You might have heard of SSL or wondered the difference between HTTP and HTTPS. Maybe your host sent an update about SSL and Google Search Traffic, and you are wondering 1) what you need to do and 2) why it matters. I’m going to walk you through all those steps today so that you can setup SSL on your site!
What is SSL?
SSL stands for Secure Sockets Layer; it establishes an encrypted link between your server and your user’s browser. It ensures that any data passed between those two computers remains private and secure.
Without an SSL (just a regular HTTP connection), third-parties can view any traffic passing between your site and your reader. This vulnerability becomes a huge issue if you pass sensitive information like credit cards. That’s why anytime you buy online, make sure it’s through HTTPS. If it’s not, don’t buy (most browsers will warn you).
Back to Google for a second, they are now going to mark all sites that are HTTP as nonsecure. So, instead of your logo being the first thing your readers see, it will be a warning. Not the best first impression!
Why Does SSL Matter?
In 2014, Google said that SSL was going to be considered a ranking factor (source). Then, two years later in September 2016, Google announced that they would begin displaying security of the connection in the address bar of Chrome version 56+ and all pages that display a password and/or credit card field, starting in January 2017 (source). Sites that collect usernames and passwords as nonsecure, like your WordPress login page is nonsecure. This step is the first of marking HTTP sites nonsecure. The next roll outs can be sites with contact forms and email sign-ups.
Google justifies HTTPS/SSL with three key points – authentication, data integrity, and encryption (source). Authentication might be the biggest one that impacts bloggers. Ever run into someone trying to create a direct copy your website? I have. Hackers/spammers try to make replicas of the website in order to divert traffic.
Have an SSL site benefits you. There’s no harm in encryption. A few of my clients noted that they heard rumors of lost traffic due to SSL. Often, the sites who implement SSL and lose traffic, don’t implement it correctly!
For almost all blogs and websites, Let’s Encrypt’s Free, automated and open Certificate Authority (CA) will meet your needs as you move from HTTP to HTTPS. Since Let’s Encrypt is free, it’s not necessarily the best. The only security check conducted is to see if the certificate requestor has access to the domain through a “.txt” file. If a spammer/hacker has access to your website, they might have the ability to obtain an SSL certificate without any personal information required. Rare, but a possibility.
If you are a WordPress multisite user, then Let’s Encrypt is not going to meet your needs. They do not provide Wildcard certificates. If this is your case, then you would need to get a certificate for each individual subdomain – yikes! Rare, but if you are a multisite, not your solution!
With SSL Certificates, they need to be renewed. SiteGround‘s Let’s Encrypt will automatically renew after 90 days. So once it is installed, you can forget about it.
How Do You Set Up an SSL Certificate?
Setting up an SSL certificate is quite easy. Most hosting providers offer it as either a free-add on or added service. For the purposes of this tutorial, I’m going to walk you through the SiteGround‘ approach. Then, I’m going to talk about troubleshooting some bugs that might come up. These troubleshooting tips are applicable regardless of host.
Before you begin the process, make sure you backup your site; ideally with a trusted provider like Vaultpress. I like to do a few housekeeping things before making the switch. If you do these things first, it often means you do not have to do them at the end when you are trying to fix bugs.
- Run Import External Images to import any images that are on your site but not on your server.
- Run Broken Link Checker to fix any broken URLs. If you started on a different platform, this plugin is very helpful (especially for Blogger-WordPress transfers).
- Update all WordPress versions, themes, and plugins. You want everything to be up-to-date!
Setting Up SSL With Site Ground
With SiteGround, setting up your SSL certificate is truly effortless. Believe me, I have had to set it up with other hosts, and it’s been a challenge.
- Login to your SiteGround account.
- Go to the My Accounts tab.
- Go to the EXTRA SERVICES tab. If you have SSL activated, you will see a confirmation here.
- If not, select the red button GO TO cPANEL.
- Under SECURITY group, you will see LET’S ENCRYPT. Click that icon.
- You will now come up to a new screen called “Let’s Encrypt SSL.” Select your domain and press INSTALL. It will walk through the steps to encrypt your site.
- A success popup will appear. Click OKAY.
- Now you need to turn it on. Switch the “HTTPS Enforce” button to ON! You are now set!
While the process of turning on an SSL certificate is relatively easy, you might have run into a few hiccups. Once you turn on your certificate, clear your browser cache. If you did not take the precautionary steps I listed above, you might run into the following issues:
- Broken Links and URLs: Now that you are using HTTPs, you want all URLs for your site (links and images) to use HTTPs. For example, if you go to http://yourdomain.com/new-blog-post, it should redirect to the https version, i.e. https://yourdomain.com/new-blog-post. A quick way to ensure this run Search & Replace plugin to replace all http://yourdomain.com with https://yourdomain.com. It will only replace the URL part that you select. If your domain is set up with www (like mine), then it would look like http://www.yourdomain.com to https://www.yourdomain.com.
- Broken Images: If images are missing from your post, Search & Replace should fix any broken URLs. However, if images are still missing, run Import External Images. If images are not importing, try this update to the plugin (source).
- Update Google Analytics and Webmasters: Make sure your default URL is exactly how it is on your site. For example, you want the default to be https://www.yourdomain.com or https://yourdomain.com.
- Social Media Test: Test a few of your Pinterest pins, tweets, and Facebook links to make sure everything is directing as it should.
- Blog Post Test: The HTTP version of a post or page should direct to the https version, like in this example: https://wordpress.org/support/topic/images-from-secure-site-dont-import/
SSL Tutorial Recap
This post covered a lot of different pieces of information regarding SSL certificates. It’s best to install it now, then wait until Google rolls out stronger penalties for nonsecure sites, which are coming. If you don’t have SiteGround, most hosting companies have a similar process. Check them out first. If you are looking to switch, I can’t recommend SiteGround enough. If your site receives over 200,000+ page views per month, I recommend OrangeGeek. They will install the certificate for you.
Remember, almost all bloggers will be fine with the Let’s Encrypt solution! If you have a more complex site, you will need a Wildcard SSL certificate.
Want more WordPress tutorials? Check out these posts! If you have a question, leave a comment below!
Interested in working together? I’d love to hear about your project!