How To Secure What People (And Google Search) ‘Think’ About Your Website

The latest Google Chrome web browser labels non-HTTP sites as not secure, and Google search will rank non-HTTPS lower.

Google Chrome is used by approximately 50% to 60% of internet users. It is the most used browser.

In version 56 of Chrome, released at the end of January 2017, there was a significant change in the way it displays websites that are not using SSL (Secure Socket Layer) certificates.

SSL allows secure encrypted access to your website with the address starting with HTTPS://

Currently, your site may only be is accessed using HTTP://

How what people and search engines ‘think’ of your site will change.

  1. From Chrome version 56 onwards, any website that is not using HTTPS access will show ‘Not Secure’ for pages that collect passwords or credit cards.
    The message in the browser looks like this: 

    Here are the before and after examples from Google themselves:This seems to be the first part of a staged rollout by Google.
  2. Eventually and seemingly in the final stage of Google’s rollout, all plain HTTP pages, as your site has them at the moment, will be labelled as “Not secure’. The message in the browser will look like this:This message will definitely affect the perception of your site, and may deter Chrome users from using your site.
  3. In between the first and final releases of Chrome related to these SSL and HTTPS matters, it also seems that an intermediary release of Chrome will show non-HTTPS pages in the incognito mode of Chrome as ‘Not secure’.This is as users using this mode have an increased expectation of privacy.This mode is used for private browsing in Chrome, and for testing purposes.

    Pages view in this mode do not stay in your browser’s history, cookie store, or search history after you have closed all of your incognito tabs.

The future of WordPress and SSL.

The founder of WordPress has announced that some of the new WordPress features planned for release in 2017 will only be available for sites using HTTPS.

What these features will be I do not know.

What I do know is that if Google, the creators of the most used browser, and if Automattic, the creators of the most used internet publishing system, WordPress, are creating features for their software and systems that not only favour SSL and HTTPS access but also give sites not using SSL a perceptual and perhaps functional disadvantage, then we are going to have to start using SSL on sites.

I have taken the step.

My site’s server for https://karavadra.net now has Let’s Encrypt SSL installed, and the WordPress system is fully configured to use HTTPS access.

I have also configured the server to redirect HTTP addresses to their equivalent HTTPS addresses, which means that any existing HTTP links on printed or digital media automatically go to the new and similar HTTPS addresses.

I have been testing the HTTPS conversion and it all seems to be working OK.

Google also ranks HTTPS sites higher in their search results.

On changing the site from HTTP to HTTPS, the traffic to my site increased slightly after converting it to use HTTPS, and without doing any other traffic optimisation work on the site.

I believe this was as Google seems to give higher ranking in their search results to secure sites.

How to convert your site from HTTP to HTTPS with Let’s Encrypt SSL.

  1. Ensure your host has Let’s Encrypt SSL and then make sure it has been installed properly. I use SiteGround hosting who have a quick and free installation feature for Let’s Encrypt SSL.
  2. Stop updating your site.
  3. Download all of your site’s files, and also the database that runs WordPress.
  4. Keep a backup of these files and the database.
  5. Change all references of your domain name in the files and database from HTTP to HTTPS, whilst noting some HTTP addresses to test later.
  6. Upload the updated files and database back to the server.
  7. Add the following code to your server’s .htaccess file to re-direct access to HTTP links to the equivalent HTTPS links.
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
  8. Do a general test by clicking around the site, and also specific tests on some of the addresses noted earlier.
  9. Carry on using and updating the site as normal, but now with the stability and security of SSL and HTTPS access.

Do you want help converting your site from HTTP to HTTPS access?

Here are some options for you to consider

  1. I can convert the site for you for a one-off fee between £50 and £200 GBP on average depending on how large your site is, how many applications it uses, and how many databases are used. This a pure manual conversion from HTTP to HTTPS for using Let’s Encrypt SSL, meaning that no plugins or server switches will be required. A pure HTTPS conversion will make it easier upgrading your hosting, or moving to another host in the future.
    Make sure your server has Let’s Encrypt installed and configured for your domain name.
    Click here send me your site and hosting details and get a fixed quote from me. Note I may not be able to start the work till October 30th.
  2. Move your hosting to a hosting provider who has Let’s Encrypt configured to automatically install and update every year on your site. I use SiteGround hosting and recommend their hosting and support for WordPress related sites. SiteGround have servers in 5 locations over the planet which cater for most server and visitor access requirements. The server locations are as follows:
    > Chicago, USA.
    > London, UK.
    > Amsterdam, Netherlands.
    > Milano, Italy.
    > Singapore.
    Click here to read about Siteground WordPress hosting.
  3. Ask for help using the comments section below.

Share this:

Subscribe for updates

Enter your email address below. I’ll send you updates & news to your email address. You can unsubscribe at any time.


Posted

in

by


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

>