How to Encrypt Your Website in 15 Minutes

Unless you’ve been living in a cave for the past year, you’ve NSA has been analyzing and recording as much data as they can. Google and other large technology companies have been vocal in their disapproval of the NSA and their information requests.

To combat this intrusion into online privacy, many tech companies have increased their lobbying. Their end goal is to end the practice of the NSA receiving any information they request without having to disclose it to the public. While new legislation can take months or years, Google has used their influence to effect change now.

Google knows when they say something will improve your website’s ranking, thousands of site owners will make the change immediately. So in their blog post announcing HTTPS as a ranking signal, Google took the lead to make the web more secure.  One of the questions I’ve heard from several clients already is how to encrypt a website and what it means.

What does TLS and HTTPS mean?

TLS is short for Transport Layer Security. TLS allows for an encrypted connection between a user and a server. By encrypting this connection, it keeps your web traffic secure regardless of where you are. So the guy sitting in a coffee shop trying to steal your credit card information is out of luck. If you would like to learn more about TLS, checkout this article from HowStuffWorks.

You might be wondering why you should even consider encrypting your website if you don’t process credit cards. Even if you don’t have a commerce component of your website, chances are you do have forms, email list signups, and maybe a members only section. When a visitor enters their information onto a site they’re not expecting a random person or agency to read it.

How do you encrypt a site?

Depending on your hosting provider, it can either take 15 minutes to setup or it could be impossible. Since most hosting companies support encryption now, we’ll assume you can easily complete the setup.  If your provider doesn’t support SSL, you should consider changing to one that does.

To get started, you’ll need a TLS/SSL certificate. You should be able to buy this from your hosting provider. While you may not get the best deal, buying from your hosting provider often means automatic setup. If you want to put in a little more work, you can buy from a 3rd-party certificate authority.

I prefer using Namecheap because of their $9/year Comodo PositiveSSL certificate. Plus if you buy a new domain name or transfer a domain name, you can get your first year certificate for $1.99.

After you buy your certificate, you’ll need to have it issued to you. This is what makes encrypted websites special. You’ll need to provide information about the organization/company using the website you’re encrypting. After you provide the company information, you’ll receive an email with your certificate attached.

You’ll take your certificate to your hosting provider and either upload it or copy and paste it into a form. Since every hosting provider handles the setup of encrypted websites a little differently, you may need to talk to your provider’s technical support.

That’s it! It may take up to a couple of hours for the change to happen, but your website is now setup for encryption. Now you just need to make sure visitors can see the encrypted version of your site.

If you’re using WordPress (and you should be, it’s awesome) you can change your URL to https from http by going to Settings > General. That’s it, you’re done! Your website traffic is now encrypted. This also includes your Admin Dashboard so you can login and write posts securely from anywhere now.

But what if you’re not using WordPress? If you’re not using WordPress, you’ll need to be able to edit your .htaccess file. This is in the root folder of your domain via SFTP. You can copy and paste this code, replacing example.com with your domain.

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

Keep in mind that https recognizes www.example.com and example.com as different websites so enter the one you want to use as your website’s URL.

Conclusion

Google’s change to rewarding encrypted websites is a positive step forward for the web. By encrypting your website you are able to keep your visitors’ information secure and private.

By spending 15 minutes today to setup encryption on your site, you can see your Google ranking increase in the coming months.

Do you use encryption on your website?