Fix connection “Not Secure” warning in Google Chrome. A complete guide to installing a free SSL certificate.
What you’ll learn
- Understand why SSL is important.
- Understand how SSL works.
- Migrate an HTTP WordPress website to HTTPS
- Use AutoSSL if it is enabled on the host.
- Setup redirects so Google will know the site has moved, and visitors will automatically be redirected to the secure HTTPS webpage.
- Secure the WordPress dashboard, so those that login always have a secure connection.
- Check that SSL is working on all pages on a website.
- Find and fix mixed content.
- You should have, or intend to have a WordPress website hosted on a web host using cPanel. Most hosting platforms do use cPanel..
- You need access to your cPanel and WordPress dashboard.
- Your web host should support server name indication (SNI) for Full (Strict) SSL. Ask them if in doubt, but most good hosts will. Without SNI, you can still implement the Flexible SSL described in this course and get the https lock.
Does your website show the connection as “Not Secure” in Google Chrome or other web browsers?
Every day in the news we hear about new online hacking scandals. People are aware of the need for increased security when going online, and maybe even shopping online. Trust is everything. If you run a website, then you need to act now.
Visitors to your website need to know they can trust you and your website.
Visitors can easily check by looking up at the address bar of their browser. If a web page is secure, they will see the comforting Padlock icon. Google Chrome goes one step further and adds the word “Secure” next to the padlock, just to reinforce the fact.
If a web page is not secure, there is no padlock, and Google Chrome may even state “Not Secure“.
How would that kill the trust your visitors have for your site?
The industry standard for establishing a secure and encrypted link to a website is called SSL (Secure Sockets Layer). This encryption ensures that all data moving between a web browser and a website server is private. You can tell if a website uses a secure connection because the URL begins with HTTPS://. The “s” in that prefix stands for secure, so https is the secure version of http.
To create this type of security, you need to have at least one certificate. These are issued by certificate authorities, and used to cost a lot of money. In fact, some still do. However, in this course, I will show you where you can get a free certificate and how to install it so that your site is secure. In the process, we will also add our site to Cloudflare, a content delivery network that speeds up and helps protect your website from hackers and spammers.
In this course you will learn:
- What SSL is and why it is important for a website to have that https prefix.
- That Google actually count SSL on a site as a ranking factor.
- How HTTPS works and how to set it up on your website.
- That some web hosts may have already set up an https version of your site using something called AutoSSL.
- How to check if your site already has a secure version.
- Why sites can have both http AND https versions, and why this is a bad idea.
- What to look for in a web host to make the transition to https simple and pain-free.
- What CloudFlare is and why you should be using it.
- How to setup a free account on Cloudflare and then add your site to Cloudflare.
- How to change the DNS at your registrar.
- About the various types of SSL offered by Cloudflare.
- About origin certificates.
- How to exclude your site from AutoSSL and stop your cPanel from auto-generating certificates for you. You’ll see an example of why this can be a good idea.
- How to create a free origin certificate at Cloudflare and how to install it on your server.
- How to secure your WordPress dashboard.
- How to get back into your dashboard if you accidentally get locked out in the process.
- How to set up redirects so that all of the old http web pages automatically redirect to the secure https version. This type of redirect also alerts Google that the page has permanently moved to https.
- How to avoid a problem caused by a specific WordPress caching plugin, and how to fix the problem if you still need to.
- How to check your SSL is working on all pages of your website.
- What mixed content is, how to find it, and how to fix it.
- That there are other places you may need to update links, including the robots.txt and hard-coded links you may have inserted in the past.
- How to update Google Analytics if you use it.
- How to update things in Google Search Console (Webmaster Tools) if you use this service.
The course was created to be hands on, so I show you every step of the process using one of my own sites as an example. You can follow along as we go if you like. At the end of the course I have included a second conversion, from start to finish in a single video. This video has a text file you can download with all the steps, making this video and resource the ideal companion for you as you convert your own website.
Who this course is for:
- WordPress website owners that want to move their HTTP site to the secure HTTPS
- Anyone interested in learning more about SSL and why HTTPS is important going forward.
Created by Andrew Williams
Last updated 3/2019
Size: 504.19 MB