Usually, when I create sites, one of the first things I do is that I migrated them over to SSL, in what I consider to be the most timely fashion. SSL has been topical a few times this year and last and it has become a 100% must for all sites (for a while now), small large medium, e-commerce, blogs, you name it, and it needs SSL.
I have some helpful and simple tips tricks and websites below for any of you WordPress DIYers out there. You might be considering a new site, or fixing your current Picasso. When you add SSL to your site it has impacts, so if you are in doubt add a comment, email etc and we will be able to followup with you.
I would also caution there are some pretty major and embarrassing risks associated with a botched SSL setup, that said follow this advice and it is a very simple process.
What is SSL?
SSL or Secure Sockets Layer is a security protocol for creating an encrypted link between your website and your clients, it also impact email both as it is transited and downloaded from your server. Think of it as a padlock where before you had one of those little diary locks, both can be picked so to speak but the padlock is tougher. Next post I will go into detail on the types of SSL certs.
SSL allows sensitive information such as credit card numbers, client requests for service and login credentials to be transmitted more securely than if it were not in place. It garbles or manipulates your data as it is in transit and attempts to make it harder to sniff or eavesdrop on.
Do I Already Have SSL?
Luckily there is no tech knowledge required to spot if you are already running SSL and all major browsers will show various SSL certs to the left of the URL bar generally as a green padlock icon . Equally a abroken botched setup will show an open lock or even a more overt red page notice from Chrome and other more zealous browsers. Overall this is the bit you want to avoid.
Setting Up SSL What Documentation Do I need?
Most SSL setup from the clients point of view requires documentation, but nothing too major. Showing some level of setup or at least a physical postal address is required at a minimum.
Unlike most location services there is no real verification of your SSL details, but they are vouched for or checked in theory by the vendor of the SSL, this is similar to a web host and they facilitate the service, which I wont bore you with. Suffice to say if you had SSL you would see https in your browser, or could navigate to it, look to the top left of this post you will see an example.
Is it Really That Much More Secure?
Yes, in the terms of what most site owners consider secure it adds a new buffer level of security to your site. Wireless access to sites is especially open to sniffing and other hacker activities, SSL helps you stay a little more locked down when users add comments, update forms or when you yourself login to your site.
Getting Setup for SSL: Pre SSL
Before you start do the following;
- Scan your site for all JS, CSS and IMG links
- Scan for all internal & external links
- Ensure there are SSL version of any offsite scripts
- You can update and test the SSL versions of scripts before you migrate to https links in your code
NB Test Your redirection for on and offsite patterns, http to https re-writing is a simple setup, but it must be tested rigorously.
Testing Post Setup for SSL: After SSL
1-2 Hours after you migrate do the following;
- Scan your site for any non SSL based links
- Scan for all internal links
- Ensure there are SSL version of any offsite scripts
- You can update and test the https versions before you migrate to https links
- Resubmit to Google Search Console, Bing Webmaster Tools & any other setups you are connected to Yandex, Baidu etc.
Test your rankings daily to ensure the site’s SERP listings have migrated to the ssl version of your site.
What are the Initial Benefits of SSL?
- A more secure site
- No issues with cross domain connections, or less issues if you plan to embed iframes etc
- SSL is considered a trust factor so you look a little more pro online
NB SSL is not a magic bullet, strong passwords, regular theme and plugin updates, backups and malware scanning are all a must for a modern site.
SEO Risks for SSL Setup
- Speed is one issue, it can add very small delays if not configured correctly
- Linking to non https links will cause warnings, this is crucial and can be easily tested
- As a rule nothing should reference http:// unless an external link
- Duplication if your redirection/canonical tags are not configured correctly
- You will likely start to see a large spike in 404s from old external links, this is part of the process but can be painful to watch
Overall there are very little risks involved bar setup issues.
A Quick Guide to Changing WordPress to SSL Links
This 5 step setup will get your WP site moved to SSL in 1-2 minutes.
- Go to the Admin Dashboard, generally yoursite.com/wp-admin/
- Go to Settings > General
- Where it says WordPress Address (URL) & Site Address (URL) replace the http:// part with https:// (See Image Below)
- Click Save Changes
- You will be made login again and you may need to update user name and passwords as cookies update to SSL
Change Settings Panel
Admin Dashboard > Settings > General
Handy Resources for SSL Setup & Testing
Below are some links and handy guides, as always drop us a comment or contact us if you need SSL setup on your site.
- Really Simple SSL
- No Padlock: A Great Site for Testing SSL Setup
- HTACCESS Cheatsheet: All manner of fancy HTACCESS tricks and code snippets