How and Why to Upgrade your Website to Https
We’ve heard rumors of this happening for a while now but the new Google Chrome update is actually here and there’s a chance your clients’ businesses (and your own) could be greatly impacted if not properly prepared.
What is this Chrome update all about?
Basically, with the recent Chrome 68 update, website pages loaded without HTTPS will be marked as “not secure” in a location that is difficult to ignore. This will appear to the left of the URL on site pages. Site pages that have already migrated to HTTPS will say “secure” in green in the same location. HTTPS is no longer just a must for e-commerce sites. This change impacts all websites.
As a marketing consultant, this may not be new news to you. Google has been pushing websites to make the change for years, with references to Google rank boosts for those that make the switch (it’s confirmed that Google’s ranking algorithm favors HTTPS) and implications of issues if the transition doesn’t happen. The only difference is that it’s no longer rumors, the change is actually happening.
Google is all about providing a good experience for its users, and providing a secure and relevant experience is another way to do that. The way they see it is that safe browsing is good for business.
NOTE: If you don’t feel like getting under the hood and doing this, seek help – it’s important but you can also take a site offline if you don’t know basic WordPress set-up.
How does this impact your clients’ businesses?
More than half of the people online use Chrome as their web browser. When these users see this new warning, they will be less likely to interact with these sites, which, I’m sure goes without saying, is a big issue and could have major impacts on your marketing efforts.
From a trust standpoint, you don’t want that warning showing up for your clients. This will inevitably impact their SEO as well. At the end of the day, follow Google’s lead. Don’t you want your clients’ visitors to have the best online experience possible? This is one way to provide that.
Additionally, there are other benefits to migrating to HTTPS, including:
- Encryption keeps your client’s site secure
- Data cannot be modified or corrupted without you being alerted
With all the cybersecurity issues in the news these days, I know I probably wouldn’t stay around very long on a site that isn’t secure, would you?
What you can do about these changes
To see where your clients’ websites currently stand, download the most recent version of Chrome and pull up their websites. If there isn’t a lock to the left of the URL, they’re likely about to receive that more substantial warning on their site.
Moral of the story? You need to switch all of your clients to HTTPS now if you haven’t already done so.
The switch to HTTPS can be a tedious and nerve-wracking process, but it doesn’t have to be. The transition can be fast, easy, and cost-effective (even free), so there’s no excuse for not making the switch. All you actually need to do is obtain an SSL certificate and configure your site to redirect traffic to HTTPS.
I’ve found a lot of success with updating clients’ websites quickly with a tool called Cloudflare.
Cloudflare is often referred to as a Content Distribution Network (CDN) and has been used for years by larger sites to help even out their traffic. (We use it on all of our sites.)
The free account from Cloudflare also allows you to use a free shared SSL certificate that will work to secure most WordPress sites. (If you plan to use an SSL certificate for things like API integration you’ll need your own certificate – but that’s for another day.)
A couple of other things that a Cloudflare account can do is speed up your site and make it more secure from attacks so it’s a great tool anyway.
Here’s a brief description from their site of how they can help:
“If you sign up with us and point your nameservers to Cloudflare, we take care of the rest for free: validating your domain with one of our Certificate Authority partners, issuing a certificate that covers the apex of your domain and any subdomains (e.g., example.com and *.example.com), deploying that certificate to our 120+ data centers around the world for optimal performance, and renewing the certificate automatically when needed.”
Here’s the process from Cloudflare:
- Create a free Cloudflare account – there are paid versions with more features, but you likely won’t need these
- Change your Nameservers to one that Cloudflare provides – you’ll need access to your DNS either through your current host or say GoDaddy.
- Enable Flexible SSL from Crypto menu on Cloudflare then don’t do anything until you see it says “Active Certificate”
Now the fun starts!
Once you see Active Certificate you can make some changes.
Mixed Content Errors
It is highly likely you will encounter some Mixed Content Errors
Mixed content occurs when a webpage containing a combination of both secure (HTTPS) and non-secure (HTTP) content is delivered over SSL to the browser. Non-secure content can theoretically be read or modified by attackers, even though the parent page is served over HTTPs.
So if you’ve got images and scripts with http vs https you won’t be able to create the coveted
If you’re on WordPress the easiest fix is to employ a plugin called http/https remover – this plugin takes the http off of every file and link and allows the server to choose the default https for everything.
Back to Cloudflare
- Now you can tell Cloudflare to default to HTTPS
- Go back to Cloudflare and select the Crypto tab again and scroll down and tick the Always Use HTTPS button
Disclaimer: Let’s hope this works for you – there are countless ways to set up WordPress and so many things that could be done in a fashion will need to be fixed for this to work – I’ve spent a lot of hours finding ways this won’t work and they are plentiful.
If you’re looking for a quick solution, definitely consider an account with these guys. It will help relieve a lot of the stress you likely have around this topic.
While this changes may seem like an inconvenience, they are put in place for a reason, that could ultimately make the internet a safer place. I’d also recommend keeping tabs on further updates from Google as it relates to site security, as it seems like this is the first step in many towards shifting away from HTTP. We’ll also likely see other browsers, such as Firefox, follow in Google’s footsteps.
Have you implemented these changes for your clients? If not, I’d recommend putting a plan in place now.
If you liked this post, check out our Small Business Guide to Website Design.