PL
DE
UK
You turn on a site in your Chrome browser and see an “Unsecured” message next to the box that contains the address? Then you check it in Firefox and this time you find out that the connection to the site is not secure? Find out what happened and how you can fix the problem.
Unsecured site – what’s going on?
The Chrome browser began marking sites as unsecured in 2018, with the implementation of the 68th version of the software. Google wanted to encourage site owners to use an SSL certificate in this way. What it is. If your site has a properly installed certificate, the connection to the site is encrypted. This means that the transmitted data between the site and the user’s device cannot be altered or intercepted. This is an important step toward increasing the security of people using the web. Google took a long time to prepare users for the implementation of the new solutions, but, of course, not everyone took advantage of them right away. Google’s data shows that interest in encrypted connections grew dynamically even before the Chrome browser update was announced. Note that in 2016 just over 20% of Japanese sites used SSL, but in Mexico it was already close to 50%.
Source: https://transparencyreport.google.com/https/overview
And what is the situation today? Well, according to W3techs, an encrypted connection is used by more than 80% of sites worldwide.
Source: https://w3techs.com/technologies/details/ce-httpsdefault
Is it worth using SSL? Indisputably yes. It’s a ranking factor for Google’s search engine, which means it’s taken into account when determining your position in the results. On top of that, there is the issue of not being marked as unsecured. Here are other advantages of this solution:
- Positive impact on conversion – if, for example, a web store site is marked as unsecured, it is rather doubtful that it will achieve high sales. Installing a certificate will change this.
- Taking care of user security – you build a positive image in the eyes of users using the site.
- SSL is recommended by the GIODO – it doesn’t say in simple terms, but regulations require the use of cryptographic security.
Does SSL really affect the position in Google? Nowadays, it’s hard to find a site without SSL that ranks high at all. It has become the standard. Nevertheless, some time ago, when SSL was not so popular, Ahrefs published the following chart:
Source: https://www.poweredbysearch.com/blog/does-your-website-need-ssl-certificate/
Evidently, the highest positions were held by sites with security. However, don’t expect that if you enable SSL, your site will suddenly gain much higher positions. Yes, visibility may improve, but keep in mind that the certificate is now a standard and almost every website uses it. If you don’t, you are lagging behind your competitors. Therefore, in case you’re wondering whether SSL makes sense at all, move to action. It’s essential!
Unsecured site – how to solve the problem?
If the site has an SSL certificate installed, its address starts with https:// instead of http://. In case Chrome displays the message unsecured, this is not the case with you. To fix the problem, install an SSL certificate. How to replace the address and how much will it cost? In KRU you have the very popular and free Let’s Encrypt. It used to be a hassle to use, but now your task is just to install it, and the certificate will renew automatically. Wondering if free SSL is definitely a good choice? There is no need to worry. More than 300 million sites worldwide use this solution.
Source: https://letsencrypt.org/
You can also invest in a commercial certificate. In this case, the level of verification is higher. With Let’s Encrypt, all you need to do is activate SSL in the management panel of your hosting service. When it comes to commercial certificates, it looks different. Even with the lowest level of validation, namely DV (Domain Validation), you need to confirm access to the email created on the domain. All you have to do is click a link sent to that address. In OV (Organization Validation) and EV (Extended Validation), company documents are verified. This is a confirmation that the company in question actually has rights to the domain in question and is operating legally.
It’s worth choosing a paid certificate if you run a financial institution or a large store and are concerned about ensuring the greatest possible data security. If you manage a blog or news site, a free certificate will suffice.
How to install an SSL certificate in KRU?
Log in to the site management panel. Then select the “Account management” section, and then the “SSL certificates” item.
In the new window that appears to you, check the Free and automatic certificate option from Let`s Encrypt, plus the items that follow. This will also encrypt your FTP server and mail connection. Finally, click “Save” and the security is enabled. However, that’s not all.
Force a redirect to the encrypted version
In the next step you need to force the use of the version from https://. To do this, add the appropriate code to the .htaccess file. You will find this file in the root directory of the website – where index.php is saved. You can do this by using the “Manage files” option you have in the management panel. All you need to do is to find this file and use the editing option. Another way is to log in to the server via FTP, download the file, edit it on disk, and then upload it.
Check out: how to log into an FTP account with FileZilla
If you were able to find the .htaccess file, put the following code at the beginning of it:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Save the changes, or upload the file if you edit after downloading the file to disk.
Replace the URL in the database
Enabling SSL is not enough. Your site still has the addresses as they were from http:// – the earlier links remain on the site. You need to change the address to all resources – images, stylesheets, subpages of the site to start with https://. How to do it?
The vast majority of sites are based on the WordPress system, so I’ll show you how to do it – without technical knowledge – using a plugin. Install the Better Search Replace plugin. It’s popular, frequently chosen and highly rated.
After installation, you will find it in the WordPress system administration panel under the “Tools” menu.
Go to the plugin. In the Search for field, add the address of the site from http:// – the plugin will search for it, and when it finds it, it will replace it with the contents of the Replace with field, that is, the address from https://. Click one of the names visible in the Select tables, and then select CTRL+A to select all of them. Select the options you see below identically, as you see in the screenshot:
Now click “Run Search/Replace” and after a while the task will be done. Now all web addresses on the site should be in the encrypted version.
If you have a sitemap added in Google Search Console, update the addresses in it to those of https://. In case you care about your site’s visibility in Google, try to change the addresses in external links. If you have a link on a particular site that leads to a version from http://, replace it with https://. When links do not lead to the target page only redirected, they lose some of their SEO power, i.e. they have less impact on the visibility of the site in Google.