With data protection and online privacy continuing to play a role in world news and U.S. politics, more and more small businesses are looking at site encryption. But when you’ve already been running a WordPress site without an SSL certificate, how do you switch over without missteps?
As with many WordPress updates, there are going to be some hiccups along the way. But that doesn’t mean you should skip SSL. Getting your site more secure is an important step for any business – and https:// may even become a ranking factor for search engines in the future (Google’s hinted at this for years and now marks non-https sites that collect sensitive information as “Unsafe” in Google Chrome). And human visitors appreciate https, too – browsers show an indication of site security in the left hand corner of the URL address bar, and getting a green lock is always preferable to a grey or red one.
We host all our clients’ sites on WP Engine. This server is WordPress-specific and already makes a big difference in improving site security by blocking unsafe plugins and automatically updating WordPress versions – we haven’t had a single hack since we made the migration to this server. And adding SSL certificates helps keep WP Engine websites as secure as possible – a top priority for any hosting provider.
With WP Engine, adding an SSL certificate is free and relatively simple. As of October 2016, SSL certificates are free to add through Let’s Encrypt and available to all WP Engine installs. You simply add a certificate to each of your installations and then configure the settings. If you have any issues with redirect loops or broken plugins, open up their chat support for help.
When updating our sites, the most common obstacle we ran into was issues with older slider plugins not being SSL-compatible. This was usually because they continued serving http:// versions of photos over https:// – rendering the images broken. If you’re looking for plugin alternatives, shoot a us a quick note and we can discuss more about updating your current theme.
Now that you have your certificates set up, it’s time to make sure that your site is serving content properly. What does this mean? Now that you’re serving visitors pages over https://, you need to make sure that images, iframes and other elements within those pages are also being served over https://. This usually means updating the html – and you don’t have to go through and do this by hand. Plugins like SSL Insecure Content Fixer help you identify and fix insecure html so that you don’t get the dreaded broken lock on your browser address bar.
Now that you’re serving traffic over https://, your Search Console and Google Analytics tracking should follow suit (if you’re not tracking traffic and conversions via Google tools, just send us a quick email and we can help you get set up). Updating these settings will ensure you’re still correctly recording traffic and not missing out on https:// activity.
Complete these steps in Search Console:
Next, complete these steps in Google Analytics:
And with that, you’re on your way to a more secure website & happier site visitors.