Why Do I Need SSL For My Website?
A secure WordPress website protected with HTTPS/SSL is essential for your visitors and for the search engines to give them confidence that your site is secure and protected. Implementing SSL as soon as possible avoids the risk of your website becoming blacklisted or labeled as “Not Secure”.
An SSL Certificate is used to establish a secure encrypted connection between a browser (user’s computer) and a server (website). The SSL connection protects data as it is exchanged during a visit to your website.
Having a secure website is particularly important if your site takes any text input from visitors such as contact forms, search forms, login pages, etc. You need HTTPS/SSL for your website to ensure that all data is encrypted when sent over the internet. It is the best way to protect user data and defend against identify theft.
Having your entire website protected with SSL is also an important factor in the Google algorithm for ranking, so you need to take this seriously and get your site protected with SSL.
Following the steps below will help you move your site to HTTPS/SSL and avoid the common mistakes that can occur during implementation.
Steps To Moving Your Website To HTTPS/SSL
STEP 1 – Obtain an SSL Certificate for your Domain
The process of obtaining an SSL Certificate varies greatly with each web host. Be sure to reach out to your web hosting company for assistance with getting an SSL Certificate for your domain. Let’s Encrypt is free and available on most web hosts with easy installation and automatic renewals.
Keep in mind that changing to HTTPS does not change your domain name, only the address to get to your website is changing.
STEP 2 – Prepare WordPress to Use HTTPS/SSL
Now that you have your SSL Certificate installed on your domain, you need to make sure that WordPress is set up correctly to use the new HTTPS URL for your domain.
a) Backup Your Database
It is super important that you back up your database before making any changes to your WordPress website.
b) Update WordPress address and Site Address URLs
Go to Settings > General > and change both the WordPress Address (URL) and the Site Address (URL) from http to https.
These setting changes will update the URLs that are dynamically generated by WordPress in permalinks, menus, etc. Please note that merely changing these addresses do not change any existing content in the database.
c) Search HTTP and Replace with HTTPS in Your Database
To update instances of http:// in your content, you will need to do a database search and replace. There are WordPress plugins available to help with this.
When performing a Search/Replace you will…
- Search for: http://yourdomain.com
- Replace with: https://yourdomain.com
d) Force the Use of SSL for Your Website
There are a couple of different ways to force your website to use HTTPS instead of HTTP. Always check with your web host to see if they took care of this when the SSL was installed.
You can force your website to use HTTPS by adding a statement to your .htaccess file or by using a WordPress plugin.
e) Find and Fix Mixed Content Errors
Mixed content errors occur when a page is loaded under HTTPS, but contains elements that are served as HTTP.
When this occurs, you will not see a green padlock in the address bar on the page containing mixed content, and some browsers may show a Not Secure warning.
The simplest way to find the item that is causing a mixed content error is to View Source of the web page and search for http:// and then fix any non-secure link references that you find. You can also an online tool to help you discover mixed content.
Important Note: Some plugins will dynamically fix mixed content issues, but it is best not to mask the problem with a plugin but fix the issues instead. It takes a little effort on your part to fix the issues but results in a cleaner website and faster load time for your pages.
Some common sources of mixed content are…
- HTML code in Page Builder areas
- Page Builder or site cache has not been cleared
- @import statements in CSS files
- Poorly coded plugins
- iFrame embeds with an http source
- Embedded scripts containing http
STEP 3 – Update Google Analytics and Google Search Console
This assumes you already have Google Analytics and Google Search Console set up for your website. If this is a new website, just set the properties up as HTTPS to begin with.
a) In Google Analytics, change the default URL in Property Settings to reflect HTTPS
b) In Google Search Console, add the HTTPS version as a new property, request indexing, and associate the new property in Google Search Console with Google Analytics.
Note: Do not delete the HTTP version from Google Search Console. It is best to keep both the HTTP and HTTPS properties.
STEP 4 – Update Links Pointing To Your Website
You also want to update any marketing tools or digital ads pointing to your website to reflect the new HTTPS URL. Redirects will point your visitors from HTTP to HTTPS but it is always best practice to update them as redirects may slow the request time.
Security is important to Google and the need for SSL will only continue to grow, so it is best for you to move your website to HTTPS/SSL as soon as possible. If you are concerned about moving on your own, hire someone to help. There are lots of companies (mine included) that will help you set up the SSL, make the switch, and protect your URLs in search.