An encrypted WordPress site is very important in today’s world, chances are that if you read this blog you probably know a thing or two about https and why it’s becoming so popular, the keys being secured and Google pushing the implementation more and more with each update.
The standard way of transmitting data to and from the internet in what is known as HTTP 1.1 protocol is something that will sooner or later will become a thing of the past. With the ever increasing attempts at hacking, theft and rising privacy concerns of the technological world of today, the encrypted way of doing things is getting more and more important to the point that Google will penalize websites that are not secured.
When Google and several other companies put as their objective to change a technological paradigm, we better follow suit, specially if the points in argument are more than logical and needed.
HTTPS implementation will help prevent theft, will secure your WordPress site and will improve its visibility. The way Google decided to force this change is by a 2-way plan:
- Display of a warning on Google Chrome for non secure sites.
- Giving a slight increase in SEO visibility to SSL-enabled sites.
A bit too much
The idea that Google had initially was a bit too much. They planned to have the browser display red warning signs to non-encrypted sites. A warning such as this:
Google decided to back off that plan and not do it just yet, but they may decide to implement it at a later stage, so it is only a matter of time.
How we are today
The current treatment of non-secure sites in Google Chrome is something like this:
The warning sign is not severe but it is subject of concern to all non-SSL sites because the trend will clearly affect those sites more and more in the future. On the other hand, this is how Google decided to push the SSL-enabled content on their browser.
Not only does it show the green lock but they added the Secure legend to further signal the importance.
But the Certificate is not free, or is it?
Yes and no. If you own a digital store you need to take care of paying for a certificate because there will be a company behind that certificate that will give a guaranteed sum of money in case of theft. You need this guarantee for your customers. Paying for a certificate when you sell stuff on the internet is a must. But what about your new blog or your magazine?, you don’t sell stuff there, you post articles and make useful information available. In that case, Let’s Encrypt is the first gate to your free certificate that can be easily added to WordPress and instantly improve your Google SEO rating.
Let’s Encrypt certificate can’t guarantee any amount of money because they can’t guarantee anything besides giving you a free certificate, but it will be absolutely valuable if you don’t sell stuff on your site and you just want to reap the benefits of going secure.
Using SSL encryption will not only allow you to enter into Google’s good behavior pattern but will also benefit you with the new and improved HTTP/2 protocol which is and will be only supported on SSL enabled sites. A decision made by all major companies when the new standard came to be.
Let’s Encrypt Plugin
So, you’re interested in going https with your WordPress installation? This is your first step.
The plugin can be easily added from the WordPress Plugins directory or directly from your WordPress installation. You can search for it and enable it. Let’s see how it looks.
The first thing to do is to load all the pertinent important information. It is highly advisable to fill the form properly with correct data because this will be stored in your certificate. The auto-generate certificate and expire warnings should be enabled.
Once you have everything in place, proceed to Register Account. This will send the signal to Let’s Encrypt servers and will proceed to create your new certificate. Let’s Encrypt certificates have a validity of 60 days and will be auto-renewed if you keep your WordPress plugin in place.
Once the certificate is in place you can easily download the information so you can upload it to your hosting control panel, the routes will be easily visible and you can use any file explorer or even an FTP connection to extract those files.
There will be different procedures to upload and activate the certificate according to your control panel of choice but I will not cover those. I will show you the most widely used today, which is cPanel so you can get an idea.
Install the certificate on cPanel
From your account panel you can go to your SSL/TLS settings
You will proceed to go to Install and Manage SSL for your site.
The first thing to do is fill the domain field and then you can easily copy-paste the contents of the certificate file, which will be the cert.pem that Let’s Encrypt plugin gives you and the Private key, corresponding to the private.pem file.
Once you have everything in place, the certificate should be enabled. The next step is to go into your WordPress installation and point it to the https version, like this:
That’s it !. Your site should be running on https now !
But I’m getting mixed content!
Mixed content is something that will always happen after you switch your site and it will break your green lock display on all browsers. This happens when some of your assets are loaded over http and the problem with mixed content is that even a single asset loaded over http can break your green lock and penalize you for it so you should absolutely need to take care of it.
The solution can be as easy as an SQL query in your phpMyAdmin menu.
You need to replace the specific parts in your WordPress database that are currently pointing to your old http site version. This can be easily done with just 2 SQL queries. You need to copy paste this content and modify it with your domain and execute those queries in the SQL Query window of phpMyAdmin:
UPDATE wp_posts SET post_content = replace(post_content, 'http://www.yoursite.com/', 'https://www.yoursite.com/');
UPDATE wp_postmeta SET meta_value = replace(meta_value,'http://www.yoursite.com/','https://www.yoursite.com/');
This piece of code will replace all the instances in the database that has http assets with the https version, you just need to replace the www.yourdomain.com part of the code with your domain value and please, do a backup of your database before trying it !
Once you execute that query you should see the amount of links that got modified. If you’re using Divi don’t forget to modify the location of your Logo & Favicon with the https version since that data won’t get modified by these queries.
Implementing https on your WordPress site is easier than ever now and with a single query to your database you can fix any mixed-content errors and have your site running in SSL in no time. The later steps involves adding a new SSL domain in your Google Webmaster tools and Analytics and monitoring any 404 errors that may arise. There is no excuse to switch your site to Secure and be ahead of the changes that are coming.