If your website doesn’t load on a secure HTTPS connection, and you use Google Search Console, you probably received an email like this recently:
Google is really making a push towards HTTPS recently, and this is just the next step.
Here’s how these warnings will actually look in Chrome:
Eventually, Google Chrome will display a “Not secure” warning for all HTTP pages (not just in incognito mode).
What if you’re not using Google Chrome (and instead using Safari, Firefox, Opera, Internet Explorer, etc.)? It doesn’t matter, Chrome is the leading browser out there, used by roughly 60% of the visitors on your site:
Take action
Unless you (or your developer) already took care of this, you should really take some time to move your site to HTTPS.
If you’re using WordPress:
- Get a SSL certificate from your hosting provider. Depending on your hosting company, sometimes it’s free, sometimes it’s around $50/year (to protect one single website, you probably don’t need a more expensive “Wildcard SSL” unless you’re trying to protect multiple sub-domains).
- Activate your SSL certificate. Google how to configure your SSL certificate on your hosting provider, it’s usually just a few clicks (where you define what domain to use it for).
- Update your website settings to now load over HTTPS.
If using WordPress, use the Really Simple SSL plugin and you’re all done.
If using Squarespace, in your Home Menu navigate to Settings > Website > Security & SSL > Security Preference > choose the “Secure (Preferred)” option. More details here.
If you’re using PhotoShelter, you’re already taken care of. In your PhotoShelter admin area, simply navigate to Website > Security > enable the “Full Site Encryption” option. All done.
If you’re using Smugmug, get in line and join the existing (angry) users asking for this feature (see this forum thread).
Next steps
Don’t stop until you see this:
If you notice any problems (like warnings in the address bar or site functionality issues), contact your web developer to look into it.
Update your Google Analytics profile: In your Google Analytics admin, you need to update the URLs in both “View Settings” and “Property Settings” to use https instead of http.
Update your Google Search Console site address: You can’t just update your existing site address, you’ll need to add the new HTTPS property to Search Console, they are treated separately. More info in their site move help page.
And if you’re a geek, look into HSTS Preloading.
