- Test your website if SSL is installed – visit: https://www.whynopadlock.com/
- If no SSL is installed: Check cPanel for AutoSSL, Get a free SSL, or use CertBot
- Make sure all code is using HTTPS
From July 2018, Chrome will mark all HTTP sites as “not secure”.
HTTP stands for Hypertext Transfer Protocol, while HTTPS stands for Hypertext Transfer Protocol Secure.
To get the secured HTTPS, you need to update to have an SSL certificate and a website that does not use HTTP URL calls within its code. (Don’t worry – Linking to HTTP websites is still cool).
Many of the sites Google will label as “not secure” don’t ask the user for any information. Of course, users won’t understand that. Many will take the warning seriously and hit the Back button, having no idea why they’re doing it.
Enabling HTTPS says that the visitor can be mostly confident that the site is the site that they intended to visit (and not hacked by a man in the middle attack).
Enabling HTTPS also offers a slight boost for SEO within Google Search.
How To Test Your Website If It Has HTTPS
To test your website, visit: https://www.whynopadlock.com/
Be sure you pass both tests:
- SSL Connection – Pass
- Mixed Content – Pass
If you pass both tests, then you can stop, relax and continue on with anything else you have in mind for your website (What about your website speed? Is it fast enough? Have you updated your website software recently for security updates?)
What To Do When You Get SSL Connection Errors (No Padlock)
If this test fails, you need to install an SSL certificate or get your webmaster to do it for you.
You should not need to pay for an SSL certificate anymore as there is technology that allows free and secure SSL certificates to be created. Most smart hosting companies will have Let’s Encrypt and just needs to be enabled through cPanel. cPanel should auto update the certificate every 90 days for you. Look for AutoSSL module within cPanel settings.
Other hosting companies may require an SSL certificate installed manually. Again, do not pay for an SSL certificate but get one from SSLForFree. You may need to ask your webmaster to do this for you. Though it may need to be updated every 90 days.
Update: There is also Certbot which can automatically enable HTTPS on your website with EFF’s Certbot, deploying Let’s Encrypt certificates.
Certbot is an easy-to-use automatic client that fetches and deploys SSL/TLS certificates for your webserver. Certbot was developed by EFF and others as a client for Let’s Encrypt and was previously known as “the official Let’s Encrypt client” or “the Let’s Encrypt Python client.” Certbot will also work with any other CAs that support the ACME protocol. – Certbot
What To Do When You Get Mixed Content Errors (No Green Padlock)
If you pass the SSL Connection test but have errors for this test, then it means your SSL certificate is installed but your website is not using it correctly.
If you are using WordPress, then there is a plugin that easily does it for you. Really Simple SSL plugin will fix all errors to do with your SSL. Be sure to back up your website (it will remind you) before making the change.
If you are using a different Content Management System or your website has not been updated in the last 2+ years, it might be worth looking at upgrading your website.