WordPress founder, Matt Mullenweg, recently announced that the software will require all hosts to have HTTPS for certain WordPress features to function.
Don’t panic just yet. If you already have HTTPS, this shouldn’t affect you. But if you’re still using HTTP, you’ll need to upgrade soon. The good news is that the transition is not as difficult as you think it is and the benefits outweigh the assumed disadvantages.
NOTE: Realtors, make sure your IDX will comply as well “before” you purchase / activate your SSL certificate. I’ve had trouble in the past with this and found it was easier “at the time” to just nix the SSL altogether. But it looks like we’ll have to dig in!
The article goes over what the WordPress HTTPS mandate means for you as a site owner; the advantages; as well as how to upgrade to HTTPS if you haven’t already done so.
What is HTTPS?
HTTPS adds a security layer to HTTP (Hypertext Transfer Protocol). HTTPS essentially encrypts data (using SSL or TSL) that is communicated between servers and clients until it reaches the intended recipient.
This prevents cybercriminals from accessing sensitive user information and also reduces the risk of tapping and modification of sensitive data. Although HTTPS is not completely foolproof, it undoubtedly has major security advantages.
HTTPS sites can be easily identified, as they have a locked padlock icon located on the link bar in most common browsers.
Why is WordPress Pushing HTTPS?
Google Prefers It – It is no secret that greater encryption and cyber security has made the Internet a safer place for users. As usual, a Google update signaled the necessity of HTTPS for user experience, SEO and internet security. In 2014, Google suggested that enabling HTTPS on your site could result in higher search rankings. Although it still isn’t the only important factor in raising your site rankings, you shouldn’t underestimate its value. For example, if two sites are equal in all ways, but one site has HTTPS, that site would get a boost in rankings (read the comments in the original article – link is at the bottom – some don’t agree with this after testing)
In January of this year, Google released version 56 of Google Chrome. This new release brought about some changes, notably with how Google Chrome treats HTTPS vs. HTTP sites. The browser now clearly identifies sites that are not operating HTTPS on their systems. For example, a “Not Secure” message now appears on pages without HTTPS that try to collect passwords or sensitive information. You can expect that, eventually, all pages not using HTTPS will clearly be labeled as having insecure connections.
Users Prefer HTTPS Too – A secure connection can make all the difference from a user’s perspective. Users see HTTPS as a positive signal that you are taking your site security seriously, for their benefit. So, having HTTPS could mean more traffic and longer usage times on your site. HTTPS is particularly important if you are operating an e-commerce site. Simply seeing the padlock icon could make users more comfortable in entering their payment details and other personal information. Particularly with the new Chrome update (mentioned earlier) which shows a “Not Secure” label on e-commerce sites or sites that require a user login or credit card information, but don’t have HTTPS.
Both Google and user preference should be enough reason for you to upgrade your site to HTTPS. It is simply necessary to ensure watertight security for your users and to protect your online business reputation.
How to Get HTTPS
WordPress hosting partners should now provide an SSL certificate for all accounts. (It is required that they all do so as early as the first quarter of this year.) Your hosting provider may already provide a free SSL certificate, so check with them first before you make any third-party purchase. If they do not offer a free one, you could ask them if they sell third party SSL certificates. Once purchased, you can ask your provider to install the certificate for you on your server. I know BLUEHOST seems to be the best when it comes to integration, yet Matt’s list of WordPress partners doesn’t include BLUEHOST. I found it changes “everything” – I didn’t have to go onto pages where I had manual text links or images to change to https manually behind the scenes.