Effective July 2018, Google’s Chrome browser version 68 and above will mark non-HTTPS websites as ‘Not secure’. For anyone with a self-hosted WordPress blog who has not already made their website secure by implementing SSL, consider this a call to action!
What does that mean exactly?
Prior to the version 68 update, the Chrome browser showed a small i with a circle around it to indicate that a website was not secure but now, with the release of Chrome v68, the words ‘Not secure’ are also displayed, perhaps making your visitors think there is a problem with your blog.
Google has been encouraging webmasters to make their websites secure for years, hinting that there was a small ranking boost for those who implemented SSL and this change to the Chrome browser is the next step in their push for secure websites. And even more importantly, you shouldn’t be keying in your WordPress credentials on a login page that isn’t secure!
Implementing SSL
The steps to change your WordPress blog from http to https are relatively simple. Make a backup. Get an SSL certificate. Install it on your website. Use a plugin to force all your pages and internal links to https. Change your settings in Webmaster Tools and Google Analytics.
Don’t forget to make a backup of your website before you start!
Get an SSL certificate
You can get an SSL certificate for free from Let’s Encrypt, a free, automated and open Certificate Authority. A number of popular web hosting companies routinely install a Let’s Encrypt SSL certificate for free as part of your hosting agreement. My web host, Siteground, is one of those. If your host doesn’t do this automatically, you might need to reach out to their support group to install the SSL certificate for you.
Use a Plugin
Next you need to force your website to always use https. You need to change all your internal links to use https. You need to deal with mixed code in things like Javascript that might be on your website. The easiest way to do this is to use a plugin. I used Really Simple SSL from the WordPress plugin repository. One you have obtained your SSL certificate and installed it, just install this free plugin and activate it. The plugin takes care of everything for you.
Webmaster Tools and Google Analytics
If you use the Really Simple SSL plugin, it will even remind you to change your settings in Webmaster Tools and Google Analytics and give you detailed instructions on what to do.
In Webmaster Tools, you will want to add the https versions of your website and select your preferred domain. You can also bundle all of your properties into a set. For example, if you have a blog called myblog.com, you will want to include http://myblog.com, http://www.myblog.com, https://myblog.com and https://www.myblog.com.
In Google Analytics, you will want to change the admin settings for your default URLs under both Property Settings and View Settings.
Testing
Once you’ve finished implementing SSL on your website, you should click around your blog and make sure there are no issues. (Remember, that is why you made a backup!) Once you are satisfied that everything is as it should be, use this handy tool from Qualys to test your blog. This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet.
Are you ready?
