In February 2018, Google made an announcement regarding SSL certificates, also known as https. This announcement said:
For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”. Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”.
What Does This Mean?
Basically, Google is saying that because a connection to a website via HTTPS encryption is more secure, they’ve been gradually marking pages where visitors information is transmitted, as “not secure.” This could be anything from a ecommerce checkout page to just a simple contact form. Starting in July, any form that accepts a user’s data will be marked as “not secure” on Chrome, if it’s not using HTTPS.
The bottom line is that if you have a website with any kind of form on it where visitors submit information (this includes a simple contact form), you’ll need to have an SSL certificate installed and your website configured to use HTTPS, or else the Chrome browser is going to show visitors a big warning on those pages, which could make them nervous to be on your website. For the best user experience, your website should have site-wide HTTPS.
What is SSL?
SSL stands for Secure Sockets Layer. It is a security protocol that encrypts the links between server and client, which can be between a website and a browser or a mail server and the mail client (Outlook is an example of this). By encrypting the link, this allows for your connection to be private. This means no one besides you and the website can access or see what you are sharing with the website. For example, you go to a store online to buy some clothes, you finish picking out your items and go to the shopping cart to purchase them. Part of purchasing the items is entering your name, address, and credit card information. When a website uses SSL it has a secure link allowing for your information to not be viewed and ultimately stolen. This does not mean the website you shared your information with cannot be hacked and your saved information cannot be taken, but it means that when you are interacting with the website your information at that time is not viewable.
This also means that even if you are on non-encrypted WiFi (say at a coffee shop or public library), your connection those sites is still encrypted, so you’re still safe. This is why all the legitimate banking, e-commerce, email, and other mission-critical websites implemented SSL (HTTPS) encryption long ago. They knew they couldn’t keep people from getting on WiFi that wasn’t secure, but they could make it so it wouldn’t matter, at least while connecting to their website.
Do I Need it for My Website?
You may be thinking, but I am not an E-Commerce store. I don’t take credit card information. The truth is most websites will need to upgrade from http to https, but just for clarity’s sake ask yourself this question. Does your website take in any information like comments or contact information? If the answer is yes, then you need get SSL soon. This is especially true with Google’s upcoming changes, which may display warnings on your site in the Chrome browser and hurt your SEO for search ranking.
How Do I Get it?
There are quite a few options on how to add an SSL certificate to your site. The first option would be to look at your hosting company. Many hosting companies offer SSL through Let’s Encrypt for free. Most of those have a simple, 2 or 3 click install process. But even once you have an SSL certificate, you still need to tell your website to use it for all visitors.
On Flywheel, WP Engine, and CloudWays (3 of our favorite WordPress hosting providers), it’s a few clicks to install, and a click to force SSL site-wide. Alternatively, you can use a plugin like iThemes Security to tell your site to use SSL everywhere.
If your hosting company does not offer SSL, then you can purchase a certificate from a number of companies. Ask your hosting company who they recommend, for the simplest installation.
There are a couple of free options. One would be to add it through Let’s Encrypt. This can be a fairly technical process so I don’t suggest trying it if you are not familiar and comfortable with using FTP (File Transfer Protocol), which is a way to access your server and files. Option two would be to sign up for a Content Delivery Network like CloudFlare. They have the option of adding a free SSL certificate to your site.
How Do I Configure WordPress to Use HTTPS?
Some hosts, like Flywheel, have an option to “Force HTTPS.” Turning this on makes your site use the SSL certificate for HTTPS encrypted connections on all pages of the website. If your host doesn’t have this, we recommend using the iThemes Security plugin’s “SSL” module to force HTTPS site-wide. Make sure you only do this after you’ve installed your SSL certificate.
Did you Know?
Did you know SSL is included in our Dining Car plan at WordXpress? We also support it on our other 2 plans. That means that those on the Dining Car plan won’t have to do anything, we’ll take care of all this for them. Those on the Boxcar or Flatcar, only need to get their SSL certificate, then we can take it from there. Sign up for a plan and leave the hassle to us.