If you haven’t heard yet, Google is cracking down on non secure sites! What exactly does this mean? Well…in short, Google’s browser Chrome will now make it very clear the site you are visiting is not secure. It no longer matters if you are storing sensitive information or not from your users, your site will require an SSL certificate to avoid Google Chrome from displaying a red unsecure lock in the browser.
To avoid this, head over to your hosting provider or a service like GoDaddy and purchase an SSL. Then take the steps necessary to connect the SSL to your host. Once you’ve completed that, you’re off to making your website SSL ready!
Wait…What does that mean?
For a site to be SSL “ready”, all the media files, links to internal pages and assets need to be brought in using the HTTPS prefix. For example, when you embed an image using an absolute path onto a website, you generally include it like so:
<img src=”http://www.mydomain.com/images/image.jpg”>
While this is OK for non secure sites, this will cause the SSL to disable. In turn, displaying a red non secure lock.
The best way to do this would be to reference the image link as a relative path:
<img src=”images/image.jpg”>
Now, while that may be the best way to do it, we don’t always have the luxury of doing this. Sometimes we don’t have control over this or we have to use a relative path. In that case it is important you reference your image using HTTPS. As such:
<img src=”https://www.mydomain.com/images/image.jpg”>
Make sense? Ok, moving on…
Now, if you are a WordPress website owner, you’re probably thinking “What? I’ve never included an image that way” and you would be correct. WordPress gives us some great tools to manage our content including WYSIWYG editors and Media Embed buttons that do the heavy lifting for us.
This is where the Really Simple SSL plugin comes handy. URL paths to files and assets are not only limited to images but also include core files that allow your WordPress site to function. These files can be hard to access sometimes and require a tool to edit. This may seem like a very scary and complicated task to undertake but luckily it’s not.
Really Simple SSL does exactly this and more. This plugin makes it very simple to make sure any references to files are brought in as HTTPS. Now, the plugin doesn’t stop there. It makes some other changes needed to make sure your site works well under and SSL. And before you ask, yes, all these changes are reversible. So no need to worry about permanent changes.
To get started with Really Simple SSL. Simply log into your WordPress admin, head over to the plugins section. Select Add New plugin and search “Really Simple SSL”. Click Install. Once installation has completed all that is left to do is click Active. Take note, once you click Active, Really SImple SSL will immediately take effect. If you feel you weren’t ready to active the plugin, no problem. Simply deactivate the plugin. Once your website is ready to be SSL secure simply activate the plugin again.
Download Really Simple SSL: https://wordpress.org/plugins/really-simple-ssl/
Bonus Tip:
Depending on your how your WordPress Website was built you may need to make manual changes in your theme files. When dealing with highly custom sites, you may find some files and image assets where hardcoded in with HTTP in the URL. This would need to be changed and Really Simple SSL does not modify files.
Warning! If your experience with web development is limited, we highly recommend contacting an experienced web developer to assess and update the changes needed. Not all WordPress Themes are built the same and could potentially require proper assessment before altering.
If you choose to approach these changes yourself, we recommend you make a backup and download a local copy of your website and use a text editor tool such as Sublime Text to search the entire contents of you theme for “HTTP://”. This would be a good starting point to find any non secure references in your theme folder.
Hopefully after reading this article you will have a good idea on how to ready your WordPress Website for an SSL certificate.
