If your website is designed to make you money and build your business, then not only should you make your checkout page and contact request page secure, but you should be make every page on your website secure with extended validation. In addition to making your site running 100% SSL, you should invest the few extra dollars a year to make your SSL certificate have Extended Validation (EV) — the green bar with your company name. Don’t just make your site accessible as SSL, force all of your non-SSL page requests to load as an SSL page. This is very easy to do through plugins or have your hosting company add a simple redirect.
Here are a few good reasons that you should spend a little bit on your website SSL Certificate:
- You want to make your visitors feel secure, so they want to become customers;
- Google and Bing will show your page in the Search Engine Results Page (SERP) as being a secure page;
- You are showing the search engines that you are taking extra steps to prevent your site from being hacked;
Will making your website 100% secure with extended validation help you in your search rankings?
Well we may never know the answer to this, but the Wall Street Journal published an article in April titled Google Weighs Boosting Encrypted Sites in Its Search Algorithm by Rolfe Winkler.
Do I need to test everything on my site again after converting to a 100% SSL site?
Making your site 100% SSL is actually quite simple. First, you need to look into your analytics program and find out how your visitors are coming to you. Most websites have at least a copy of Google Analytics installed and several websites these days are running additional analytics programs, like Clicky.com or KissMetrics.com. Go through your analytics and find the most common devices and browsers that your visitors are using to view your site.
Taking the time to test your website on mobile devices
If you haven’t looked at how many mobile devices that are viewing your website recently you will probably be surprised on how many smart phones and tablets that are visiting your website today compared to a year ago. In my testing I discovered a problem with one of my analytics programs and any Android device trying to visit a page that was SSL. The visitor would get a Certificate warning message on their Android device, regardless if it was a smart phone or tablet, before they could visit the SSL page. After discovering this issue I tested the same scenario on different sites that I knew were running 100% SSL sites with the same analytics program and discovered they had the same problem. The problem was fixed within a couple of hours after reporting it to the analytics company, but if I had not taken the time to test my site with the different devices, there’s no telling how many visitors that would’ve been lost.
Testing your website with different browsers
I’m sure all of your visitors aren’t coming to your website from one or two browsers. You probably have a mixture of visitors that are ranging from older browsers to modern smart phones. I thought this would have been the simplest test of all, because instead of your page being viewed over Port 80, it’s being viewed over Port 443 and that’s pretty much it. Well some of the older browsers, for example Internet Explorer 8, can give a Certificate warning message if your page is being viewed as an SSL page, but your SSL Certificate doesn’t have a dedicated IP and uses a shared IP address. The legacy browser Internet Explorer 8 doesn’t know how to handle the protocol that allows SSL Certificates to share IP addresses.
Why does my page URL show https, but I get a warning box that scripts have been blocked?
This can be frustrating, because you have gotten your SSL Certificate installed and you are expecting to at least see the lock symbol in your address bar giving you validation that you’ve set everything up correctly or the green bar with your company name and country code if you purchased the Extended Validation with your security certificate. Well relax, this is probably a short fix for you. Many websites these days are now using Google Fonts on their website and have placed the import command in their stylesheet to load the necessary Google Font(s), but the URL that is being referenced in your stylesheet is placing the call as http:// instead of https:// and this will cause your browser to load unsecure information which makes your page not secure, so the lock symbol and green bar, if you have EV, won’t be displayed. The main reason for this is probably at the time you developed your website, the page wasn’t a secure page, so there was no need to load Google Fonts from a secure page. If you have a WordPress site, I would look at your styles.css file in your themes directory and also in your themes customizable CSS section.
Using @import in CSS with a non-secure call
@import url('http://fonts.googleapis.com/css?family=Open+Sans');
Using @import in CSS with a secure call
@import url('https://fonts.googleapis.com/css?family=Open+Sans');
Using @import in CSS with a Protocol-relative URL call
@import url('//fonts.googleapis.com/css?family=Open+Sans');
Do you need a dedicated IP for your SSL Certificate to work?
Well no, you don’t have to have a dedicated IP for your SSL Certificate to work. Several hosting companies can offer you a SSL Certificate with a shared IP. WPEngine.com (@wpengine) in Austin, Texas is able to give it’s customers an SSL Certificate with a shared IP using Server Name Indication (SNI) protocol. The only draw back you may find with SNI is that older browsers, like Internet Explorer 8, will give a Certificate warning message when you try to access a page on the website from a shared IP. Windows XP’s Internet Explorer browser only goes up to version 8, so you can imagine there are still a lot of users out there still using this browser.
How do you purchase a SSL Certificate and do you want the green bar (Extended Validation)?
You can purchase SSL Certificates with Extended Validation from $149 to $449/year below and yes you want to get the green bar with your Security Certificate. If your website is designed to generate you online sales or leads that turn into money, then theres no excuse for not finding an SSL EV certificate that is within your budget.
- https://www.namecheap.com/security/ssl-certificates/extended-validation.aspx
- https://www.digicert.com/ev-ssl-certification.htm
- https://www.sslshopper.com/cheapest-ev-ssl-certificates.html
- https://www.godaddy.com/ssl/ssl-extended-validation.aspx
- http://www.thawte.com/ssl/extended-validation-ssl-certificates/
- https://ssl.comodo.com/ev-ssl-certificates.php
- https://www.geotrust.com/ssl/extended-validation-ssl/