So, you’re wondering, “”do I need SSL for my website?” Well, yes you do because it encrypts the connection between the website and the web browser, making it more secure. Going forwards, Google is going to be favoring websites with SSL, so it is well worth having.
Jay at Wealthy Affiliate recently did a live training session all about SSL:
Clicking above will take you Wealthy Affiliate where you can watch the video. However, you will need to sign up for an account. If you don’t want to do that, I have written an article below based on Jay’s video, so you can read that instead if you like. Just be aware that it includes a few things that I did slightly differently to what Jay advised.
- What is SSL?
- Why Website Security is Important
- SSL from an SEO Perspective
- How to Enable SSL on Your Website
- Letting Google Know About Your HTTPS
- Q & A
What is SSL?
SSL stands for Secure Sockets Layer. When you add SSL to your website, you will see HTTPS in the address bar as well as a padlock icon. SSL is normally a difficult process. But it is awesome to have.
The idea behind all of this is to future proof your business so that it is not likely to become obsolete. Of course, not all things are future proof, but you should try to do whatever you can to make sure your business stays relevant and effective in the future.
So, adding SSL to your website, and therefore making it secure, enables you to:
- Set up an e-commerce store.
- Process credit card payments.
- Securely hold client details.
- Create a membership site.
Why Website Security is Important
Have you ever been to a website and your web browser throws up a warning saying the website might contain something harmful? Or maybe you have done a search on Google and seen it say “this site may harm your computer”. Obviously, this is the last thing you want to happen with your own website because it means people will stop coming to your site.
According to a report from March 2016, Google says that over 50 million website users have come across a warning of some kind about the website they are trying to visit. 50 million websites! And to put that into perspective, that figure was only 17 million in March 2015, so in the space of just a year, Google had warned 33 million web users.
At the moment, Google is blacklisting 20,000 websites every week just for containing malware, and 50,000 websites for phishing (trying to steal information from people).
At this point you may be wondering, why would Google index a website that contains malware? Well, at one point the websites would not have contained malware, but at a later date when Google crawled the websites it detected problems. And the great shame is, the more popular a website is, the more likely it is going to be targeted by hackers wanting to infect it with malware.
Take a look at this breakdown of the types of website affected with malware:
As you can see, 78% of them are WordPress websites. One big reason for this is because WordPress has so many available plugins. Plugins are one of the top contributors to malware on websites.
This doesn’t mean you should avoid installing plugins on your website. Rather, it just means you need to be a bit careful about the plugins you install. One way to do this is to only install plugins that are in the official WordPress plugins directory.
Also, as plugins become outdated they become more vulnerable, so try to use plugins that are kept regularly updated. The top 3 outdated plugins contributing to malware are:
SSL from an SEO Perspective
Google now considers HTTPS a ranking signal. This means if you are trying to rank on page 1 of Google, and you are competing against another website that has HTTPS while your website doesn’t, Google will favor the other website.
This doesn’t mean that if you don’t have SSL your website is not going to rank in Google at all. It just means it is another factor that Google looks at when deciding which websites to show in its search results. So having SSL is worth having.
You may also find that your website gets better engagement and more conversions (sales, opt-ins, etc.). This is because people trust websites that have HTTPS in the address bar. When people arrive on your website and see it is secure, it makes them feel like your website is more trustworthy.
How to Enable SSL on Your Website
SSL is now available to all members of Wealthy Affiliate. All you need to do is hover your mouse over the light blue SiteRubix menu, then click SiteManager:
You then click the SitePlus icon:
You will notice that one of the SitePlus features, SpamProtect, is already switched on. So all you need to do is click “On” on the SiteSSL feature. In less than a minute, SSL should be activated on your website.
Hopefully, you will then get HTTPS and the padlock icon when you visit your website. HOWEVER, if you don’t see the padlock icon, it means there are still some insecure things on your website. Two common things that can be insecure are:
- Something in one of your plugins.
- Embedded external banners.
Here’s where my advice differs a bit from Jay’s advice. I recommend you save yourself a bit of time and hassle by using a plugin called SSL Insecure Content Fixer.
Once you have installed and activated this plugin, go to Settings and click “SSL Insecure Content”:
I suggest you use the “Widgets” setting, then save the settings. This will probably sort out most non-secure items on your website.
Once you have done this, you will need to manually check every page and post on your website in your web browser. Yes, I know this is boring and time-consuming, but it needs to be done. Set aside an hour or two (depending on how big your website is, or whether you have several websites) to go through everything and check to see if you see the “https” and the padlock icon.
If you come across a page or post that doesn’t have the “https” and padlock icon, go to https://www.whynopadlock.com. Paste in the URL of the page or post and let it check it. It will then show you which piece of content is not secure. If you are confident enough to fix it yourself, do so.
If you are not sure what to do, submit a SiteSupport ticket within your Wealthy Affiliate account and give as much information as possible to them:
Letting Google Know About Your HTTPS
The great thing that happens when you turn on SSL within Wealthy Affiliate, is all your old URLs will automatically be redirected to the new HTTPS version, including your sitemap. This means Google will know that your site has SSL installed.
However, you can speed up the process manually. But you should only do this once you definitely know your whole website is secure.
But, once the whole of your website is showing as secure, go into your Google Search Console account and re-submit your website as a new site with the new HTTPS URL. Don’t delete the website with the old URL, though!
You should then submit your new HTTPS site map. In Google Search Console, click your website, then click “Sitemaps”:
Then click “Add/Test a Sitemap”
Enter your new site map and click “Submit”
After you have done that in Search Console, you should then update your website details within Google Analytics.
In Analytics, go to Admin:
Select your website from the middle drop-down list:
Click “Property Settings”, then under “Default URL”, click the HTTP drop-down and select “https”.
Then scroll to the bottom and click “Save”.
If you have a Bing Webmaster Tools account, you can also resubmit your sitemap there. Simply log into Bing Webmaster Tools, click your website, and click “Submit a Sitemap”:
You can then just paste in your new sitemap with “https” and click “Submit”:
Q & A
Q: Do external links pointing out of my site need to be HTTPS?
No, these are fine. You can link to non-SSL websites without any problems.
Q: In Google Search Console, do I need to add the www and non-www version of my website URL?
No, don’t worry about this. Just add the version that your website actually uses. The other version will redirect to it anyway.
Q: If someone posts a comment on my website and includes a non-HTTP link to their website, is this a problem?
No, this is fine.
Q: Is an HTTPS website heavier than a non-HTTPS website?
Q: Do I need to be a Yearly member of Wealthy Affiliate to make use of their SiteSSL feature?
No, you can use it if you are a monthly Premium member too. However, your website does need to have its own domain name.
Q: Do free SiteRubix websites have the SiteSSL feature?
No, your website needs to have its own domain name.
Q: What if a backlink to my website still uses HTTP instead of HTTPS?
If they are backlinks you can change yourself, such as links within YouTube video descriptions, change them. If they are backlinks you cannot change, don’t worry about them.
Q: How long will it take for Google to recognize my website has HTTPS if I DON’T submit to Google Search Console?
There’s no set time, but it will definitely be quicker if you do submit it.
Q: If I get the green padlock icon on my front page, does that mean my whole site is secure?
No, you still need to check each page.
Q: If I am processing payments on just a few pages on my website, do I need to make the whole website secure?
Yes, you should make the whole website secure. However, if your payment page is a subdomain like pay.yourwebsite.com, you can just add SSL to that subdomain.
Q: Are there any reasons NOT to install SSL on my website?
No, not if your website is hosted on Wealthy Affiliate because it’s so easy. If your website is hosted elsewhere, it might be more hassle and more expensive, though.
Q: How do I handle an insecure style sheet?
If you have custom CSS code on your website, you will need to fix the HTTP wherever you have added the custom CSS code.
Q: Will installing SSL affect my search results?
Sometimes there can be a fluctuation in search results with a big website change such as SSL. However, Jay says that he has only had positive results when adding SSL to a website. You shouldn’t have any problems with rankings if you follow the steps set out here.
If you have not yet added your website to Google Search Console yet, you should add the HTTP version first before you install SSL on your website, then wait a few days. Then once you have SSL installed and have made sure all your pages and posts are showing as secure, then you should add the HTTPS version to Google Search Console.
Okay, I hope you found this article answering the question “do I need SSL on my website?” helpful. If you have any comments or questions, why not post them to the comments section below.