By the end of January 2017, Google will start issuing warnings in Chrome 56 for non-secure web pages. So if your site contains password and credit card input fields such as:
<input type="password" name="password">
…and your site is not secured with an SSL certificate, Google Chrome will label your site as Not Secure in the address bar.
To avoid this, your top-level pages must serve over HTTPS (not just HTTP). This is especially important if you have an ecommerce site that collects payment details. Payment providers like Stripe and PayPal require you to have a secure connection with SSL.
According to WordPress co-founder Matt Mullenweg in his 2016 State of the Word Address, a mere 11.5 percent of WordPress sites use HTTPS. WordPress now recommends that all sites move towards SSL.
Securing your site is super simple with WP Engine and Let’s Encrypt—it’s also free! So join the 50K WP Engine sites that got HTTPS by using free Let’s Encrypt certificates.
To install a Let’s Encrypt certificate, all you have to do is visit the User Portal. Then go to your install > SSL > Add Certificates > Get Let’s Encrypt.
Not only does HTTPS assures visitors that your site is secure, but HTTPS can also help improve SEO and site speed.
So what are you waiting for? Add SSL to your site now.
A photography and art enthusiast, in her spare time she enjoys traveling, practicing yoga, designing items for her craft store, and trying new cooking recipes. Follow her on Twitter
Useful to know! I’m trying to encourage all of my clients to go HTTPS – It’s easy with the set up you guys have 🙂 Keep up the good work!
Laurence
Thanks for the article. This is a massive feature. Love it!
Might be good to warn everyone that in addition to installing the certificates, they will probably need to update URL’s across their site (using Better Search Replace plugin, for example), and update any instances of scripts, fonts, etc. that load over http.
Cheers!
Paul
So, if I have a web site that offers only information, has no e-commerce, no forms submissions, etc., will the browsers that enforce “HTTPS only” begin to reject the site? or are they smart enough to tell the difference?
You’ll be okay for this upcoming Chrome 56 release, however you can test the upcoming Chrome changes by following the instructions here: https://developers.google.com/web/updates/2016/10/avoid-not-secure-warn
Do keep in mind thought that someday Chrome will flag all non-HTTPS sites. Although your site is safe now, it may make sense for you to get started today with SSL.
Last night I updated my SSL to Let’s Encrypt and my web site crashed. I reverted back with out Let’s Encrypt and everything is fine. I have been reading in Google forums that there is a a conflict with the free Let’s Encrypt, and the paid SSL’s.
Hi Robert – Apologies you had that experience with Let’s Encrypt. If you’re a WP Engine customer I’d recommend you contact our support team who will be able to assist with this.
This process of setting up HTTPS on your site can be quite tricky to the non technical. There are also lots of potential pitfalls that could majorly damage and active site.
If anyone is looking to have an experienced professional look after this process for them, follow this link to get a free quote (includes the certificate):
https://tyficonsulting.com/https-migration-service