On today’s episode, we are going to talk about how to secure your site with an SSL certificate right here on Your Website Engineer Podcast episode number 321. Hello everybody, welcome back to another episode of Your Website Engineer podcast. My name is Dustin Hartzler and today we will be talking about securing your site with an SSL certificate.

Now, if you have been a long time follower and a long time listener of the Your Website Engineer podcast, you may say, Dustin, did we just talk about this? We did, all the way back on episode 304, so this is going to be kind of an episode that has similarities from episode 304.

This whole month of January we are just trying to set our websites up for success in 2017 talking about some of the things we talked about in the last couple weeks like 11 items to add to your home page, 17 things to remove from your sit, and things along those lines. So, today I think the future of websites is to have an SSL compliant website. So, we will talk about that in just a few minutes. I do have some announcements that I do want to share with you today. The first one is, Jetpack 4.5 is now been available and released.

The main ideas that are happening in Jetpack this year is that is monetizes your website, or allows you to monetize your website, a brand new video press, many more short codes, and some widgets. So, lets break those down here really quick. Jetpack ads, or what is formally known as WordAds on the wordpress.com side of things, is now a simple, one click feature that designs to help generate incomes from your WordPress site.

Jetpack ads are powered by WordAds and it is a unique program developed specifically for WordPress.com. They provide high quality ads, but after working with ten of thousands of users, they have determined the best placements to guarantee both the highest revenue, and the more reliable compatibility across most WordPress themes. WordPress ads is instantly available to all of the folks who purchased the Jetpack premium plan, and there is no approval process.

Once you purchase the plan, you activate it underneath engagement, and you will start seeing your ads on your site and you will start to see how much money you can make. The screenshot shows total earnings of $15,000.00.

If you have a website that has a lot of traffic, and I have seen these on WordPRess.com sites who have a lot of traffic, you can generate significant income by showing ads and displaying ads on your website. So, if that is something that interests you, definitely check that out in Jetpack 4.5. There is also a brand new Video Press and there is a great way to host videos on your website.

Again, this is part of the Jetpack premium plans. There is no sign up process, it just starts to work. You can just upload your contents right into your media library and the video will start playing directly inside your website. There is new short coat support and they have added 14 new short codes. The short codes now work for Spotify, individual tweets, Google docs, Bright Code videos, Geti images, Archive.org videos and books, Hulu videos, Kickstarter projects, Gravitar quizzes, site maps, Littrow Living pictures and Ustream videos.

Those are all built right in. If you have some sort of widget, and you want to pull a short code in from any of those services, you can do that. You can also add some features for widgets. For your authors, you can display authors on the front of your site. You can add blog stats and you can add milestones. So, you can have all of this information right there in a sidebar widget.

They have updated terms of service and a few other things in the change log, but one of my favorite features that they finally fixed, and it was kind of an eyesore for a while, is if you follow a WordPress.com or a Jetpack site, that has a short code that is unrecognizable by the email service provider, when the automatic emails go out, those short codes still were in there. For the longest time, when somebody subscribes to your website through Jetpack, or through the reader, and automatically gets an email notification every time that I send a message out, or every time I post a new podcast episode.

It had this unsightly that said bracket, bracket, then it had this smart cast post player with all of that short code stuff right in there. It was the top line of every email. Now, that is all fixed and they do a really good job. I read somewhere that said they are able to filter out 99 percent of anything that is inside of brackets, except for the fact if somebody wants to have the text in brackets and it is not an actual short code. That will still display in an email newsletter or blast that comes out through the Jetpack functionality.

That is a lot of good stuff inside the Jetpack 4.5. If you do have Jetpack, which I recommend every website should have, definitely update to Jetpack 4.5. Another thing in the news that I want to share with you today is that there is a brand new; I guess I am going to call it a podcast; it is a brand new video series. You can either watch video or listen to it via a podcast ap, but it is called the Java Script for WordPress show.

This is where educator Zach Gordon asked JavaScript influencers, inside the WordPress community; about how they learned Java Script deeply and what advice they have to others to do the same. You can find out more at JavaScript4wp.com/show and there is a link in the show notes for episode 321. I have not had a chance to watch it yet. It looks like the first episode, number one, is about 55 minutes in length and if that is something that is interesting to you definitely check that out, especially if you are trying to learn JavaScript deeply this year.

The last thing that I want to share with you today, and this goes right along the lines with what we are talking about on the show, but site ground now auto issue lets encrypt certificates for brand new domains. This is Site ground, a hosting platform, much like a Blue host, Go Daddy, Flywheel, or any of those, they have begun issuing and installing certificates on new accounts automatically after customers register domains, or they direct new domains to site ground servers.

This also includes ad on domains, and their certificates are auto renewed as long as the domains are pointed to the host servers. They said this had happened for more than 40 thousand certificates so far, and that is less than ten percent of the five hundred thousand domains they host. They have a plan to roll out and slowly get all of the domains and their websites on the SSL certificate. We will talk more about that in a little bit.

The last thing that I want to share with you today is a neat little plug in. This is one that I don’t know if you would ever have use for, but I just thought the application was kind of an interesting thing. This one is called Reading Progress Bar. It is a reading position indicator that you can use wherever you want, whether it is one the top or bottom, or a custom position of different templates on you posts types.

Basically, what it does is, you set the foreground color, the background color and if you want to display it under the menu or in the footer, it is basically a progress bar. As you slide the page up or down, the progress bars goes left or right and it is kind of neat. I don’t know if it would ever be useful and I don’t know if that is a plug in that people are dying to look for or use, but it is a neat plug in that has some cool functionality and I just thought that I would point that out on the show this week.

One last little bit of information that I want to share with you before we get to the main topic and this is what I am calling the Your Website Engineer Update. This is a place where I am trying to stay more accountable this year of actually implementing the things that I talk about each week on the show. Like, these are the things that need fixed, or the things we need to be working on for our WordPress website.

I am dedicating a couple hours each week to just work on my own website since it seems like forever since I have done this. In the last seven days, since I talked to you last, I have really worked on my 404 page. That is the page that comes up if you just go to Yourwebsiteengineer.com/ and then just type a bunch of letters on the keyboard. That just pops up a page that is called the 404 page. It is mainly a holding page for if you ever try to get to a link that is broken on a website. I was looking at this and just kind of playing with it, and then all of the sudden I noticed that my page was broken.

I was like; I wonder what the deal is. I generated the entire template through leap pages, but then I thought I had copied all of the html text and then put it on that page, so it would just automatically display. Well, that wasn’t necessarily the case and I had canceled my leap pages account probably six months ago, so this page has probably been broken for six months. It just didn’t work and it said that there was an error and a little message from Leap pages.

So, I said, let’s go ahead and work on this. What I ended up doing was, I found the free template on Leappages.net, a lot of their templates that are built into their system, you can download just the html, then you can use it for whatever application you want. I ended up taking this template; I reworked it so it fit the rest of my brand. I fitted in, so I still have the menu at the top, the footer at the bottom, and it kind of fits in between those two sections, which is really nice.
Then, I used the Leap pages functionality, so it’s a 404 page, but it is also a page that you can sign up for my email newsletter. So, it is kind of a catch 22, if you will. Oh, sorry you found nothing on my website, but here, sign up for our newsletter and you can get my 50 free plug in eBook. So, I worked on that and it really works well. I am really excited about how, when you click the button, the pop up menu scrolls down from the top.

It looks like a Leap page, but it is completely custom and working on my site, without the need to pay for Leap pages. Now, I am still working through the code and trying to figure out how I can make this more modular, how can I use this same block of code on multiple websites, and how can I use it and call it on different places within my own website. So, that is something that I am working on and I did notice in the last seven days, I have eight new subscribers to the email newsletter. In the past 30 days I only had 22 subscribers.

So, in the last week I have had a third of all of those that I have had in the last 30 days. I have no idea if that is because those are working now or if it is because of some other apparent reason. So, that is what I am working on and spending some time. The other thing that I am going to be held accountable for in the next week is to make sure that all of my small little sites, besides Your Website Engineer.com, is on some sort of platform that has an SSL certificate installed. So, that is what I will be working on in the next week.

Let’s go ahead and dive in and talk about these SSL certificates. Like I said, this is kind of a repeat episode of about 20 episodes ago, just talking about SSL certificates and what the process are. There are two different things that we will talk about today and two different ways to set these things up. Essentially what it is and what it does is that little green padlock that you see at the top of a website. It used to only be for eCommerce websites, or on pages that had some sort of form and you were transmitting data.

Now it is just becoming more mainstream and getting a lot less expensive. The technical ability is a lot lower and it takes a lot less effort to actually install one of these certificates. We want to just put this on all of our websites. It is just best practice now in 2017 to make sure they all have SSL certificates installed. Let’s talk about the two different ways that you can really set this up. I think it is going to vary, even in these two different ways, but let’s go ahead and dive in and take a look.
The first way is to use a lets encrypt hosting platform. There is a list in the show notes from episode 321 that has 100 different hosting platforms. I even noticed that there are a couple hosting platforms that I have even used in the past, that are not on this list. I am sure there are more than 100 of them.

Examples are like Flywheel, the my favorite hosting provider, and the host that hosts Yourwebsiteengineer.com, and then some of my other sites are on Pressible. That is another WordPress platform that hosts websites and it is fully compliant with Lets Encrypt. Basically, if you have one of these services, it is super easy to do.

I looked at a couple of these based on different accounts that I had, and some of them make it dead simples to do and others make it a little more tedious and you may have to contact their live chat or support team to get things set up. In my experience, when I have used Pressible or Flywheel, I basically go in and literally check a box and say I would like to use a Lets Encrypt SSL certificate. About 20 minutes later it is done and set up. All the redirects are set up and everything.

That is all you have to do and it is really simple. I spent some time looking at A2 hosting this morning, they are on this list that says it is fully compatible, but I could not find any easy switches or buttons. I think this would be one that you would just want to contact the support team and say, I really would like to install the Lets Encrypt SSL certificate, and then have them do it. I have never had a success myself setting up a certificate, I have always had to ask for support or write in to the support team.

I also figured that it is not something that you have to do often. You do it for your website and then you never have to do it again, so it was always in my best interest to ask somebody to do it for me. That way I did not have to learn it and it was just faster and easier for somebody else to. The first way is to go ahead and start using, or just activate, if you are already using, a Lets Encrypt hosting platform, one of those 100 plus that are out there.

Then, you can enable within the dashboard. The last thing that you want to do is go to whynopadlock.com and you can go in there from that area and go to different pages on your site. So, go to whynopadlock.com and then type in yourwebsiteengineer.com. It will tell you all of the content that isn’t encrypted or any of the content that is being served over HTTP, instead if HTTPS.

You just work through those pages and try to figure out what’s wrong. A lot of times it will be images that you have uploaded within your WordPress posts or page. Then you just kind of move around your website and go to the about page or the contact page. You can do this in a browser. If you open up a browser and you get the green padlock then you know everything is good on that page.

If not, run it through whynopadlock.com, and then from there you can kind of figure it out. It will show you where the errors are and what needs to be fixed. The other way that you can do this, if your website is not being hosted on one of these 100 hosting companies that are supported, then you will have to go and make sure that you are on a dedicated IP address, but a certificate, or use one of the license encrypted certificates.

You can set those up kind of ad hoc if you will, even if they are not supported, with one click. You can still use those in other hosting environments. Once you have that, you have to activate, you install, you get the certificate set up, and then you want to update your WP-admin to use HTTPS. You can use a plugin called WordPress HTTPSSL. Try to get one page encrypted.

That plugin allows you to set certain pages within your WordPress site to be secure. You can say you just want my store, the cart and the checkout to be secure. Or, you can say that you want the entire site to be secure. You are also going to want to go into that whynopadlock.com and try and figure out what is causing it to not be completely green. You will still see that HTTPS there in the address URL bar, but you won’t get a green padlock, especially if you are using Chrome or a browser that had different colors.

You won’t get any of that unless all of the things on the page are secure. After you figure that out you will definitely want to go in and fix any URL’s inside your website. You want to change them from HTTP to HTTPS, or you can actually just put slash slash and that will use a relative protocol very similar to using a root directory or some sort of file system where you don’t necessarily have to put HTTP://yourwebsiteengineer.com/wp/contents/theme/ you know all of those things.

If you just put a slash slash it will do the exact same thing. You can force HTTPS everywhere and I have some links in the show notes for how to do that on both apache and engine X. You just then want to keep an eye on your site to make sure no HTTP elements get on any pages.
Now, the tricky part is, and this actually came in a question via Twitter, about how to do this, and how is the best way to go throughout your site and look for HTTP non secure items. The best way to do this is to look through your database is to use a find and replace command inside my sequel. That is probably the easiest way to do this and you can do that on a database level or look at each individual table area.

Essentially you want to look for all of your posts and pages. That kind of content is going to be where you have set up HTTP non secure items and you want to replace those with the secure version. You also want to look into your theme directory, especially if you have a custom theme built and you want to make sure that there is no absolute URL’s in there. Like I said, we wanted to make sure that everything is relative.

You would never really want to hard code anything into a theme, especially if it is a premium theme, or a theme that you may use other places. You never know the WP/content folder can be renamed to anything so you don’t want to hard code that in, incase somebody is using a different set up in a different system. The main thing is to go through your site programmatically. Start at the top and go through.

I don’t know if there is really the best way, you want to check and make sure any custom menus and they don’t have hard links in there to http:// and check all of those. You want to check all of your images and things like that. Just kind of do a find and replace. It is a little bit of a tedious process. Definitely install the certificate and once it is, even if it is not 100 percent green, that is better than nothing. The main reason I think this is important for this year is because the report from Google are saying that they are ranking sites lower in search engine rankings that are not encrypted websites.

The ones that are encrypted they feel that they are a little bit more secure, and the people behind them are like full time and have a vested interest in the website. In the old days you had to spend money to get these SSL certificates, now just a little technical information and you can get those up and running. So, definitely put this on your to do list to have done in a the next couple weeks. It is not a long, tedious process. It is a little bit complicated to get set up, but definitely ask your host if you are confused in any way.

Be like I am, I still ask my host to install SSL certificates. They can do that in the time that you can answer three emails while you are on a live chat conversation. That is what I wanted to share with you today. It is important to have this done. I am going to work on it and see if I can report back you next week to have all of the websites done that I have. Install SSL certificates on your website. That is all I’ve got, we will talk again next week. Take care, Bye.