You’ve probably been hearing a lot about the importance of HTTP to HTTPS Migration. If you haven’t yet migrated your WordPress site to HTTPS, time is running out for you.
Recently, Google began sending emails to many people who use Google’s Search Console. These emails were informing site owners of an upcoming change that would negatively affect their websites. This warning was a reminder of a blog post Google wrote in April of 2017, in which Google said, “Beginning in October 2017, Chrome will show the ‘Not secure’ warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.”
WHAT DOES THAT MEAN?
Google already shows NOT SECURE in Chrome’s address bar for pages that require users to enter a password or credit card information. But Google is expanding that policy.
This is what the warning looks like…
Beginning October, 2018, Google’s Chrome browser will also display the NOT SECURE warning for any HTTP site that gets any type of input from a visitor – such as when a user types into a simple Search field, or a signs up for a newsletter.
In addition, all HTTP pages viewed in Incognito mode (whether or not they have any form fields on them) will show the NOT SECURE warning.
Wait! This is just the
Eventually, Google says they will show the NOT SECURE warning for ALL HTTP pages, across your entire site.
These warnings could seriously affect traffic and sales, especially as it comes right at the holiday shopping season.
I don't sell anything.
Every site will need to migrate to HTTPS at some point to avoid having the NOT SECURE warning shown to its visitors. This will affect your site, even if you don’t sell anything.
Even if you do sell items, and you’ve already implemented HTTPS on your shopping cart pages, you aren’t safe. All pages of your site should migrate to HTTPS to avoid this problem.
WHY DO I EVEN NEED HTTPS?
Your immediate need is to prevent your website visitors from leaving your site because they believe it to be insecure. But that’s just the outcome of the need, really.
- Intruders both malignant and benign exploit every unprotected resource between your websites and users.
- Many intruders look at aggregate behaviors to identify your users.
- HTTPS doesn’t just block misuse of your website. It’s also a requirement for many cutting-edge features and an enabling technology for app-like capabilities such as service workers.
The everyday-human interpretation of that is that HTTPS is a secure, encrypted connection between your site and its visitors.
It ensures that the information transferred between the visitor’s browser and your site’s web server is safe from Man In The Middle (MITM) attacks.
This is definitely not the only security your website needs. HTTPS will NOT prevent your site from being hacked. It will only prevent your users’s connection with your site from being hijacked by outside malicious users (hence the Man In The Middle nickname).
HOW DIFFICULT IS IT TO MIGRATE FROM HTTP TO HTTPS?
Migrating fully to HTTPS can sometimes be a huge challenge. Many different factors could prevent succesfully seeing the “little green lock” in the browser address bar. It can be difficult to determine why you still have mixed content warnings after moving to HTTPS.
I’ve successfully migrated many WordPress websites from HTTP to HTTPS in the past few years. I can make this process as quick and painless as possible for you.
I know you probably still have questions. I’ll answer many of them below, but if you need more information, feel free to contact me.
HOW MUCH DO YOU CHARGE TO MIGRATE A SITE FROM HTTP TO HTTPS?
Normally, the price starts at $175, which covers the most frequent type of request I receive. This would usually cover a personal or small business website with up to 20 pages. Larger, more complex sites take more time, as it’s important to check all pages of a site for mixed-content problems, and then resolve those problems.
Just seeing the coveted green lock on the home page and a handful of major pages doesn’t mean you don’t have problems on many other pages of your site. Each page’s content could suffer from a mixed-content issue that would prevent the green lock from appearing in the browser on that particular page.
For medium to large sites, the price may be upwards of $500, and for sites with many thousands of pages, I’ll need to take some extra time to determine an estimate of time and cost for such a project.
Regardless of the size or complexity of your WordPress, site, I will give a fair and reasonable estimate to ensure your site doesn’t suffer from the NOT SECURE problem that is soon to come.
The loss of income that could result from those NOT SECURE warnings scaring visitors off of your site is likely to be far greater than paying a small one-time cost to make your users feel safe and secure doing business with you.
WHAT REQUIREMENTS DO YOU HAVE FOR TAKING ON A HTTPS MIGRATION PROJECT?
1. The site must be a WordPress website (self-hosted, meaning it’s not running on wordpress.com).
2. Your web host should ideally offer a basic one-click install of the free Let’s Encrypt SSL certificate, or you should already have another type of SSL certificate configured for your domain. If your host only offers paid certificates, then I cannot begin the migration process until you’ve arranged for the payment and installation of the certificate with your host.
ARE THERE ANY SITES THAT YOU WON’T MIGRATE TO HTTPS?
Yes, there are some sites that I won’t migrate. Even if your website fits the requirements listed above, I won’t work with any websites that contains content which would make me uncomfortable to view. I have to spend hours looking at a site’s content while checking it for successful migration, so if that content would make me uncomfortable, I will be unable to work on that project.
There may also be other types of sites that I may decide is not a good fit for my services, for a variety of reasons.
For example, you may use 3rd-party technologies that require special expertise to migrate that content to HTTPS.
I’ll let you know if I think your site would be better handled by someone else.
ARE THERE ANY OCCASIONS WHEN I MIGHT NOT BE ABLE TO GET A GREEN LOCK ON ALL PAGES?
That might be a possibility, yes. Let’s take a typical example of when this might happen. Let’s say you are using 3rd-party content that you are embedding into your site through an iframe. If that other site’s content that you are embedding is not using HTTPS on their site, and you are including that HTTP content on your own site, then you are serving mixed-content. This will result in no green lock, and mixed-content warnings for that particular page. If the 3rd party cannot or will not provide you with HTTPS content, then you will only have two choices: Either live with the fact that you cannot have a green lock on that page of your site, or stop using that 3rd party’s non-secure content.
Another example of when this might happen: I’ve seen some WordPress plugins that hard-code URLs with HTTP instead of HTTPS within the plugin’s code. If this happens, I’ll do my best to make contact with the plugin’s developer to ask them to fix the problem. However, I cannot guarantee that the developer will do so. And while I can edit the code, that would only be a temporary solution. The next time the plugin updated, the bad code would simply come back. So again, you might be left with some choices in such a situation. If a plugin or theme’s developer can’t or won’t fix a non-secure HTTP problem within their code, then you may need to consider using a different plugin or theme – or just accept the fact that you won’t have a fully secure HTTPS implementation.