hack-813290_1280

In the beginning of this year, Google, eh, Google Chrome announced that they will be discouraging non-secure HTTP websites. Basically Google prefers secured websites in search rankings and after the announcement the measures were surely going to be tighter. But this time it is not just about the result rankings, if you own a website, especially a business website, you must move your site from a non-secure connection to a secure one. Why?

google-loves-https-rect21595

Three Reasons to switch to HTTPS now!

First reason, Google Chrome is world’s most used browser and whatever is its concern, concerns the internet. Therefore if Google Chrome said that they need you to add SSL to your site, you must. According to the announcement, Chrome will be warning users that the site, your site, they are visiting is not secure and may harm their privacy by allowing hackers or intermediates steal their details.

Now, the second reason is good enough as the first. It is more of a psychological reason. Irrespective of how Google is encouraging you now to use SSL, you must had done it already at yourself. Visitors & bots love the sites with green padlock https-padlock(symbol of secure connection) on top. This gives them the trust to browse a site without fearing if any external power, like government agency or hacker is watching their browsing activities. As a regular blog scroller, I love reading & commenting on the sites that are hosted on a secure domain.

If there had be a third reason it should be the shaming technique Chrome is going to use now and on.

Google Chrome will be indicating the websites without secure connection with alerting symbols in the browser’s address bar. According to some press releases, Chrome will be straightforward as to say a site not on HTTPS, Not Secure with a red warning next to the domain.

14907277_4499863539997_1014762697210338269_n

So if you are reading this and you own a website, you must understand the consequences and take a step to upgrade your site to a secure connection.

Well, as an owner of a small or medium website, you may think of this to be unfair, as not every site deals with personal details of visitor. Even though if you think that you are being forced onto this, rule is the rule.

How to set up my website on HTTPS?

You can buy an SSL certificate from your domain or hosting provider and get started with it in minutes. But did you really waste your time on this article just to know that you would have to buy something in order to use it? No. There is a free alternative to almost everything, and there exists one for this too. Instead of just knowing the free way, let’s pick all options one by one.

1. Shared Hosting? Buy an SSL from your common domain & hosting provider

If your website is on a shared web hosting server, including blogger, you will have to buy an SSL certificate from your domain provider and install that on your webhost. But for this to work, I figure, your domain & hosting providers must be the same. If you buy a separate SSL certificate for your domain that is managed elsewhere than your webhost, you might not be able to install the purchased certificate on your webserver.

2. Upgraded to a private server? Buy an SSL or get a free SSL: Your choice

You can get free SSL certificates from generous websites like FreeSSL.com, but to install those you would need a fully controlled private server. A private server costs higher than a shared server but the total cost of free SSL + Private Server will be lesser than the cost you put in a paid SSL + quality shared server. At nearly ₹9000 ($150), you can get a pretty nice private server & install your own free SSL key. Free SSLs can be installed on private servers in a ziffy.

How to use Free SSL on shared hosting / any website

Once word solution, Cloudflare.
To get a free SSL certificate using cloudflare, just register your domain on cloudflare.com, update nameserver, enable SSL over there and create a new certificate. This screenshot explains more.
cloudflare-settings-gauravtiwari-ssl-certificate
If you own a static webpage or CMS other than WordPress, you are all done. Your site should be now accessible on your new https URL.
But if your site runs on  WordPress, you will have to make some important changes.
insecure-content-fixer
First you will have to fix insecure content in your site so that your dashboard doesn’t break. The solution is as simple as a plugin. Just install and activate SSL Insecure Content Fixer plugin. Make changes exactly according to these settings and you are done here.
ssl-insecure-content-fixer-plugin-image21375
Now go to Settings –> General and change http://yoursite to https://yoursite.
output_nzspou
Done!
Your WordPress blog or website should now run on https.
Extra Tip: If your old links with http in their URLs are not getting redirect to new https connection you just set, you can redirect all traffic from HTTP to HTTPS to all pages of your WordPress website using WP Force SSL plugin.

Published by Gaurav Tiwari

A designer by profession, a mathematician by education but a Blogger by hobby. Loves reading and writing. Just that.

7 Comments

  1. A better alternative to the ‘SSL Insecure Content Fixer’ plugin is the ‘CloudFlare Flexible SSL’ plugin which is also available in the WordPress.org plugin repository.

    Reply
  2. Good Guide. How about an article on cheap SSL choices?

    Reply
  3. Excellent guide. Very well written. 🙂

    Reply
  4. An excellent article, thanks for sharing.

    Reply
  5. It’s quite important now, we can barely see a website or blog without SSL. As Search engine too considering it as a ranking factor. And that is quite obvious as they are working really hard to increase the user experience.

    I too have installed an SSL of clouflare and results are quite good. Made an article too on the same..
    A great step by step guide Gaurav.. your blog is helping people.. 🙂

    Reply
  6. wow.. very informative. I will definitely apply these instructions.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *