Don’t lock your WordPress site out of Google search: Apply SSL encryption today

I am asking you to apply SSL encryption to your WordPress website today, or to seek help to have it done, because it is an important Google ranking factor that ALSO brings benefits to your website for you and your visitors.

Yes, it is unusual for me to be so blunt, but this time it is important.

While we could liken the application of SSL encryption to a Swiss Army Knife (one device with many uses), I have opted for a spare set of keys for your website so you’ll never be locked out of Google and the web.

What is SSL and HTTPS?

If you’ve ever wondered why some website addresses begin with http and some with https, it all relates to whether or not a website has security protocols in place, namely Transport Layer Security (TLS) or Secure Sockets Layer (SSL), both frequently referred to as “SSL”.,

These arecryptographic protocols provide security to communications over a computer network so that when your web browser connects to our website, for example, it can “know” and “trust” the information being served..[1] Several versions of the protocols find widespread use in applications such as web browsing, email, Internet faxing, instant messaging, and voice-over-IP (VoIP).

In fact, Wikipedia succinctly defines the three main ways SSL provides security as follows:

  • The connection uses symmetric cryptography to encrypt the data transmitted. At the beginning of every connection, keys (or secret codes) are created in what is called a “handshake protocol” so that every bit of data that follows is protected and hidden.
  • The identity of the communicating parties can be authenticated using public-key cryptography.
  • The connection ensures integrity because each message transmitted includes a message integrity check using a message authentication code to prevent undetected loss or alteration of the data during transmission.

So far, so good. But why should you bother to apply SSL to your WordPress site? Let me count the ways.

Why you should apply SSL encryption today

The simplest answer is: peace of mind and prosperity.

Basically, there are three reasons you need to get on the SSL bandwagon now, namely:

Decency. In this world of cryptolocking (criminals lock you out of your computer) and hackers (criminals take over your website), you owe it to your visitors to offer them safe harbour in this global, online world. Whether or not Google decides to trust you, consumers are bound to start making security-conscious decisions over time.

Visibility. About two years ago, Google drew a line in the sand and called for “HTTPS everywhere”. In a post entitled, HTTPS as a ranking signal, the official Google blog said, “Security is a top priority for Google. We invest a lot in making sure that our services use industry-leading security, like strong HTTPS encryption by default. That means that people using Search, Gmail and Google Drive, for example, automatically have a secure connection to Google. Beyond our own stuff, we’re also working to make the Internet safer more broadly. A big part of that is making sure that websites people access from Google are secure. For instance, we have created resources to help webmasters prevent and fix security breaches on their sites.” The “ranking signal” bit means that HAVING SSL applied to your website can HELP you RANK higher in Google search results. It is one of many signals, but its importance increases all the time.

Ecommerce. It won’t be long before ALL online payment providers demand you have SSL installed and configured. For example, Stripe, a payment processing provider, demands it already, and this year PayPal began overhauling its systems and notifying merchants, “PayPal is in the process of upgrading the SSL certificates used to secure our web sites and API endpoints … You will need to ensure that your environment supports the use of the SHA-256 signing algorithm and discontinue the use of SSL connections that rely on the VeriSign G2 Root Certificate.” For Woocommerce users, PayPal Standard in WooCommerce core uses Instant Payment Notification (IPN) and requires SSL before September 30. In other words, you will not be able to connect your website transactions to PayPal if you do not comply.

What should I do next?

Quite frankly, if you are one of our clients, please reach out and ask us to help you get secure.

While there are many free, cheap or backdoor ways to apply SSL encryption to your website, our method is affordable and has received an A rating from Google.

We have been installing SSL certificates, which cost AU$99/year and just get the job done and we are about to remind people on our contact list to make some decisions, fast.

You can check your current website’s SSL credentials here (you need an A-rating to be safe): Google site security test.

If you’re not a client, we can still help, or you can contact your web host to help you out.

The main steps involved are:

  1. Buy a current certificate
  2. Get it authenticated
  3. Install into your server
  4. Check settings throughout website to ensure that links using http are updated to https (or risk page not found messages, etc) and the same for references to images (if your pages reference images using the full URL http://yoursite/images/teapot.jpg, you will need to update them to https://yoursite… however if you use relative links, eg, /images/teapot.jpg, you will be fine.
  5. Ensure htaccess settings will accommodate the new https environment
  6. Ensure no features on your site are fed into your site from an http environment (must be from https environments). This could be feeds from databases, etc.
  7. Activate and test.
  8. Renew certificate in one year.

So, yes, there are a few steps involved and, to be frank, some of them can pose counter-intuitive questions and stumbling blocks along the way. In fact, if you get some of the key steps wrong, your site can disappear with a 404 Site Not Found message.

We lock our office doors and windows at night, we keep important files in locked cabinets, and we only let authorised people into our office spaces, why should it be any different with our websites?

Please get us or your trusted provider to apply SSL encryption to your site as soon as possible, and enjoy NOT being locked out of Google!


Image: Padlock (spells out ‘LOCK’) by Blue Coat Photos via Flickr. CC BY-SA 2.0