Free Website Security Certificates from Lets Encrypt: HTTPS is the New Normal

Business owners, consider installing a security certificate on your website! Here’s Why

Https-everywhereStarting in 2017, Google’s Chrome web browser will begin tagging websites that are not secure (http:) with the note, “Not Secure” (see link here):

chrome http sites will be non-secure blog image 1

And eventually, the browser will present a red “Not secure” warning for non-secure (http:) sites:

http non-secure eventually

Google is sending a strong message to website owners to secure their sites, to make the internet a safer environment for transactions; note that transactions can be as simple as subscribing yourself to an email list.

Business owners: Securing your website will engender trust in your customers, and rank your site higher in Google’s search results.

A secure website is identified by the ‘https://’ prefix in the domain name, and usually a green lock symbol, like this:

https example

Here are some minor changes already implemented in Chrome:

security icons

The good news, is that security certificates are now free through Lets Encrypt and through Cloudflare, and more and more hosting companies will install the certificate for free; this includes most websites hosted by High Peaks Media, which are hosted at A2 Hosting. Cloudflare, a content delivery network (CDN), offers a free universal SSL certificate, which is integrated with their free tier CDN service (see #2 at 20 Steps to Increase your Website Speed). If you are moving to https:// and a CDN, consider using Cloudflare.

Note that not all security certificates are the same, and premium certificates do offer advantages. To find out more, here are some links from the A2 Hosting on security in general (SSL), and various certificates.

Introduction to SSLhttps://www.a2hosting.com/kb/security/ssl/introduction-to-ssl

Difference between free and premium certificateshttps://www.a2hosting.com/kb/security/ssl/differences-between-lets-encrypt-certificates-and-traditional-ca-issued-certificates

CONTACT US FOR MORE INFORMATION

Tech Notes

After installing the certificate, change your URL settings to https://www.yoursite.com, either in the WordPress dashboard in Settings > General, or in the Cpanel in phpMyAdmin > wp-options.

Then add the following to your .htaccess file

# BEGIN REDIRECT HTTP: TO HTTPS: <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R,L] </IfModule>

Use a Search and Replace plugin (e.g., Better Search and Replace) to search your database for http://yoursite.com and http://www.yoursite.com and replace with https://www.yoursite.com.

And/or, use the SSL Insecure Content Fixer plugin (try this if you Search and Replace is not effective).

Post-SSL Installation

  • On Google Webmaster tools, you must add your https:// site, including a new sitemap, etc.
  • On Google Analytics, you must select your preferred version as https://

Online Tools to Test SSL Installation

https://sitecheck.sucuri.net/

Image Credits:

Chrome examples are from Google. The HTTPS Everywhere banner is in the public domain (from https://commons.wikimedia.org/wiki/File:Https-everywhere-banner.png).

Related Posts

Leave a Reply

Be the First to Comment!

Notify of
wpDiscuz