Today we’re going to talk about protecting your membership site and actually protecting your public website as well.
Because I’ve seen this happen quite a lot in the last few days and weeks … What I am seeing is that people are not protecting their website and don’t have what we call an SSL certificate installed on their WordPress website.
What I’m talking about is, you know when you go to a website in the browser bar at the top, you see HTTP or HTTPS in the URL.
Basically, you really need to have HTTPS show up up there. So you need to have what we call an SSL certificate.
There are two reasons why you need it.
REASON #1 – A SECURITY FEATURE
One, because it is a security feature. It means that your data is encrypted, so if you’re going to take payments like credit card payments and sensitive information like this, you’re going to be required to have it. Otherwise, it won’t work.
REASON #2 – BECAUSE GOOGLE WANTS YOU TO
Number two, because you might have not heard, but Google is really getting on everybody’s back with this, and they’ve started to actually show in the URL the message “not secure” if you don’t have that HTTPS.
What that means is that when somebody visits your website, and whether this is a membership site or your blog or your public website, if you don’t have HTTPS at the top, it will say either an exclamation point, and if you click on it, it will say that it’s not really secure, or it will even say sometimes like “not secure.”
That is the best way to scare off your visitors, right?
Even if they are just on your public website, if they think by just browsing your site they could be in danger, they are not feeling secure. They are going to leave. And they for sure are sure not going to give you their email address.
Those are the two reasons why you want to do it.
One, because Google wants you to do it, and they have started to change their algorithm so that sites that are not HTTPS will get penalized in the search rankings, so if you have a site that’s HTTP and you’re ranking on Google and you’re counting on that for your business, then you better get on a HTTPS quickly because your rankings could go down if you don’t move to HTTPS quickly.
There are several ways to do it. One of the reasons why people don’t do it, they hear about it but they don’t do it, is because they just don’t know how.
The best way to do it is to contact your hosting and to ask them if they provide the free SSL certificate called Let’s Encrypt.
If you’re using a hosting like SiteGround, they have the one click easy install for Let’s Encrypt. You can even do it yourself. It’s super easy, and it’s instant.
If you don’t have an hosting that provides Let’s Encrypt on your cPanel, then definitely contact them, ask them what kind of certificate they have.
Some might make you pay for it, like 100 bucks a year, but find out what they have and what they can install for you.
I would not recommend that you purchase a certificate from outside and try to get it installed on your hosting unless you have a developer that knows what they are doing because it can get pretty tricky with hosting and an SSL certificate and lots of back and forth and headaches that you can really avoid with just going with what your hosting recommends. Because that’s what they know how to install, and it works with their system and stuff.
That’s the first thing to do, going to your hosting and then asking them what they provide for SSL certificates, and get that installed.
Now, once you’ve done that, you have to go back to your website and change the URL of your website.
For that, on WordPress, you go to Settings, General, and then you have two URL’s, right, for your website. You change it from HTTP:// to HTTPS://. Once you’ve done that, you’ve turned your website from HTTP to HTTPS.
Now, the thing with HTTPS is that on any page that you load, if there is just one link that is not HTTPS, then your whole page becomes not HTTPS. If on your webpage, if you have a URL that you’ve entered manually, if you have URLs in your widgets, if you had a developer that added some code in your header, things like that, scripts like “font awesome” some stuff, or some “Google fonts”, they have to go back and make sure that they changed it into HTTPS. Otherwise, the pages won’t load at HTTPS.
There are actually two plugins that you can use that can help you with that. One is called The Better Search and Replace. What that plugin does, it’s going to alert you to search the database, so it’s a plugin for WordPress, but you’re going to be able to enter HTTP:// the name of your domain. You’re going to be able to replace it with HTTPS:// . Once you do that, it’s going to replace every URLs in your database. When you do that, you’re probably going to have 90, 95% of the content that’s converted over.
After that, it really depends how much manual URL you went and put in there.
That basically will cover most of your URLs. Then you can get help from a VA or somebody on our team to check each page and then change them as you go, but the majority of your site will be HTTPS.
It’s going to make your visitor feel a lot better. Your members, if you have a membership site, feel a lot better and a lot safer entering information and sharing things with you, but it also going to make Google a lot happier because now you’re complying with them wanting to ultimately have all sites being HTTPS.