Adding a Security Certificate to your website

Since July 2018 having a 'Security Certificate' has become essential. This is also referred to as 'Secure Socket Layer (SSL)', the 'Green Padlock' and having your web address start with https:// (the 's' being added to mean 'secure').

What it does is encrypt the data between your device and the website, so if someone could connect to the 'pipe' between you and the website they could read if it the website was 'not secure'.

This has been driven by Google's Chrome browser starting to show 'Not Secure' warnings next to the web address in addition to the stated preference of their search engine for secure websites. Other browsers (Firefox, Safari and Edge) have also started to display these warnings, sometimes covering the entire screen or blocking a website.

Converting your website to use the security certificate will be down to your web designer to update the files on the site, though typically it's about about hour's work involving:

  1. Updating all the links on the website by updating the database which stores all the content (this is running a special search query to find/replace)
  2. Changing some settings in the system to ensure they're outputting the site at https:// (not every setting is in the database or easy to find/replace)
  3. Checking for any files which are linked using http:// instead of https:// (eg. images in the design template - this shouldn't be the case but often is with older designs)
  4. Updating Google via Google Search Console so it knows to remove the old http:// links and replace with https:// (usually this means 4 entries, http:// http://www. https:// and https://www. versions of the site, and then you set the 'primary domain' as https:// or https://www. as you prefer)
  5. Adding/amending redirects or a file called .htaccess so if any external website still links to http://www.yoursite.com they are instantly redirected to https://www.yoursite.com and that also goes for sub-pages, eg. http://www.yoursite.com/blog/ would instantly send the visitor to https://www.yoursite.com/blog
  6. Testing in different browsers after the fact that the padlock is green on all pages, sometimes a few things are missed. There can also be some issues with external services you pull in, even Google Analytics, as they are 'not secure' or 'not from the same domain'. Typically this is sorted by updating the copied code to the latest version.

The security certificate will be 'on' and work immediately once those changes are made, but if someone did go to the https:// version before the site was switched it will be a patchy experience.

While switching they wouldn't be forced to do so until the switches above were made and then we'll turn on the 'force SSL' so everyone gets the green padlock https:// experience.

Once you're done, it's a good idea to go back to anywhere you've listed your website (eg. in Social Media profiles, directories, etc) and slowly updating them as you go. It shouldn't matter too much if Step 5 is done well, but like updating your email or phone number it's worthwhile doing bit by bit.

  • Standard Hosting, Unlimited Shared Hosting, VPS
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Shared Hosting

Shared Hosting is by far the most common type of website hosting and is suitable for most...

Multiple Domains, One Website

When setting up a site it is quite common to want to get several domain names, usually to ensure...