How to Secure Your Website Visitors With SSL

ssl https digital certificates

Does your website collect sensitive website visitor information such as credit card, passwords, or personal information? By the end of January 2017, Google Chrome will begin marking sites without HTTPS as non-secure.

The reason for this: Google will release their Chrome browser version 56, according to Google Security Blog. It will include a new warning for login sites that are not using HTTPS, also known as SSL. Chrome 56 will mark HTTP login pages as “not secure” in a window next to the address bar.

google chrome 56 http not secure

Source: Google illustration showing the new Chrome warning

The HTTP protocol is not secure for login pages as it may allow attackers to intercept your passwords and data as they transit across the network.

Chrome browser will now require HTTPS for sites that collect sensitive information. If your site is still HTTP, protect your visitors and your site with an SSL certificate and migrate to HTTPS.

Whenever you are typing in passwords and/or credit card information, you will want to make sure this information is encrypted. Chrome 56 will let you know if they are not.

In following releases, Google will continue to extend HTTP warnings, for example, by labelling HTTP pages as “not secure” in Incognito mode, where users may have higher expectations of privacy. Eventually, Google plans to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.

google chrome 56 http not secure

Source: Google illustration showing the new Chrome warning

 

What is SSL and HTTPS?

HTTPS (HyperText Transfer Protocol Secure) is a protocol for transferring encrypted information between clients (e.g., web browsers) and websites. HTTPS requires the use of a digital certificate to encrypt the connection.

To implement HTTPS, you need to install an SSL Certificate (Secure Socket Layer) at your website.

https ssl secure connection

 

HTTP (HyperText Transfer Protocol) is also a protocol, but it will transfer data in clear text. With HTTP, it is possible for unauthorized parties to intercept and read this information.

http unsecure connection

 

How Can You Add SSL / HTTPS to Your Website?

First, you need to get a digital certificate from a CA (Certificate Authority).

That is usually costly and properly configuring them with the correctly filled-in ‘CSR’ (Certificate Signed Request) in order that the website works properly with the new HTTPS URL has been difficult, time-consuming (think HOURS, not minutes) and prone to problems.

Enter Let’s Encrypt Free Certificates

The SSL game has changed forever. Let’s Encrypt is a free, automated, and open Certificate Authority. Because Google, Automattic (owner of WordPress), Cisco, HP, Mozilla and a several other major tech companies have jointly sponsored a new FREE SSL initiative:

lets encrypt top sponsors

Source: Let’s Encrypt illustration showing their major sponsors.

 

You will need to get in touch with your hosting provider and have them install the Let’s Encrypt SSL certificate.

 

How I Added SSL / HTTPS To My Website?

I hosted my BuzzAndTips website at WPX Hosting. WPX have created their own software to fully automate adding Let’s Encrypt free SSL certificates (even in BULK) to any or all of your websites hosted with them – all with just a few mouse clicks (see demo video below).

And their automated SSL installation takes less than 60 seconds  including the necessary 301 redirects from your non-SSL URLs to the new HTTPS one!

Video provided by WPX Hosting

 

Tip
To find out more about WPX hosting, please visit my review article: How to Get Blazing Fast WordPress Hosting.

 

What You Get With This Free WPX Hosting Feature

  • Wasting HOURS on buying and successfully installing a single SSL is no longer necessary
  • NEVER pay for another SSL certificate again
  • You do NOT need to fill in any CSRs to enable SSLs
  • And you do NOT ever need to manually renew your Lets Encrypt SSL certificates which expire every 3 months by default  as they have fully AUTOMATED your SSL renewals.

 

Additional Considerations

Once your site is running HTTPS / SSL, you need to inform Google about it.

Adjust your Google Analytics settings for SSL in Webmaster tools

From the View settings, change the protocol from HTTP to HTTPS:

google analytics webmaster tools view property

 

From the Property settings, change the protocol from HTTP to HTTPS:

google analytics webmaster tools property

 

References:

How to setup Google Analytics and Google Search Console/Webmaster Tools – Really Simple SSL

 

Google Search Console Modifications

In Google Search Console, you need to take the following three actions:

  1. Create a new property for HTTPS e.g., https://yourdomain.com
  2. Submit your sitemap (with HTTPS)
  3. Fetch as Google your new HTTPS URL, e.g., https://yourdomain.com

 

For instructions on how to perform the above steps, please visit:

Complete Guide – How to Migrate from HTTP to HTTPS

 

Configure your CDN for HTTPS

If you use a CDN (Content Delivery Network) such as MaxCDN, Cloudflare et al., you must configure it to serve HTTPS. If you are not comfortable with this, please contact your CDN provider.

In my case, I do use MaxCDN and I had WPX Hosting to configure it for me.

Tip
If you are a Thrive Themes customer and subscribe to WPX Hosting, you will get a free MaxCDN plan.

 

To Sum Up

Is your website using HTTPS?

Google is moving to a more secure web and wants to help users browse the web safely. Their Chrome browser will continue to extend HTTP warnings by labelling HTTP pages as “non secure”. If you run a website that accepts sensitive user data, I suggest you move to HTTPS / SSL as soon as you can.

Here is a quick recap about the benefits of adding HTTPS / SSL to your website:

  • Secure connections are established between visitors and your website
  • Potential customers will better perceive the trust level of your site
  • Your site will become eCommerce ready
  • Your Member’s area is protected
  • Your website gets a Ranking boost – SEO
  • Encrypted Websites Protect Our Privacy and are Significantly Faster

 

LEARN HOW INCREASE TRAFFIC TO YOUR BLOG

[Revised and Updated for February 2017]
Download this free eBook to learn how to get free traffic to your blog. All the best techniques curated for you.
GET EBOOK
Written by Steve Williams, well versed curator at BuzzAndTips.

About the Author Steve Williams

Steve Williams is a blogger, consultant, and entrepreneur. He helps people thriving with digital marketing and blogging.

Leave a Comment:

6 comments
Simon Dalley says January 29, 2017

Really informative. I’ve been putting off implementing HTTPS on my own site for some time now and with none of my competitors having done it yet – but I think I’m getting to that point where I need to bite the bullet and do it. I notice your site is HTPS how long has it been like this and have you seen and SEO/rankings benefit from having moved it over?

Reply
    Steve Williams says January 29, 2017

    Hello Simon,

    I enabled SSL on December 15, 2016. Five days later, I noticed my MOZ DA (Domain Authority) increasing from 23 to 24. I’m not sure whether this is due to my SSL move alone. But SSL is part of Google’s ranking signals. Several SEO experts claim that SSL provides a modest SEO boost. According to Brian Dean, SSL is one of Google’s 200 ranking signals. It’s not clear to me how much weight SSL is getting in Google algorithms.

    My main goal with SSL was to make my website eCommerce ready. If I get better SEO as a bonus, why not.

    Cheers,
    -steve

    Reply
mehak says January 30, 2017

is it affecting SEO to setup https for blog ?

Reply
Mohit Bansal says March 2, 2017

thank you for this awesome artice this was very useful

Reply
Add Your Reply

LEARN HOW INCREASE TRAFFIC TO YOUR BLOG

[Revised and Updated for February 2017]
Download this free eBook to learn how to get free traffic to your blog. All the best techniques curated for you.
GET EBOOK
Written by Steve Williams, well versed curator at BuzzAndTips.
Protect Your Wordpress Site With Backup Buddy. On Sale at 35% Off
More Info
Real Time Analytics