Ask Charly Leetham

Online Business Implementation Expert - Helping Businesses Harness The Internet As A Channel To Market

Online Business Implementation | Website Design and Development | Web Hosting | Domain Names

  • Home
  • About
  • Our Services
    • Our Work
    • Nice Things People Say
  • Resources For Online Businesses
  • Shop
  • Blog
  • Contact Us
  • Legal Policies
  • My Account

Will Your Site Be Marked As Insecure?

March 9, 2017 by Charly Leetham Leave a Comment

Back in October 2016, Google announced that Chrome 56 would mark non-secure pages containing password and credit card input fields as Not Secure in the URL bar. This is a good thing – it means that pages where sensitive information is shared – usernames, passwords, credit card details that aren’t using an end to end encryption protocol will be clearly marked as insecure – letting you, the visitor, know the potential risk.

For website owners, it’s double edged sword.  If sites, or pages on a site, aren’t secured with SSL, your site visitors will be told and this means you could potentially lose visitors / signups / sales as a result.

The fix for this isn’t too difficult but may be a little tedious to implement. Site owners should implement SSL for, at least, pages where sensitive information is being gathered. It is my opinion that SSL should be implemented for the whole site, to bring a better peace of mind to your visitors.

Just what is SSL?

Let’s look at what SSL really is first – Secure Socket Layer (SSL) is a way of creating an encrytped connection between a web browser (like Internet Explorer, Firefox etc) and a website.  This ‘secure connection’ is facilitated by the use of a SSL certificate (which is a essentially a text file that is stored on the webserver) that creates a unique encryption key for every browser session started.

The most important thing about the use of SSL for browser connections, is that the certificate identifies the domain name and, in many cases, the organisational details of the website owner.  This level of identification should provide the website visitor with a level of comfort that they are communicating with the ‘real deal’.

How Do You Get A SSL certificate?

There are any number of places you can buy a SSL certificate from. Your hosting provider may offer the service or you can try searching for vendors. I highly recommend you do your research and check pricing out – because pricing varies from vendor to vendor, for the same thing.

I use, and recommend, Namecheap SSL services. Their prices are quite competitive and their activation process straight forward.  There’s still a few steps to go through, but the process is well documented and straightforward.

Activating SSL On Your WordPress Website

Once you have your certificate and it is installed on your server, you need to ‘tell’ your WordPress website to use the certificate for the whole site, or tell it which pages you want to have encrypted with SSL. For this, I use and recommend the iThemes  Security Plugin (free version).  This plugin not only helps protect your website from malicious attacks, it will allow you to easily enable SSL to protect both your admin dashboard login and your front end pages.

Make Sure Your Site Displays The Green Padlock!

The last step, and possibly the most tedious, is making sure that all your content is secured by SSL.  It’s unfortunate but some settings ‘hardcode’ the http:// variants of links to content, images etc and this will still cause the warning to be displayed – even if the page itself is encrypted.

There’s a few ways to test this. The first, is the visual indicator in the address bar of your browser, per the image below:

If there are issues on the page, rather than the green padlock, you’ll see an exclamation point in a circle:

If this happens, you’ll need to determine what is causing the problem and rectify.  One of the best resources I’ve found to do this is Why No Padlock – enter the url of the page in question and it will give you a list of the resources found and whether they are being secured.

Once you’ve identified the issues, you can work through the assets and rectify the problems. Sometimes, it will be a matter of relinking images on a page using the secure link and sometimes it may be a matter of updating a theme or plugin.

Need Help?

I’ve been working with a number of clients to achieve this on their sites, as well as updating site we run to ensure they are secure. Should you need help in acquiring and installing the certificate or securing your site, contact us for more information.

Share this:

  • Click to share on Facebook (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to print (Opens in new window)
  • Click to email this to a friend (Opens in new window)

Filed Under: Security, SSL, Website Design & Development Tagged With: chrome, insecure sites, ssl

Want To Use This Article?

You can as long as you include the following (links must be active):

Charly Leetham, from Ask Charly Leetham, is an Online Business Implementation Expert who helps Small Businesses and Solopreneurs harness the power of the Internet as a Sales Channel or Channel To Market. Get your dose of business inspiration and motivation to help you along. Compiled from the generous contributions of over 79 authors. Grab a free copy today. Motivating Your Mind, Inspiring Your Spirit by visiting www.AskCharlyLeetham.com today

Leave a Reply Cancel reply

  • Home
  • About
  • Shop
  • Legal Policies
Help Yourself

I Want To Start Blogging

Improve Website Email Deliverability [Video]

Configure WordPress To Use SSL [Video]

Create And Install A SSL Certificate on CPanel [Video]

Optimize Your Images For Best Results [Video]

© Copyright Leetham Trust 2007 - 2017 | All prices quote are in Australian Dollars (AUD) and inclusive of GST unless otherwise stated

Business Website Designed by Ask Charly Leetham

eWAY Payment Gateway
loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.