Back in October 2016, Google announced that Chrome 56 would mark non-secure pages containing password and credit card input fields as Not Secure in the URL bar. This is a good thing – it means that pages where sensitive information is shared – usernames, passwords, credit card details that aren’t using an end to end encryption protocol will be clearly marked as insecure – letting you, the visitor, know the potential risk.
For website owners, it’s double edged sword. If sites, or pages on a site, aren’t secured with SSL, your site visitors will be told and this means you could potentially lose visitors / signups / sales as a result.
The fix for this isn’t too difficult but may be a little tedious to implement. Site owners should implement SSL for, at least, pages where sensitive information is being gathered. It is my opinion that SSL should be implemented for the whole site, to bring a better peace of mind to your visitors.
Just what is SSL?
Let’s look at what SSL really is first – Secure Socket Layer (SSL) is a way of creating an encrytped connection between a web browser (like Internet Explorer, Firefox etc) and a website. This ‘secure connection’ is facilitated by the use of a SSL certificate (which is a essentially a text file that is stored on the webserver) that creates a unique encryption key for every browser session started.
The most important thing about the use of SSL for browser connections, is that the certificate identifies the domain name and, in many cases, the organisational details of the website owner. This level of identification should provide the website visitor with a level of comfort that they are communicating with the ‘real deal’.
How Do You Get A SSL certificate?
There are any number of places you can buy a SSL certificate from. Your hosting provider may offer the service or you can try searching for vendors. I highly recommend you do your research and check pricing out – because pricing varies from vendor to vendor, for the same thing.
I use, and recommend, Namecheap SSL services. Their prices are quite competitive and their activation process straight forward. There’s still a few steps to go through, but the process is well documented and straightforward.
Activating SSL On Your WordPress Website
Once you have your certificate and it is installed on your server, you need to ‘tell’ your WordPress website to use the certificate for the whole site, or tell it which pages you want to have encrypted with SSL. For this, I use and recommend the iThemes Security Plugin (free version). This plugin not only helps protect your website from malicious attacks, it will allow you to easily enable SSL to protect both your admin dashboard login and your front end pages.
Make Sure Your Site Displays The Green Padlock!
The last step, and possibly the most tedious, is making sure that all your content is secured by SSL. It’s unfortunate but some settings ‘hardcode’ the http:// variants of links to content, images etc and this will still cause the warning to be displayed – even if the page itself is encrypted.
There’s a few ways to test this. The first, is the visual indicator in the address bar of your browser, per the image below:
If there are issues on the page, rather than the green padlock, you’ll see an exclamation point in a circle:
If this happens, you’ll need to determine what is causing the problem and rectify. One of the best resources I’ve found to do this is Why No Padlock – enter the url of the page in question and it will give you a list of the resources found and whether they are being secured.
Once you’ve identified the issues, you can work through the assets and rectify the problems. Sometimes, it will be a matter of relinking images on a page using the secure link and sometimes it may be a matter of updating a theme or plugin.
I’ve been working with a number of clients to achieve this on their sites, as well as updating site we run to ensure they are secure. Should you need help in acquiring and installing the certificate or securing your site, contact us for more information.