Managed WordPress hosting frequently asked questions
Got questions about Managed WordPress Hosting by Performance Foundry? Find the answer here.Read More
HTTPS is a hot topic right now — with Chrome penalising sites that don’t have it, and Google rewarding those that do, more and more websites are making the move.
As a Managed WordPress Hosting company, our support desk receives all sorts of questions about WordPress, website tech, and the meaning of life. (Okay, that last one not so much.)
We’ve certainly received a lot of questions about HTTPS, which we’ve answered both as emails and as articles in our support Knowledge Base — which we’ve now compiled into this handy blog post.
If you have a website, we strongly recommend you upgrade it to HTTPS. If you don’t do it now, chances are you’ll want (or need) to do it in the next year or so anyway. It’s better to be ahead of the game than play catch up down the track. Check out this article on Google’s Developers page for more about why it’s so important.
HTTP stands for “Hyper Text Transfer Protocol” and is the protocol that sends data between your browser and the website you’re reading. HTTPS is “Hyper Text Transfer Protocol Secure”, and is the secure version of this protocol — instead of being sent as-is, the data is encrypted before making its journey. This is particularly important when sensitive data is being shared, such as on online shopping and bank websites.
Until recently, sites running financial transactions were the main users of HTTP; but that’s changing. Now, every respectable website should have at least the basic level of SSL certificate, which is the tool used to encrypt the data.
So, why move to https?
SSL is what makes https domains work.
SSL stands for Secure Sockets Layer. This technology creates an encrypted connection between the server hosting your website and the web browser your visitors are using. This allows private information to be transmitted securely, for example credit card details for online purchases.
You will usually see a padlock icon in your address bar if a site is using SSL, or alternatively the address bar could be green. Plus, the website address will begin with HTTPS rather than the standard HTTP (without the s on the end). If you want to use HTTPS on your website, you need an SSL certificate.
There are three different types of SSL certificates available. All three of the certificates will encrypt information, the difference is in the level of information that is verified about the owner of the website.
A Domain Validated SSL certificate is the most basic of the certificates, and is designed to prove that the owner of the URL has the right to use that domain name. The CA will send an email to the domain owner, and once the owner responds, the certificate is issued. The certificate does not show a validated company name as this will not have been checked during the validation process.
The next level of SSL certification is the Organizational Validation (OV) certificate. This is the minimum level of certification recommended for ecommerce transactions, as it contains an acceptable level of information about the company running the transaction. In this case, the CA will validate the company name and the domain name (and possibly other information related to the domain) by using public databases. The certificate will include the company name and the domain name that the certificate was issued for.
EV Certificates are the most authenticated of the three options, as more information about the company running the website is validated. The CA will validate the company name, the domain name, the company’s address (place of business), the registration entity and registration number, and any other pertinent information about the company.
Upgrading to HTTPS is a finicky process, and the forums are full of conversations of upgrades gone wrong. One of the most common issues is the loss of social share counts when an SSL certificate is installed. For example, before the upgrade perhaps your social share bar shows that an article has been shared 20 times on Facebook, 24 times on Twitter, and 16 times on Pinterest. After the upgrade, one or more of these numbers may be reset to zero.
This is because social sites see the HTTP and HTTPS versions of websites as two completely different sites.
Some social share plugins do a good job of maintaining social shares after the change. Generally, they do this by storing the shares from the HTTP version of the site in their system, then adding on the new, HTTPS shares to give a total. We’ve found that the Social Warfare premium plugin does a good job of this:
So if you have that plugin, it is very likely that your social shares won’t be affected.
If you don’t have Social Warfare, or if you have one and find that your social share counts are affected after moving to HTTPS, purchasing Social Warfare after the upgrade is an option. It can gather the shares from the HTTP URL even after the site has been moved to HTTPS.
Please be aware that these plugins rely on the social media networks making the old share counts available. If Facebook or another social media network changes their system to make it harder to access the old share counts, there’s not a lot the plugin can do about that.
We’ve been speaking to the Social Warfare developers about this, and they commented:
Right now LinkedIn and Pinterest are still 100% recoverable, but the other networks are hit or miss. Our development team is working to find a way around the API changes, but it doesn’t look good at this moment.”
This increased risk of lost social shares isn’t great. However, we still recommend you go ahead with the upgrade — it’s better to get on to HTTPS sooner, to start building new social shares on the new URL.
We have an HTTPS upgrade service that is available for our hosting clients. If you’re a hosting client who is considering moving to HTTPS (which we highly recommend), you can purchase that here. We have been seeing some great results for the sites that have signed up for this: I looked into two sites in detail and both saw an 8% increase in traffic comparing the week before the upgrade and the week after. An excellent improvement.
If you’re not a hosting client, sign up here.
Some people have asked why they would pay for this service, when some hosts offer an HTTPS upgrade for free. That’s a great question!
We initially hoped to offer the HTTPS upgrade for free for all of our hosting clients, but when we looked into what it takes to do it well, we realised that it actually takes us four to five hours when we take into account all the extra updates and troubleshooting we do. This means that the price we’re charging really is a deal — it’s a fraction of the price we would charge on an hourly rate.
We believe that HTTPS is the future of the web and want to give all our clients that competitive advantage as easily as possible, hence the low rate.
Other service providers that do the install for free are mostly offering an automated install, with no troubleshooting, no updates to Google Analytics or Google Search Console, no testing for mixed content errors or broken links. Basically they’re offering a ten-minute service in comparison with our four-hour one. We want to make sure everything’s working well, so we really do need to devote a fair bit of time to each site.
Remember, an HTTPS upgrade isn’t just for sites that take payments or record personal details — it can give even the most basic site a competitive advantage. Read more about the service, and sign up, on our HTTPS page.
Note: This article contains affiliate links.