What is SSL?
SSL stands for Secure Socket Layer
The SSL is an encrypted link between a web server and a visitor’s browser. Generally, the data transferred between a server and a browser is in simple text form. It is possible for hackers to intercept this data and change it in some way before it gets to a browser. The encryption takes away the ease of interception and manipulation of data.
Why Encrypt?
- It creates a trusted environment where customers engaged in transactions on your website feel safe.
- Google treats your site with preference in google searches.
- Google has now begun displaying a “not secure” warning in the google browser if your site does not have SSL enacted.
- The connection is safer from hackers
- Your site will load faster when it is encrypted, not because the added layer of encryption does not take longer, but because if you don’t have SSL Google will perform other background tasks to verify your site which will take even longer.
How We Got Here
In the recent past, the internet was not quite fast enough for every web site to be encrypted with SSL, and therefore the only sites that spent the time and effort on encryption were the ones taking credit cards and otherwise engaged in financial or data-sensitive transactions. Websites engaged in simply disseminating information didn’t tend to bother with encryption, because their site would load much slower when it was. Plus, obtaining an SSL certificate tended to cost a significant amount of money back then, and it simply didn’t make economic sense to someone who was not using their website to generate financial transactions.
With advancements in technology, encryption works much faster. Further, many hosting companies are providing SSL encryption for free when you sign up with them. This makes SSL encryption accessible to most websites at this time. The only hurdle left for the “little guy” is the time and effort it is going to take to a) switch to a host who offers SSL for free, and b) update all the links on their site so that they all point to “https” as opposed to “http”. In essence, the links are pointing to completely different sites, so all the links must be changed to the “new” site.
There Are Different Levels of Encryption
If you are going to be engaging in e-commerce on your website i.e. taking credit cards, then the free SSL is still not considered strong enough by the credit card companies. You will have to purchase a higher level of encryption from an independent SSL provider. The SSL certificates provided for free are good enough for the average website to ensure veracity of their website. and make the browsers and visitors feel comfortable.
Adoption Periods
By the fall of 2018, any website who has not adopted SSL will have their site flagged as “not secure” by Google chrome and they will have to check an extra box in order to even visit the site. This is not a problem for anyone building a site today, as they simply incorporate encryption right from day 1. The problem is for the smaller “mom and pop” websites on a budget that have a web presence and are now forced to upgrade. This can seem like an insurmountable task.
What to Do Now if You Have an “Older” Site
There are three steps to adoption of SSL:
1. Acquire your certificate.
If your current host does not offer a free SSL, consider switching. Yes, it seems like a monumental task to switch over, but (paid) plugins like Back-up Buddy make the task fairly seamless. Alternatively, some hosting providers will give a great deal of support during your transition. Blue Host is very good at providing a knowledge base of support for transitioning, and also provides a Free SSL. These are the hosting providers that I use. You can use my affiliate link here to save a few dollars if you are interested.
2. Change your Main Website Link to “https” from “http”
Under Settings:General in your wordpress dashboard you will find the main URLs for your site. Change the http to an https.
3. Swap out all of your links on all of your pages.
This may seem like an overwhelming task if you have a large number of links. If you only have 5 pages or so on your website, I recommend you just invest some time and fix the links manually. Then you'll know exactly what was done. If, however, you have a very large site with multiple links in multiple posts, doing all of this manually is an overwhelming task. There are plug-ins you can use that make the job much easier. If you use back-up buddy (paid plugin) to transfer your site to a new host, you can swap the links out during that process, as their plug-in will preform that task for you. With a little tweaking, this same plug-in can be used to swap out your links without transferring hosts. You may want to consider investing in this plug-in for the ease of backing up your site anyway, so perhaps if this is something you were considering doing, now is the time to make that investment because it can be used to fix your links.
3. Re-Direct Your Links With a Free Plug-In
Alternatively, you can install a plug-in like really simple ssl which does not alter your database, but will swap out the links when people click on them so they will always be directed to an SSL link. (Even if you do not think this is a good long term solution, you might consider something like really-simple-ssl in the short term until you get all your links fixed.)
4. How can you tell if you have gotten all of the links?
The easiest way is to pull up your website on google chrome and see if your get the "green light" . That means that the page you are viewing has "good" links. It does not mean your whole website has "good" links. The most problematic for most people is links to images in your own database, as often those links do not automatically get switched over. (If you don't get the "green light", check your images first.) Whynopadlock.com offers a free tool where you can type in any url and it will tell you if your links are secure or not. This can be quite helpful. You still have to fix them yourself, however.
5. Update the "Google Search" Console
Once you have performed step 2 in this process - switching your main site links to "https" from "http", and you have checked to make sure your SSL certificate is working i.e. bring your site up in your browser and see if it works..... you can go into google search console and add a "new site" using your "https" link. (Of course, you would only do this if you want to make it easier for people to find you when they are using google search..... )