OK so todays lesson is all about securing your website with HTTPS.
So what is HTTPS, well HTTPS is a secure connection between your browser and the website that you're viewing, basically what it does is it encrypts the link between your computer that you're viewing on and the actual web site that you're viewing, which stops people hacking, putting in things over the top that might intercept your credit card details et etc..
So we want to encrypt that to make it safe for the user and to also let the person know that the web site they are viewing is safe.
As I said it stops your data from being hacked or intercepted and it's really really easy process to do because basically it consist of issuing and installing an SSL certificate on your website which I'm going to show you how to do in a minute and SSL stands for secure socket layer.
So that's all it is it's just you install this certificate on the web site and we activate it and we will find that our web site is good to go and it will be secure.
So how do we know whether a site is secure or how can we tell, or what will we see when the site is secure or not. Well this is how secure web sites look in the three different browsers and you can see that in Firefox you've got a grey padlock and you'll see instead of.... most web sites will either come up with the domain name, domain.com or they will have http and then the domain name.
And if it's secure not only will you get the padlock. You will get HTTPS. If you look at Google it's exactly the same except Google the padlock will be in green and with Internet Explorer it will say HTTPS, but if you look across at the right hand side with explorer you see there's a gold padlock and that's showing you that the site, sorry not necessarily the site but the page that you are on is secure.
Now you can have HTTPS without the padlock and I'm going to go through that in a minute and explain what that is. Basically what's that saying is that the web site is secure, your connection is secure but the page might be linking to other things in that web site or off that web site that are not secure.
So you still have a secure page that can't be intercepted but some of the links might not be secure that are leading off the site. So therefore you will still have a HTTPS but you wont have the padlock. So ideally what we want is we want the padlock
So why do we really need HTTPS. Originally people thought that if it was if you have if you are a public place where you are accepting credit card details like a payment page, definitely you want that secure so it can't be hacked and people's details can't be intercepted or if there filing in personal details but if its just a product page or an about you page or just a page in general information or a blog page.
Generally before we didn't need HTTPS. One of the big things now is that Google is currently rolling it out is that if your site is not secure, now depending. If you look at the section here where we've got past depending on where you are in the world this is not updating at the moment.
Some countries in the world the past will be what is currently happening but you'll see a little a"I" for information sign and if you click that information sign it will say this site is not secure.
What Google is currently rolling out this month and it's it's happening a couple of countries but not all yet. Is that you will get what it where it says present you will get not secure and the information that they click on, the dot which will which will give more details about why the site is not secure.
What they are planning to do a little bit further down the track is that you have that big bright red thing with a warning sign saying not secure, and then the web site name. Now as I said if it's just a blog or something like that it doesn't have to be secure.
However if Google is going to be putting up a big red flashing, well not flashing but a big red warning like this saying hey, this sites not secure, for potential customers or readers of your blog or anything like that who are not tech savvy. Or really Internet savvy that understand it just means that you shouldn't give personal details like credit cards and that.
The first thing they're going to see, or the first thing there likely to think when I see that is it's a spam web site or it's a phishing web site or some sort of adodgy web site that's going to hack into your computer and cause you all sorts of grief.
So there more than likely going to see that and click straight away from your web site and not want to go to it. So that's a really really good incentive to change to a protected web site just from that alone so that people wont get scared off or all the non techie people won't get scared off visiting your Web site.
Also it is now ranking for Google. Google has announced that it does.......... It doesn't really penalise you if you're not a secure site, but it rewards you if you are. And I was reading the other day on moz.com that over 60% of the results on the first page are now HTTPS secure web sites.
Now the jury's really out on that. Is it because Google is rewarding them? Even though it counts it as a ranking factor and it helps with your SEO. Is Google rewarding them that much that they are all getting on the front page. Or is it that those pages are all just changing over to HTTPS anyway?
I can't really say because I don't have enough data to. It could be a little bit from column A. It could be a little bit from column B. But look, the general gist is that Google are counting its as part of your SEO and you don't want people being scared off by a big red bar going across the top of your a web site saying not secure.
So how can we secure the website. There's lots of different ways, you can purchase certificates and to be honest I've seen prices of certificates being absolute rort's from a few bucks to many many hundreds even thousands of dollars and their just fleecing businesses and ripping the businesses off.
So what I'm going to show you today is and I'm going to walk you through how you can do it for free. And you can have your site totally secure. Basically what we need it is a WordPress website. We can do it with any website but the instruction I'm going to give today is how to do it with a WordPress website and I'm sure those people that have been following me for a while are well aware of my leaning towards WordPress.
And if not on Wordpress I really believe you should, it is for me it is the most, not only the most user friendly but search engines love it and it's so easy to do things with and it doesn't require you to have a great deal of technical knowledge or spend thousands of dollars paying coders to write things in their own language that nobody else can decipher so that you're locked into continually paying them every time you need something done.
So we've got the Wordpress website. The WordPress website has to be protected through CloudFlare for this method to work. Not to get an SSL certificate, but just for this method to work. If you don't know how to put your Web site through the CloudFlare content delivery network go to Episode 2 of Rapid SEO Expert Live where I walk through a live demo of how to put a website through CloudFlare.
You're going to need the CloudFlare flexible SSL plugin which is free, you just download it from the Wordpress plugins. And again you're going to need the Better Search Replace plugin which I'll go through as well. And again it's a free plugin that comes from the Wordpress Depository.
So that is it for securing your site.
So what I'm going to do now is I'm going to go over to my computer. That's all we need and I'm going to give you a live walkthrough of how to do this. With the website we were working on last week and we'll get it all secured and put up for SSL.
Im just logging in the Web so just bear with me for one second. Sorry it took so and were just logging in now.
Ok now I'll share my screen and we'll have a look at how we get this going. So the first thing we do is we've got to log into our CloudFlare account and we go across to our crypto section and we've got a section here for SSL.
It says to encrypt communication to from your web site using SSL. So what we want to do and this is the flexible SSL certificate. So we want to choose flexible. If we go for full or anything like that it won't work and you'll see how I've now got an active certificate.
Now this could take a few minutes to do or maybe a little bit longer it just depends. So sometimes you have to come back and check that that's an active certificate. So if we go down a little bit further and we've got automatic HTTPS re-writes.
So basically what that will do is it will allow If anybody HTTP it will change it over and make it HTTPS. Now we just check to make sure we've got it all right and theres nothing that needs to be done there and that's pretty much all we've got to do with CloudFlare.
So now we go over to our Veteranclawback site that is one of our not for profits for the veteran community that we we're working on the other week and if we look at our installed plugins. I've already installed the plugins because if you have WordPress you already know how to install plugins so I'm not going to insult your intelligence.
And if we look here we've got the CloudFlare flexible SSL plugin. And all we do is we activate it and if we have a look now, at the moment we haven't reloaded our site so you can see we've still got this little information thing that says the connection to the site is not secure.
So what I'm going to do now is I'm going to open up my website and see what we get. Ok we're still getting a not connected. So what we do is we've got our CloudFlare done. Let's have a look at our better search and replace because that could be causing our problems but before we do that we just want to go back.
We just want to make sure that we've got everything done in there and we haven't got any problems from CloudFlare. And this always happens when you do something live that will always be something... Yes we're active through CloudFlare were good.
So what I'm going to do is I'm just going to purge the cache. So what we want to do is we just want to go to our caching and purge our cache and just make sure that everything is refreshed. So let's go in and have a look at our site again.
Ok, where still getting a not secure. So the problem we will have now is, and this happens with a lot of Wordpress sites, sometimes, it will work straight away..........
When you upload all your images et cetera, because they were already on the site they will have been uploaded as HTTP Images and not HTTPS images. So that causes a lot of problems. So that is why we got our better search and replace.
So what we're going to do is we're going to activate our better search and replace and then we're going to go into our tools, better search and replace.
So what we're going to do here is we're going to tell it to find all the links that are on our database that have HTTP on them and change them to HTTPS. Make sure you got your box checked first to ensure that this is just going to run as a test first.
When going to say search for anything with HTTP and we will do the www version first. So we type http://www.veteranclawback.com.au and I'll just copy and paste that in there and I'll just change the first part to a HTTPS.
So I said search for anything with HTTP with the www and replace it with the other one. You tell it to run and because I'm doing a dry run, I've check that box is not going to change anything but it's going to tell us what what's going on and is sometimes depending on the size of the site it can take quite a long time to get this done.
So you've got to be fairly patient. OK, it says there's nothing that needs to be replaced because we've got no www's in there. That's great.
So let's just take out the www because the main url on this site is without the www. So we will do a dry run again and it is telling us now we have to look, we've got 281 cells that need to be changed.
I'm going to run the search and replace again without the check box and when it does this it will log me out.
And its logged me out but if you look we've already got our HHTPS and a padlock up there. So bingo, everything appears to be working. So what I'm going to do for the moment and I'm just going to stop the screen share, log back in and then I will open up the screen share again. Actually we shouldn't even need to do that. We should just be to go and refresh the main page here.
And if we look we have a HTTPS here but we still have the little info icon. So this means that the website hasn't found everything.
So the easiest thing to do to find it. I've got a link missing there somewhere. When we troubleshoot it all we do is we go here. In chrome/developer/view source then your code will come up for the whole web page. And all I'm going to do is a search for HTTP://.
If we have a look..... And we're just going to go through. Basically I'm going to go through and find which particular images or look for anything that needs to be changed.
And I would say at a glance it is this image you are here. It is an image here on the site it and because this comes from profit builder Im going to copy that. So you're saying first hand how to track these images down.
And it's a blank image that is causing the in here because its deferring straight to the site, so where is that image, it's on this page somewhere.
All right what I'm going to have to do is I'm going to have to go through and search for that but if we have a look at the rest of our pages, lets see how the rest of our pages are done.
Yes, we've got no problems, we've got the green padlock on here, you can see we've got our HTTPS, were completely secure on this.
Lets at this page here. Yep we got no problems on this page here.
If we start looking at all of our posts, we've got no problems on the posts, you can see that they are all secure. Yep, we've got HTTPS here so we've got everything.
Everything is secure except for our home page. So rather than...... it's might take me a little while to search for that particular image, that image is here somewhere on the page and I'll just got find it and re upload it to our site so that it' gets a HTTPS.
So that is how we secure our web sites with HTTPS. As you can see it is fairly easy. You can have a little bit of a bug and that always happens. So a little bit of searching like I had to do but the process is really really simple and you don't have to pay thousands.
Yes some business have been charged thousands of dollars by web companies to do this and they are basically being rorted because as you've just seen you can do it yourself in a very small amount of time.
So that is securing a web site, that is all and all I have today for Rapid SEO Expert Live, I hope this training has been help. And if you have any questions or comments please reply below in the chat boxes and either myself or one of our team will reply to you as soon as possible.
So thank you for viewing today and I'll see you all again in 7 days time on Thursday at 10:30 Brisbane time, 11:30 Melbourne time if I'm still down here. Thank you.