In the online world, security is everything.
There is nothing worse than creating an amazing website or blog in WordPress and then either have it hacked, or worse, lose followers or sales because your site isn’t secure.
There is a very simple solution to ensure your audience that your website is secure, which is to add an SSL certificate.
You’ve probably seen many of the large websites, such as Facebook, Google and most online shopping sites all displaying the small lock icon in the browser bar. This indicates that they have an SSL certificate in place and activated correctly.
In fact, Google take online security very seriously, to the point that they are now starting to display a message in their listings that a site is not secure, particularly if you collect any data such as via a contact form, link to other websites or sell products.
Ensuring you have an SSL certificate on your website will not only protect your site and your visitors, but without it you could potentially lose visitors before they arrive.
And very soon every website will need an SSL certificate. Google is starting to roll out the security status message for all websites, so within the next year or two if you don’t have an SSL certificate in place and the lock is not showing everyone will know about it, but also Google will be more likely to rank sites with higher security over those that are not secure.
How do I set up an SSL Certificate?
The first think you need to do is purchase an SSL Certificate licence. This can be purchased via your hosting company for an annual fee. It will vary from one provider to the next, and you have a few options, depending on your requirements. For example, if you have a basic website with a contact form you can use the standard SSL certificate. If you sell products or provide a membership based site you should go for a premium option which is more expensive. The difference is also that the standard SSL will show as a grey padlock icon, while the premium SSL licence will be a green icon.
You’ll also notice that your website will now start with HTTPS: instead of HTTP: This signifies it is a Secure directory
My own hosting company, HostEasy, offers the Standard SSL Certificate for around $3 per month AUD, and usually takes just a few days to be implemented, but I recommend if you are already hosted that you contact your hosting provider and look at their costs as it is much easier to implement on your existing service.
How to set up the SSL Certificate
Once you have the SSL Certificate licensed, you’ll need to then set it up. Most providers will usually do this for you free of charge, or will provide instructions on how to change it.
It is usually pretty easy to initiate, but there is a second thing you may also need to do to finalise the process in WordPress if the Padlock icon is not showing….
How do I make the Padlock icon appear?
This is a common issue for WordPress sites. You have set the SSL certificate up, and you see it starts with https, but Google is telling you the site is not secure and there is no padlock icon in the browser bar.
This is super simple to fix!
Go to your Plugins and download the ‘Really Simple SSL’ Plugin, and install it. This helps convert all your folders SSL proof, and then the lock should appear. In the plugin settings also ensure you turn on the ‘Switch mixed content fixer hook’.
Doh!…I have dropped in rankings since installing the SSL certificate.
Don’t panic! This is really simple to fix.
If you have Yoast installed you’ll automatically have an XML Sitemap creator. This sitemap should be set to talk to your Google Webmasters Console, so as you add a new post or page to your site Google knows about it. The problem is when you added the SSL and switched to the HTTPS directory your Webmaster Console is still trying to read the site as a HTTP site. You need to remove the HTTP listing from your Console account, and re-add it as a HTTPS site, and then re-add your sitemap and submit it.
But for it to take effect you need to also ping Google that something has happened, so ideally you need to add a new post or page, or product if you have a shopping cart, and even add a Category or Tag. This will re-ping Google and tell it to update everything from HTTP to HTTPS much faster and your rankings across Google will update quickly. You can always remove these extra posts, categories, once Google has started reading the new sitemap.
And thats it!
Now your website is nice and secure, and you should even see an increase in your rankings as your website or blog will be more trusted by Google
