This is an important announcement that will affect your website so please read to the end.
Starting in Jan 2017 Google Chrome and Apple are requiring that all websites have https and not just http. If you do not have the https (SSL certificate) they are going to flag your site with an orange triangle that says “untrusted” when hovered over. (For the record, Firefox is already doing this.) So all your website visitors will see that your site is not secure, undermining the trust you are trying to build with them.
The reason they are doing this is to stop hackers. With http, every time you log into your website your username and password can be seen by people who know how to do that sort of thing (people like hackers). And if you have a membership site or any site where people use a username and password, their info is out there for the world to see, too, increasing your chances of being hacked. So Google is forcing us to secure our websites. It’s a good thing, actually.
I’ve been doing some research into this process. The toughness of setting it up depends on who you are hosting with.
Basically you (or I) need to install a program (script) called Let’s Encrypt on your server. Let’s Encrypt gives you a free SSL certificate. It’s the industry standard right now and completely trustworthy, which means you do not need to purchase an SSL certificate from your host – which saves you a hefty yearly fee.
Next, we install a plugin on your website which will go into your database and other private areas and change all the http to https. The plugin is Really Simple SSL which offers a free version and also a premium version. If you have people other than yourself and your team logging into your site, such as a membership site, then you may want to go with the paid version (a very inexpensive one-time fee) to heighten your level of security.
Lastly we need to make sure all your images on your site say https://yoursite.com/imagename and not http://. This includes the images that make up the design of your site as well as images you’ve added such as in a blog post. Even one image without the https will trip the “untrusted” triangle for that page.
Some hosting companies have already adopted Let’s Encrypt so to activate it we check a button within your cpanel. Other hosts haven’t so we would need to install the script. Some hosting companies are still looking into this. They have to make sure this third party script is compatible with what they use so they are rightfully being cautious (they just need to be quicker about it, lol).
I gave you the instructions above but if you need help with this, you know you can contact me for help here.