Ever since Google announced that an SSL certificate will help you rank better on Google, businesses have gradually been changing their websites over from the non-secure format of http://www….. to the more secure format of https://www….
It can be quite a lot of work, and, at the end of the day, some websites are still being displayed as unsecured. In this article, I will explain why your site isn’t secure even with an SSL certificate!
First. You need to check the security of your website. Are visitors being told your site is not secure?
How to check the security of your website
Type your home page URL in your browser.
Now, look at what the browser bar is displaying to the left of your URL. It will say secure or it may display an exclamation mark.
Here is how my site looked when I moved it from non-SSL to SSL.
Do you see the exclamation mark? Now, when you hover on the exclamation mark you will see a message similar to the one below.
That’s not the message you want your visitors (and potential customers to see) to see, is it? Security breaches are very common today and a message like this will put people off from hanging around on your site. Wouldn’t you be put off?
The https:// alone isn’t good enough to show people your site is secure. You need to get rid of the exclamation mark.
What does the exclamation mark mean when assessing the security of your site?
It means you have mixed content, some that content that is secure and unfortunately, some content that is not.
This happens when you add an SSL certificate to a site that has already been developed and there are links to images and other elements on your website. If the link doesn’t have https at the start then it is classed as insecure content.
How can you identify your insecure content?
There is an online tool here https://www.whynopadlock.com/check.php Go to this tool and enter your website. It will tell you if there is anything on that page that is not secure and that will trigger the dreaded exclamation mark.
Here are the results of my check.
I had three images that were being loaded through the old, non-secure http version of my site.
How to fix old, non-secure URL paths that give security warnings
The simplest method is to find and replace all references to the http links I have on my site. Depending on your website platform this can be technical or not. I have a WordPress site so I can easily get a plugin that can do a search and replace in my database for me.
The plugin I used was https://en-gb.wordpress.org/plugins/better-search-replace/ . I simply searched for my old URL and replaced it with my new secure URL.
Always remember to back up your database before making changes!
Once the changes were made, I put my website through the WhyNoPadlock checker again and got some fantastic results.
AND… the exclamation warning had disappeared.
If you would like help securing your website, get in touch with me today.