Website visitors like to feel safe, the safer they feel, the longer they stay on your site and the more likely they are to come to you for your products or services. Fairly recently, the various browsers (Chrome, Firefox, Edge, etc) have begun to flag sites that don’t have SSL certificates as ‘Not Secure’, placing a warning in the address bar. This is inevitably going to worry some of your visitors, but is reasonably simple to sort out.
SSL provides secure, encrypted connections between networked computers; between the web server and the user’s web browser software. This is particularly important on eCommerce sites, where personal data linked with financial information is being transmitted. To apply SSL encryption, you need an SSL certificate, these are available from a number of certificate authorities and come in various ‘strengths’ – the more secure they are, the more expensive they become.
If you’re running an eCommerce site, most payment companies like PayPal, Stripe, Authorize.net, etc will require you to have a secure connection before accepting payments.
For most WordPress sites a free SSL certificate is more than enough, the browser software will show the secure padlock in the address bar and your visitors will feel safe. But if you’re going to handle credit card payments yourself, you’ll need to talk to your server administrator and one of the certificate authorities – here is a good place to read more.
If all you’re looking for is a padlock in the browser address bar and an https:// address, then you just need a basic certificate. These can be applied in a number of ways …
Once you’ve applied your SSL certificate, you may well have to tell WordPress to serve up the site with an https address, otherwise it’ll just carry on serving the pages ‘insecurely’. First, test to see whether you need to make any changes by opening the site in your browser. If the padloack appears that’s a good first step. Now try manually entering the site address with http:// at the front. Hopefully, it’ll autmatically redirect and you’ll be served the pages with the padlock showing. Job done. If not, read on …
By far the simplest way to force an SSL certificated WordPress site to serve up its pages via https is to use a plugin. There are a number of plugins that can do this. One of the most popular is Really Simple SSL, it takes away all the hassle, click that link, install and follow the instructions. Once you’ve done that, check the site is showing a padlock and redirecting to https when you enter the address with an http at the front.
Hopefully your site is now reporting as secure. There are a few cases where some things will still need tweaking – For example, if you set your site up and had it running before you applied the SSL certificate and changes, your theme and possibly plugins, may have http links in their settings; your logo and/or favicon for example. Go through all your settings, changing any http references to https, save and reload the site. If you’re still having problems, give us a call, it’s often a simple fix and we’re great at spotting such things.
Whilst the main point of having an SSL certificate is to provide encrypted traffic, according to most SEO experts, secured sites seem to rank higher. This does make sense; people will naturally visit a secure site over a non-secure one and will stay longer, Google will ‘see’ this via its analytics engine and will therefore rank the site more highly.