We’ve all heard about Google & Bing clamping down on “HTTPS Everywhere”, so what does it mean?
It’s always been important to have an SSL Certificate for your website if you’re running eCommerce of any kind. For years, that was the concensus – and if you look back 5-20 years ago it wasn’t exactly a cheap exercise to secure a website (nor easy all the time!). These days though, it’s changed from being a case-by-case requirement to being more a case of “if you have a website on your domain, then it needs to be on HTTPS”.
So I need to have SSL coverage, how much is that going to cost me? Does it need renewing?
While they used to cost a tidy sum of money, these days you can get base-level coverage (DV: Domain Validated = no organisation validation performed = quick delivery times) for free via Let’s Encrypt, just like we include for free with our Hosting plans. Or you can opt for a DV SSL Certificate from a Certificate Authority who don’t offer free coverage, such as Sectigo (formerly Comodo) who’ve remained a trusted name in the space for many years. You’re looking around $50 to secure roughly equivalent coverage as from free Let’s Encrypt certificates.
I’ve done that, HTTPS works but it’s showing a broken padlock – problem?
Problem – and quite a serious one (to your Google/Bing rankings, not so much to fix – don’t worry!). This can happen when you update a website (such as one with a CMS like WordPress) to use a new URL/domain while there’s a history of posts/pages/products/etc from a time when your website ran on HTTP (insecure). Thankfully, it’s an easy fix however there are two ways of handling it – avoid the problem, or fix the root cause. We always recommend that you take the time and precautions to update your site’s data properly, to fix the cause of the broken padlock.
How do I ensure that the problems are resolved for good within my website?
(Change flow/link TBC – in KB for the time being)