What is SSL?
In simple terms, an SSL certificate will add an extra layer of security to your site, encrypting any data that is transferred between your web server and the users browser. As you can imagine, it’s pretty much essential if you’re running an online store, accepting payments via your website and collecting any potentially sensitive information from your visitors.
Adding an SSL certificate to your website will change your website’s url from http to https, and add that comforting green padlock that you’ve no doubt seen around the web much more recently.
Why do I need an SSL certificate?
Well, apart from the fact that Google is now using https as a ranking signal, albeit a very small one for the moment, there’s no doubt that this will become standard and expected.
It adds an element of trust when visitors are parting with personal information, such as their contact details or credit card number. It adds an extra layer of security when users are entering user names and passwords.
So I still need WordPress Maintenance if I add SSL to my website?
Yes you do. Your WordPress Maintenance Plan takes care of your actual site files and WordPress installation. An SSL certificate just adds an extra layer to that, to ensure any data is transferred from your web server to the user as safely as possible.
Http vs https
If website is using HTTP, it isn’t as secure as it should be. It can also cause concern for your site visitors, and Google recently announced that HTTPS is one of the factors that determine where your site sits in search results.
You may have noticed that some web browsers display a padlock icon in the address bar to visually indicate that a HTTPS connection is in effect.
Without getting too technical, HTTPS (Hyper Text Transfer Protocol Secure) is the secure version of HTTP. Once you switch your site to HTTPS, any data sent between the web browser and your server will be encrypted.
Will switching to HTTPS stop my site from getting hacked?
No, nothing we do can guarantee that. This is just another hoop potential hackers would have to try to jump though. It’s a bit like putting a deadbolt on your front door.
What’s the process for switching to HTTPS?
- Purchase an SSL certificate.
- Install and configure the SSL certificate on your website.
- Perform a full backup of your site.
- Configure any internal links – change them from http to https
- Update any code libraries and check third party plugins.
- Redirect any external links to https.
- Update your htaccess file to redirect HTTP traffic to HTTPS.
- Implement 303 redirects where required.
- Add HTTPS site in Google Search Console and Google Analytics.
Can you do this for me?
Yes we can. We’ll talk to your host and do what’s required to make the switch.
How much does it cost to transfer my site from HTTP to HTTPS?
It depends on your site. A rough guide would be 2 hours development plus the cost of the SSL certificate, which you would pay your host for. There are some free SSL certificates available.
What will happen to my website if I don’t switch to HTTPS?
In the short term, nothing, however getting a hacked site cleaned up is time consuming and expensive. Prevention is better than cure. In addition, Google will be actively warning your visitors about your missing SSL certificate/lack of HTTPS, and telling them your site is unsafe – not the impression you want to make I’m sure!
Do I need to change my hosting?
No, however it’s not a bad time to review your hosting and consider your options. Read this post if you’re looking for a better quality hosting provider.