I’ve been harping on SSL for a long time now. I feel like in my tech circles, I’m probably known as the SSL Lady. Years ago, Google started giving a rank boost to sites that had SSL. For me, that was a good enough reason to enable SSL on my site and so we did and haven’t looked back.
But Google upped the ante, marking encrypted sites with a green padlock.
And marking not encrypted sites with this notice:
But now they are taking it a step farther, and will be marking sites without SSL as “Not Secure.”
Is your site really insecure?
I do have a bone to pick with Google over this, because encryption is not the same as security. Sites with SSL can get hacked. They can have malware. SSL doesn’t stop that. What SSL does is ensure that data passed between the web server and web browsers is encrypted and remains private.
What does SSL not do?
- It doesn’t ensure your users have strong passwords.
- It doesn’t scan your site for malware.
- It doesn’t update your site’s software with security patches.
- It doesn’t block brute force attacks.
So, I have some issues with the terminology being used, but that doesn’t mean I have issues with SSL. SSL is a good thing. Should you have it? Yes, for sure!
How do you get SSL?
It’s really a two step process and I have noticed that clients get pretty confused. First, you have to GET the SSL certificate installed on your web host. Then you have to make sure your site USES the SSL certificate. Those are different things.
Getting the SSL
Many hosts now provide SSLs for free through Let’s Encrypt and they make it super easy to install your SSL with a click in your admin panel. I love that! Some hosts don’t, and require you to buy it, sometimes for up to $100 per year.
I highly recommend that if your web host is not providing you with free SSLs to switch web hosts. Most reputable web hosts will migrate your site for free and the SSL is worth it. I won’t recommend a host that doesn’t provide free SSL. (See our list of recommended providers here.)
Using the SSL
Having an SSL and using an SSL are two different things. First you have to have it, installed on your server, and then you have to actually use it on your site. You can have an SSL and not actually be using it on your site. It takes changing all your URLs to https instead of http and that can be an enormous hassle. Some web hosts have tools to do this for you and there are a variety of plugins you can use.
My favorite way to do this is to first change the settings in WordPress to use the https, then use Better Search and Replace to change all the URLs in my site to https. For good measure, if my host has “force SSL” I will turn that on, or turn it on in my security plugin like in iThemes Security.
Need help getting your SSL installed? I can help!
Amy Masson
Amy is the co-owner, developer, and website strategist for Sumy Designs. She's been making websites with WordPress since 2006 and is passionate about making sure websites are as functional as they are beautiful.