Google has announced that beginning in July 2018, with the release of Chrome 68, Chrome will mark all HTTP sites with a “not secure” warning in the address bar. If you haven't already converted your website to HTTPS, now is the time to get it done.
What is HTTPS and why do I need an SSL certificate?
Your website likely collects customer data including contact information, billing and/or shipping addresses or credit cards. An SSL certificate allows you to collect that information over a secure connection. An SSL certificate is issued by a licensing authority and it’s periodically renewed.
HTTP has long been the standard way people access websites.
HTTPS is a secure connection, data transferred between the web server and your computer is encrypted.
To enable HTTPS on your website, there are a number of steps and we can help with those changes.
Why your website needs HTTPS
- HTTPS protects the integrity of your website
- HTTPS protects the privacy and security of your users
- HTTPS is the future of the web
- HTTPS improves SEO
- HTTPS websites load faster
What is involved in the conversion process
There are a number of steps involved in converting a website to https:
- Perform a full back of your website, including the database and files, before making any changes.
- Update your WordPress Address (URL) and Site Address (URL) in your site’s WP-Admin Settings > General.
- Check to make sure your robots.txt and sitemap.xml files redirect to HTTPS versions and references to URLs inside the files all also use HTTPS.
- Update all URLs on your site to reference the HTTPS versions. This can be done by doing a search and replace in the database or by using a plugin such as Better Search Replace
- Setup the necessary HTTP redirects so all traffic is sent to the new HTTPS address.
- Test your site to ensure each page and post passes with a green padlock. There are a number of testers you can use to find insecure content, Why No Padlock is a great online tool.
- Update your Google Search Console and Google Analytics account to point to the new HTTPS address.
What should I do?
We recommend you do the conversion before July 2018 in case there are any bugs that need to be worked out before the official 'not secure' warnings are rolled out.
If you aren't comfortable doing this yourself, we can do the HTTPS conversion work for you for a one-off fixed-price.
Explanation of SSL and HTTP from Wikipedia.
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both frequently referred to as "SSL", are cryptographic protocols that provide communications security over a computer network. Several versions of the protocols find widespread use in applications such as web browsing, email, Internet faxing, instant messaging, and voice-over-IP (VoIP). Websites are able to use TLS to secure all communications between their servers and web browsers.
HTTPS (also called HTTP over Transport Layer Security [TLS], HTTP over SSL, and HTTP Secure) is a communications protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security, or its predecessor, Secure Sockets Layer. The main motivation for HTTPS is authentication of the visited website and protection of the privacy and integrity of the exchanged data.