Kiwise Digital Agency

Search Marketing and Digital Consultants

You are here: Home / SEO Blog / SSL HTTPS for WordPress Websites is now required!

SSL HTTPS for WordPress Websites is now required!

SEO Blog / by

SSL HTTPS WordPress Websites is a must for 2017 – In September 2016, Google announced that in January 2017 they would begin displaying the security of the connection in the address bar. This is the beginning of a long-term plan to mark all HTTP pages non-secure.

no ssl not secure
non-secure warning
ssl https secure wordpress
secure website

Why is 2017 the Year of SSL HTTPS?

In 2014, Google announced a call for HTTPS to be used by every website on the web. Google has three main reasons for this that all come back to the desire to create a more secure internet, but before we get to those three reasons, you may be wondering what HTTPS and SSL are.

Google also stated that if your website was SSL HTTPS it would give that site additional ranking signal in search results. This is a good thing for businesses that have websites that are competing with other businesses for position on search engine results pages.

What is HTTPS?

HTTPS is the acronym for Hypertext Transfer Protocol Secure. It is a protocol used for secure communications over a computer network, like the internet. Communication over HTTPS are encrypted between the client and the server so eavesdroppers don’t listen in, no one tampers with the data, and your website data isn’t forged.

What is SSL?

SSL is the acronym for Secure Socket Layer and is often used interchangeably with the term TLS – Transport Layer Security. Both are cryptographic protocols that help encrypt communications over a computer network. Typically, if a website wanted to encrypt the transmission of its data between the server and the client, they would purchase an SSL certificate that contains an encryption key that is placed on the server.

Why should you care about SSL HTTPS?

This gets back to the three reasons why Google is calling for all websites to switch to HTTPS. In order to access most websites, the URL usually begins with “HTTP.” This is the unsecured version of the protocol that transfers data between the web server and the browser on your computer or smartphone. Remember that fear you had of using your credit card online? Well, it’s not just credit cards that are of interest.

Google sees three reasons for securing your website with SSL HTTPS.

  1. Authentication
  2. Data Integrity
  3. Encryption

These three reasons speak to a number of issues that have come up when it comes to communications over the web. Refer to https://youtu.be/cBhZ6S0PFCY

Authentication addresses the issue of verifying the ownership of your website. Believe it or not, there are people out there that make replicas of websites and divert traffic to it in an effort to steal from you. Most people know that they need to check for the Green Lock in their browser before entering personal information into the website. You can go one step further and verify the SSL certificate to make sure it belongs to the website you’re on.

Data Integrity speaks to whether or not the data on the site has been tampered with while it’s in transit. If someone know’s what they are doing and your website is not secure, they can tamper with the data transmitted from your server back to the client. The form submission that the client just sent could go to the hacker and not to you.

Encryption refers to the security of communications between the client and the server so that no one else can read them. This is a key point for commercial websites. While it’s extremely important to encrypt the communications on an ecommerce website, it’s equally important to encrypt the data submitted using forms.

What does an SSL Certificate Cost?

The cost for an SSL certificate will depend on your website’s hosting provider, who they buy the certificate through, and the type of certificate they buy. There are three types of certificates. Good news if your website is hosted with Kiwise Digital, the SSL Certificate is free.

  • Single Domain – This type of SSL certificate is only valid on one domain URL.
  • Multi Domain – Also known as a Universal Communication Certificate (UCC) this secures multiple domain names and multiple host names within a domain name. You would set a primary domain and can add up to 99 additional Subject Alternative Names (SANs) in a single certificate. This is great for businesses with multiple sub domains and URLs for different service, product lines or geographic locations.
  • Wildcard – This type of certificate is for securing all of the subdomains you may have for a single domain.
    When selecting your SSL Certificate, please consult with your web host, marketing agency, and IT department to make sure you are selecting the right option for your entire business.

Google has conducted a number of studies that concluded that visitors do not consider the absence of a “secure” icon a warning. But it should be. This is why Google is taking the extra step to warn users of its browser, which is used by more than 55% of internet users, that the site they are visiting and about to enter their sensitive information into is not secure.

In addition, as part of their long-term plan, Google will likely include pages with contact forms in the coming months. So, while they’re not susceptible to this warning just yet, they will be and you should do something about it now.

What’s the process of changing my site from HTTP to HTTPS?

We are prepared to help our clients make this transition as simple as possible with little to no interruption to your website. This means there are potential issues that can happen, which is why this is not a DIY project. Here are a few of the things we will need to do to get your website converted to HTTPS:

  1. Help you secure the right certificate for your website if you are hosted with us.
  2. Install the certificate on your website.
  3. Update the configuration of your website to point to HTTPS instead of HTTP.
  4. Redirect all incoming requests for your HTTP website to the location of the HTTPS site.
  5. Re-verify ownership of your website in Google Search Console and update the sitemap location.
  6. Update your web property’s configuration in Google Analytics.
  7. Test and confirm that the conversion was successful.

Keep in mind that while the domain of your website is not changing, the address to get there is. HTTP and HTTPS request your website from two different ports on the web server.

From here, there are a few things to consider. If you have any marketing tools or digital ads pointing to your website you will want to update the URLs they are pointing to. While redirects will be set up to send HTTP request to the HTTPS URL it’s still best practice to change them as redirects slow the request time and could decrease visitors and conversions.

What do I do next to get SSL HTTPS for my WordPress website?

This isn’t a decision about if you should make the switch. You need to decide when you want to make the switch to HTTPS. In 2017, every new website project we take on will include HTTPS and SSL. We want every website we make going forward to be secure, especially WordPress websites. Matt Mullenweg of Automattic, the creator of the WordPress project, is heavily advocating that all WordPress websites to be hosted on HTTPS as more and more features in WordPress will require it. Information source: 2017-year-ssl-https-websites

Contact Kiwise Digital now to get SSL HTTPS…

Contact Kiwise Digital for more information about our website maintenance services package.

Call our Auckland office at 09-551 5526 or complete our online contact form.

Oops! We could not locate your form.

More Content