Here we are, in a digital world that is getting trickier and trickier to keep safe and secure. Google is all over this issue and, on January 10, 2017, will start penalizing sites that don’t have an SSL Certificate (a Secure Socket Layer which makes your site more secure and changes the URL from http:// to https://.) For now, this penalty applies to pages with forms and ecommerce, but the long term goal is to penalize all http sites. See what Google’s saying here. So this blog post is my strong encouragement to you to get an SSL. I have created a new service for those who need help addressing this issue.
My first question to you is, are you hosted by Cloud Access? If so, they offer a free SSL Certificate, as well as a paid version. The free one is not as intense as the paid one, but it will keep you safer and prevent Google’s displeasure in the ranking department. So if you’re hosted by Cloud Access and you haven’t done this already, here’s how you sign up: Login to your Cloud Control Panel and select Manage > Security > LetsEncrypt SSL. Then click the button to activate your new SSL. (If you have security enabled on the files and/or database on your Cloudaccess control panel, be sure to disable them before starting this process and remember to enable them afterwards.)
After installing a certificate, regardless of whether you’re on Cloud Access, Joomla site owners need to log into the back end and go to Global Configuration -> Server -> Force SSL -> and choose Entire Site. WordPress site owners log into the admin area, go to General Settings and then change the WordPress Address (URL) and the Site Address (URL) to https://yoursitesname.com.
Be prepared to wait at least an hour for these changes to take effect before trying to access your site or you may get a scary security warning. Check it in two hours to be sure. You should see https:// in front of the URL. If not, and if you’re on a WordPress site, you may need to use a plugin like Really Simple SSL to force the certificate to work. One more thing to check: once the https is displaying, look for a green padlock to the left of the URL in the address bar of your browser. If you don’t have one, then there are elements to your site that are not being forced into https. You then need to visit https://www.whynopadlock.com and enter your URL. The results will show you which pages or images are not using https in the address. You will need to fix each of them. (I can help with this as part of my SSL service.)
For those of you who aren’t hosted by Cloud Access, let me help you discern whether this needs to be an issue for you at all. Answer these questions:
- Do you care about your search ranking in Google, Bing or others? That’s an honest question, and not a joke. Some people’s sites are not geared to search results.
- Do you have a page on your site that allows you or others to log in?
- Do you have a unique login URL for your site? (wordpress sites that end in /wp-admin and Joomla sites that end in /administrator are not unique)
- Do you have a contact form, or any other form on your site?
- Do you have ecommerce on your site?
If your answer is no to all of the above, I can’t see why your site would be significantly more secure with an SSL. If your answer is no to all but #1, it’s very possible that Google will not penalize your ranking now, but they have a long term plan to penalize all non-https sites, so you may want to lock it down with an SSL just to be sure.
If your answers are all no to the above questions, and your site loads slowly, you might want to skip the SSL which will disallow caching and slow down the load time for repeat visitors.
Need help? See my SSL activation service info here.
Good luck getting your SSL in place, and feel free to ask a question in the comment field below. I promise to answer to the best of my ability. Let’s be careful out there! (If you remember the name of the defunct TV show that popularized that quote, along with Let’s be safe out there, post it in the comments below. I’ll give the first person with the correct answer some customized SSL advice over the phone.)
PS: If you want to move your WordPress or Joomla site to Cloud Access from another host to take advantage of this free SSL offer, and many other benefits, you can follow my affiliate link, which – full disclosure – generates income for me. SEE WHY I LOVE THIS COMPANY. Call them first to make sure the move from your existing host will be easy. 231-421-7160.