Security: Do I have a Secure Website?
Let’s find out if your website has the necessary security to keep your website visitors safe!
Head over to https://www.whynopadlock.com/ and put in your website url. Your results will look something like this screenshot and will tell you everything you need to know (do not worry, we will walk you through how to read it to gather the necessary information).
These are our results:
It clearly says that we have passed and give us information on who issued out SSL certificate and when it expires.
Another way to check is to go to your website on any browser. In the address bar (the box where you type in your web address), make sure that you have https:// and not http:// at the beginning. If you see a lock icon to the left like the image below then you have a secure website.
No lock means you do not have an SSL, in which case, keep reading!
How much does it cost to get an SSL? is $300+ worth it?
There are two types of SSL/Security certificates. The first is FREE and the second starts at $300 and can go up to more than 2K.
If your business is generating over 7 figures in revenue through your website, then get the paid one in order to fine-tune the control of the certificate.
For everyone else get the FREE one.
Both will get you security. Both will work on every browser and device. And both will load your website faster.
If your host doesn’t offer a free SSL certificate and only has paid options for $70-$300, then they are very likely selling you the free one and pocketing a healthy 100% margin on your money. If that’s the case, we recommend you switch hosts ASAP.
A good hosting company wants as many of the websites on their servers as possible to have SSL. This way they can maintain the security of the overall servers. Reach out if you’d like us to review your needs (gratis). We can recommend a new hosting company or SLL based on our experience and who we encourage our clients to use.
Some of you might have a secure site but have not disabled the insecure version of it.
If you did the test above, you will see a section that says Force HTTPS that will give you the answer. Otherwise another way to test this is to try to open your website in an insecure way and make sure that it switches over to the secure website. You can do this by typing your website address with http:// at the beginning. So if your website is www.abc123.com, check that http://www.abc123.com will redirect you to https://www.abc123.com automatically.
If your website does not force HTTPS and/or you are able to see your website at http:// and it stay at http:// then you have SSL enabled but it needs to be forced. Contact your website developer or your hosting company for assistance.
Why does my website say it might be insecure if i have Security/SSL enabled?
This most often due to “Mixed Content”. This means that your website is loading securely but that it uses items that are not loaded in a secure way. Usually it means that one or more of the images on your website is being loaded insecurely.
If you ran the test above, you can see at the bottom there is a section on mixed content. Make sure to test with EVERY page on your website.
In this case, you will need to update your page to reformat the culprit image(s) to be forced to show the secure version of the image using https and not http.
There are easier methods that will force all the images to be loaded only through https, they require Plugins or assistance from your hosting company.
If you have any questions about this, please do not hesitate to reach out! We are open books when it comes to website security and look forwards to helping you out.
Want someone to take care of this for you?
Website security matters, which is why the Venture Creative Collective team includes free SSL set-up and monitoring as a bonus for yearly subscribers to our Improve or Educate level Website Security, Backups, and Optimization packages.