles most issues that WordPress has with SSL. All incoming requests are redirected to https and the site url and home url are changed to https. 

***Don't forget to update the Webmaster Tools and Google Analytics to the new HTTPS:// Here's help...***

Or let Carol Cody WordPress Solutions take care of making your site HTTPS ready for you!  Contact me, consultations are always free 🙂