SSL and Browser Security Warnings – How To Make Your Website Secure

If your website has a contact form and it isn’t securely set up with an SSL certificate, security warnings are going to start showing up on Chrome when visitors visit your site using that browser. If your site is set up with Google Search Console (and your site should be!) you probably got an email about this.

Chrome Will Show Security Warning

Chrome is one of the most widely used browsers and there’s a good chance the bulk of your site’s visitors use it so if your business relies on people filling out forms on your website to fill your lead funnels then you are going to want to fix this ASAP. Doing so gives visitors the comfort factor that the details they submit on the form are encrypted and secure.

SSL – How To Make Your Site Secure

First things first, pages or sites that are secure have HTTPS rather than HTTP as their URL. I don’t want to get too technical in this article but if you want visit this to find out more about HTTP and HTTPS . The extra S simply denotes a site that is Secure.

In order to set your site up as secure you have to purchase an SSL  Certificate. There are two options.

  1. Free Options  – Free certificates are fairly new (see https://letsencrypt.org/), but just as valid as paid certificates; they take a bit of configuring with the hosting company.
  2. The traditional method is to pay for a HTTPS certificate for the domain name. HTTPS certificates expire after a certain amount of time; generally you purchase for one or more years. When the certificate expires, it will no longer work and users will see a “This site is insecure” message when they try to visit the website. A new one has to be purchased and configured.

It’s often easiest to purchase it through your domain provider or hosting firm so you have less to worry about but be careful not to get gouged – some SSL Certifcates cost as little at $11 all the way up to $200 for basically the same thing.

Once you’ve bought the SSL Certificate then you can install it on the server and make the switch. Get your website developer or someone who know what they are doing to do this to be on the safe side and  ensure that nothing breaks in the process.

Before you start any of this though it is important to know that the change can impact your SEO and any URLS you have out there and that there will be a bunch of work after the fact to complete the process. You should also be aware that it can take up to 24 hours before everything propogates and your site is back to normal (so do this at a low traffic time to avoid too much disruption).

AdWords and HTTPS

If you are running AdWords campaigns, pause your campaigns prior to making the switch. Once the changes have propogated you will have to change all of your Final Destination URLS and any URLs in your extension links over to HTTPS. Unfortunately this means all the data on your current ads will be lost.

To change the Final Destination URLs, select all the ads you want to change and use the bulk editor in AdWords to replace the http with https.

For extensions this is slightly trickier, select all your extensions and download these. Edit the spreadsheet you have downloaded by doing a search and replace on http and replace it with https then upload the file.

Your ad will then go through the approval process which can take a few hours.

Google Analytics and HTTPS

If your HTTPS is set up as a redirect (which it probably is), then the simplest way to do this is through changing your analytics property settings to https rather than http. To do this, head over to the admin setting in your Google Analytics account, click on property settings then change the efault URL to htttps from the dropdown.

Search Console and HTTPS

Search console is a little different in that you should have a separate instance for the HTTPS. Google recommends that you add a new instance of your site in Search Console. Technically you should have 4 instances of Analytics (www, without www, http and https).  Add a property from your search console dashboard using https as the URL. You should be able to verify this from your Analytics or Google Tag Manager in the Alternative Methods tab of the verification section. Once you are done, submit your new sitemap. Revisit this in a couple of days to make sure the sitemaps is indexed and to check your crawl errors and fix any broken links. You should also check your robots.txt while you are in there.

Social Media and HTTPS

If you have a social media presence (who doesn’t?), it is a good idea to go through the deep links in your bios to make sure that the URL is listed as https instead of http.

SEO and HTTPS

Finally, you should run an SEO audit of your site to identify any http / https conflicts or mixed content issues (for example in image URLS and third part external links). There are WordPress plugins that can help you to easily fix these in bulk. If you don’t, pages that have old http links may show up as insecure in Chrome.

And finally, it is important to remember that when you upload images from now on the URL should use https too.

HTTPS and SSL In Conclusion

Making the switch to https is worth it and shouldn’t take more than a few hours to do. It’s important to understand the impact that your changes might make in other places too and to limit any negative impact by coordinating updates to your AdWords, Analytics and Search Console as soon after the site propagates as possible.

Need help with that making the switch to SSL or with switching over your AdWords and Analytics once the change is made, contact us – we’d love to help!

 

 

 

 

 

 

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.