Cannot recommend her enough to those who don’t know where to start, how to start, or why they should start.-Marianne Willburn, Small Town Gardener
Update to this article: Note that as of September 2018, Google Chrome phased out the green coloring on the padlock & https in the address bar. After their successful push to get all sites to adopt SSL, their thinking is that secure sites should be the norm, not the exception. Sites without an SSL will be labeled as “Not Secure” (more info on that below) and secure sites will display a gray padlock as you here:
There was a time that only the sites that transmitted sensitive data like credit card information needed to be protected by an SSL … “was” being the key word in that sentence. In July 2018, Google Chrome (the most popular browser in the world), started marking ALL websites as insecure if they are not running under HTTPS with an SSL.
Google has been moving toward what they call a “secure web” since 2017, and their decision to label all non-HTTPS sites as “not secure” means that it’s time for everyone to make the move to HTTPS. Sites with “not secure” warnings will likely cause visitors to leave your site or certainly discourage them from submitting info/filling out forms on your site.
Note: I’ve talked a lot about site security in the past, but this is not the same thing as securing your site from hacking. HTTPS/SSL is about encrypting data that is submitted on your site. An SSL ensures that all data passed between the web server and the browser remains private.
To check a site’s security, to the left of the web address, look at the security status. It will either show:
1) Secure: a green lock & green https:// <– You are set – ignore this post 😉
2) Not Secure: an info circle icon
If you are pretty sure that your hosting account came with an SSL, but the server isn’t resolving to the HTTPS version of the site, you can test it by typing in your website address with https:// in front of it in the address bar.
One of three things will happen when you do that:
1) You’ll get an error message instead of your site. Something like: “This site can’t provide a secure connection”. This means you do not have an SSL set up for your site.
2) Your site will come up with the green padlock & green https:// which is great! This just means you need to ask your host force the use of SSL (force all web traffic to use HTTPS by inserting a RewriteRule/code in the .htaccess file)
If your site has HTTPS, but it is showing Not Secure with a GRAY (not green) https:// before your domain name, that means that there is some element within the site (likely in the theme code) that needs to be secured before it can show a green padlock. You can visit whynopadlock.com to find out what needs to be done to make your site secure. You may need to get a web designer to help you make the needed changes to your theme/site files so that the green padlock displays. Contact me if you need help!
The good news is that HTTPS is easier and cheaper than ever before. On most modern hosting plans (like the Siteground hosting plans I recommend), HTTPS is a standard feature. Maybe this is a good time to switch hosts or upgrade your hosting plan? If you’ve had your hosting plan for a while, you are likely on an older, slower server, without daily backups & SSL & automatic WordPress updates. You’ve likely had to subscribe to a service like Sucuri for malware protection because you cannot easily restore your site from a stored backup if it’s hacked. Those would all be very good reasons to switch to a new hosting plan. The GrowBig plan at SiteGround is an excellent choice for most businesses & SiteGround support can take care of migrating your site.
If you want to stick with the host you have, no problem. Contact them about adding an SSL certificate to your site so your site will display as Secure.
Cannot recommend her enough to those who don’t know where to start, how to start, or why they should start.-Marianne Willburn