“Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”. – Google Online Security Blog
Here’s how all HTTP only sites will appear:
Developers have been transitioning their sites to HTTPS and making the web safer for everyone. Progress last year was incredible, and it’s continued since then:
- Over 68% of Chrome traffic on both Android and Windows is now protected
- Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
- 81 of the top 100 sites on the web use HTTPS by default
Since all WordPress sites include a login page it’s recommended that a SSL certificate be purchased and installed for better security and Google search engine rankings.
“Beginning in October 2017, Chrome will show the ‘Not secure’ warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.”
This is how a non-http website will look in Chrome when a user starts to complete a form:
Besides promoting trust in your products and services, HTTPS is now a lightweight ranking signal and that over time Google is strengthening this signal. So running HTTPS can help benefit your SEO rankings.
When I first wrote about the new Google Chrome warnings for non-HTTPS websites, several clients asked about how to get a free SSL certificate solution as they can become very expensive.
In December 2015 the new certificate authority Let’s Encrypt entered Public Beta and caused a wave of excitement. The groundbreaking news meant that website owners can obtain security certificates for their websites for free instead of paying for traditional SSL certificates and install them much easier.
What is Let’s Encrypt?
Let’s Encrypt is a free, automated, and open certificate authority (CA) that issues domain-validated security certificates. The main goal of the project is to make encryption ubiquitous on the web so that all web browsing becomes safer.
The key benefits of the Let’s Encrypt certificates are:
- easy installation
- no validation emails are sent
- no dedicated IP required (which is extra money)
- trusted by all major browsers
- auto renewable
How to add a free SSL certificate to your WordPress website with Let’s Encrypt:
Adding an SSL certificate to your WordPress website can be daunting, so it’s sensible to to sign-up with, or even MOVE your website to a hosting company that offers built-in integration from the beginning.
For example, SiteGround offers built-in integration of free SSL certificates. They have supported the global initiative to create free SSL certificates for everybody using Let’s Encrypt almost from its beginning. They automatically issue and install a free certificate for the majority of the domains hosted on their shared servers.
You can access a simple interface by logging in to your cPanel to easily install and manage your Let’s Encrypt certificates. (To learn how to use it, see Let’s Encrypt cPanel tutorial.) You can also have multiple certificates installed on your account for each domain and sub-domain you want. The certificates auto renew unless you choose to cancel them through the cPanel Security area.
In your cPanel, clicking on the Let’s Encrypt button will bring you to the Let’s Encrypt install page. You will need to select the domain name where you want to use the free SSL, and then provide a valid email address.
Once there, you will see a list of the installed certificates for your account:
Issuing a certificate is just a first step in making your website work properly over HTTPS. You’ll need some additional configuration so that your domain is not accessible from both over http and https, to avoid duplicate content.
Now that you have successfully integrated Let’s Encrypt you’ll need to update your WordPress URL’s and then fix any insecure content issues!
It’s also very important to add your new https website URL to Google’s search console.
With Let’s Encrypt’s free open-source SSL certificate, now is a great time to switch your website to HTTPS!
“HTTPS doesn’t just protect user data, it also ensures that the user is really connecting to the right site and not an imposter site. HTTPS also ensures that a malicious third party can’t hijack the connection and insert malware or censor information.”
If you need technical assistance in migrating your website to HTTPS, or moving your website to a new host, let’s chat.
Director, Marketing and Creative Services