In this article I’ll discuss why adding an SSL certificate to your WordPress website doesn’t guarantee that it will be setup correctly or that Google will know you have one. I’ll also reveal the two simplest ways to get your SSL installed and working correctly on your WordPress site.
With all the buzz around the Google Chrome browser changes, there’s a mad dash to add an SSL certificate to your website.
If you’ve purchased your SSL and have it installed on your hosting, in some cases, you may visit your WordPress site and still see the “not secure” message and no green padlock.
There are five steps to getting the SSL certificate working right
These steps will vary a little depending on your hosting provider, some host automatically handle all of them, others only auto install the certificate.
These are the steps:
- Domain Verification
- Certificate Installed
- Correct WordPress mixed content warnings
- Redirect HTTP to HTTPS
- Notify Google of the update
Domain Verification
This is simply a process of verifying the ownership or control of the domain. This is a way to add protection to your domain and prevents someone else for getting an SSL certificate using your domain name.
Basically, it prevents malicious use of your domain and keeps you protected.
This is done a couple different ways and will differ based on hosting provider and domain registrar.
Certificate Installation
Again, depending on your hosting provider, this may or may not be down automatically.
If you buy your SSL cert from one company and host with another, you will likely have to manually install your cert.
Some WordPress hosting companies will install a 3rd part certificate for you at no extra charge.
I do have a tutorial that shows how to install an SSL on a cPanel hosting account.
Correct WordPress Mixed Content Warnings
This usually occurs when you’ve built a WordPress site before adding the SSL and the links to images and other site content is using the HTTP version of the URL.
Once you add the SSL, those image links don’t always get changed over to the HTTPS version so you may still not get the green padlock. If you click the info icon you’ll see a message that “some content on the page is not secure”.
In order to fix this you have to update all URLs throughout the site.
And depending on how you built the site, whether you used Divi, or some other drag and drop website builder plugin, this could be a difficult task.
Redirect HTTP to HTTPS
These are two different protocols. HTTP is unsecured and HTTPS is secure. Which means either one will always work and HTTP is currently the default.
Hosting companies are moving in the direction of making HTTPS the default protocol, but in most cases, you will still need to setup an HTTPS redirect.
Which means, no matter what people type into the address bar in a web browser, when they get to your website, they will see HTTPS and a green padlock.
There are several ways to do this, but I promised to show you the two simplest ways, keep reading.
Notify Google of URL Change
If Google had your website indexed before you added the SSL certificate, the URLs in their database will be the standard HTTP URL.
Now that you’ve switched to HTTPS by adding the SSL, you will want them to update your listings.
This is important for two reasons.
- Google is now requiring the SSL for search rankings (SEO)
- People are more aware of the security so now they are looking for secure URLs, a.k.a HTTPS
Being proactive with submitting these updates to Google will ensure it gets done quicker then waiting for them to send a bot to randomly check your site.
The 2 easiest ways to get this done
You will need to have an SSL certificate already purchased before using either of these options.
1. Done-for-you service.
When you order a One Time Fix, we will setup your already purchased SSL certificate on your WordPress site, and make sure that each item listed above is complete.
2. Do-it-yourself.
Using a plugin or two.
You’ll have to get the certificate set up and installed but then you can used these two plugins to help with the rest. Your hosting provider should be able to assist with the purchase and setup/install.
With Really Simple SSL plugin, you can get the HTTP redirect and mixed content taken care of just by activating the plugin.
And with the Yoast SEO plugin, you can have an updated sitemap submitted to Google for the URL change.
The first option, ordering a One Time Fix is probably the easiest way to get this done.
One final thought!
You could just move you’re website to the best Manage WordPress hosting provider on the market.
If you’re hosting with WP Engine, the SSL certificate is built into their platform and is automatically setup when you setup your account.
They will also install a 3rd party SSL for you and implement a HTTP redirect.
Migrating your site to WP Engine is quite simple, and something I can do for you!
If you signup for WP Engine, use this link and I’ll migrate your site for FREE! Just email me after you setup your WP Engine account.
The Wrap Up
Make sure you get an SSL certificate added to your WordPress website, but also be sure to get each of these things done.
- Domain Verification
- Certificate Installed
- Correct WordPress mixed content warnings
- Redirect HTTP to HTTPS
- Notify Google of the update
These are the two plugins I recommend:
- Really Simple SSL
- Yoast SEO
If you want to have somebody else handle this for you, just use the link below to order a One Time Fix
If you have any questions or feedback, please use the comments below!
I am not getting SSL certification for my newly created website, that is so difficult for me but these ways make them easy for me, thanks.