No Oracle stuff this time, but something I should have done a long time ago. Converting my very own private blog-site jobacle.nl – powered by WordPress – to SSL. When I started this blog-site, converting to SSL was a kind of a hassle, but nowadays there is a plugin that does most of the work for you, with excellent documentation with advises of pre- and post-ssl actions.
This plugin, really-simple-ssl (and no, I’m not commercial related to this site) will guide you to the ‘green slot’ in your URL. They are advertising with ‘one click’, and it’s simple indeed but that one click is a bit exaggerated…
Wy SSL? It’s safer of course, but that’s a bit vague. Three reasons actually:
- Your website looks more professional. Sounds a bit lame, but it’s all about how your site is judged by your customers / readers.
- The main reason: it encrypts information between the user’s browser and the ssl-protected website, so your traffic is not useful for an unwanted party.
- Google loves sites using SSL. In 2015 Google incorporated SSL as a ranking factor. It can give a boost in your ranking factor. In 2017, half of the page 1 results are now HTTPS, according to MOZ.
What did I do? The first steps are very straight forward, will be handled very briefly.
Get an SSL certificate.
You will have to do this action yourself. Many providers are willing to install a certificate for you, free or at a small fee.
Download and activate really-simple-ssl.
This is a standard wordpress plugin, free of charge, through the WordPress plugin-menu (search for really-simple-ssl.
Optional: download and activate really-simple-ssl-pro
This is a paid plugin, on top of the really-simple-ssl. Buy this one, download it on your laptop, and upload the plugin to your website.
Scan your website of any unwanted consequences.
This is only possible with the ‘pro’ version of the plugin. The result of my scan:
This really gives a bit confidence! I chose to ignore the two warnings/errors and clicked the button for converting to SSL. Result of that:
I will come to the advised action later. First I needed to login again, and my site is indeed running HTTPS…
To check the configuration I went to the settings of the really-simple-ssl plugin:
Not quite completely converted I noticed: mixed content not yet detected.
After purging the cache (in my case: ‘simple cache’ plugin):
That’s more like it.
Just one action to perform (besides the ignored warnings/errors): HSTS. Should I bother? HSTS is explained on the plugin-site. Chose to skip this till I know for sure my site running smoothly with https, clicked ‘cancel’ on the question when enabling HSTS:
Scanning my site on errors with the plugin:
Seems alright to me.
Change settings in Google analytics and Google webmaster tools.
And again, it’s simple following the steps through the knowledge-base of the plugin.
Google webmaster tools
First navigate to https://www.google.com/webmasters/tools/home and add the https-combinations of your website including with and without ‘www’:
Set the preferred domain :
- On the Search Console Home page, click the site you want.
- Click the gear icon, and then click Site Settings.
- In the Preferred domainsection, select the option you want.
Click the last item (in English this is ‘admin’ , in Dutch ‘beheerder’ – sorry).
Change the properties of the sites to https:
And it’s done for now! – and now investigating how to get rid of my decision of choosing the wrong permalinks when setting up this site…..
SSL plugin: https://really-simple-ssl.com/
SSL at Google ranking: https://searchengineland.com/google-starts-giving-ranking-boost-secure-httpsssl-sites-199446
MOZ – SSL Google: https://moz.com/blog/half-page-one-google-results-https
Google analytics / webmaster tools: https://really-simple-ssl.com/knowledge-base/how-to-setup-google-analytics-and-google-search-consolewebmaster-tools/