Cybercrime and data theft are on the rise, with criminals targeting those who give credit card details or personal information over the internet. Most businesses have made the change to a secure website through SSL certification but errors in the SSL setup can generate browser warning popups that cab result in a loss of customer confidence. All the best products at the best prices will account for nothing if people aren’t confident that you protect their personal information when they buy. Therefore, identifying and fixing SSL certificate warnings is one way to ensure you’re not missing out on business from security-savvy consumers.
Why SSL matters
With search engines also concerned with website security, those that are HTTPS rather than HTTP will also appear higher up in the search listings in addition to avoiding warnings that could deter customers. If browser warning messages pop up, people will generally withdraw from the website even if your site is secure.
Adding Secure Socket Layer (SSL) protection to your website guarantees you have measures in place to protect private data, and your customers will thank you for it. SSL certification acts as a middleman between the browser and the hosting server. Secure sites can have the padlock icon in the address bar in front of the URL, and pages are loaded as HyperText Transfer Protocol Secure (HTTPS), which encrypts the data transfer between the visitor and the server. Yet sometimes, things go wrong when websites transfer over from HTTP to HTTPS, and the website user is hit with SSL certificate warnings.
Why it’s essential to identify and fix SSL certificate warnings
Imagine going onto a website and you get a warning of any kind. The natural reaction for most is to close the page down and go elsewhere, otherwise if you want to buy something, you have no way of knowing that your credit card details would be secure and not visible to anyone else. You will undoubtedly think twice about continuing. Also, with search engines like Google recommending and rewarding HTTPS pages, and some web browsers refusing to open non-secure content, an incorrect SSL setup can even damage the online visibility of your website. It’s becoming even more essential to ensure that search engines don’t flag your page as insecure, or if a user accesses your page directly, they aren’t met with a SSL certificate warning.
Common security warnings often occur as a result of the migration from HTTP to HTTPS or when new content or insecure links are added. Here are some of the causes:
HTTP links in CSS and JS files – arise when developers hardcode the HTTP link in the code of themes and plugins rather than an HTTPS link.
External scripts in CSS and JS files – occur when calling files from external resources that are not HTTPS enabled, leading to a mixed content warning on your site.
Hotlinked images on the page – When images are called from other sources, referred to as hotlinking, the images may have paths using HTTP hardcoded in their URL.
Mixed content is referred to as either active or passive. Active content refers to web pages loaded over a secure connection (HTTPS) that contain HTTP-loaded scripts. Passive content is the loading of images, audio and video via HTTP. You will have a conflict when any HTTP content remains on an SSL-certificated site.
How to identify mixed content errors
You can do a manual check for any assets that load over HTTP using Chrome DevTools, looking at anything the browser flags as insecure. Mixed content and non-secure issues will be displayed. If there are just a couple of items to fix, you can do so easily and quickly directly on the relevant page or post. However, you may find it easier to use an SSL check tool when there are multiple issues.
Fix all of the errors reported to avoid your site appearing untrustworthy and your customers leaving your site prematurely, thus damaging your reputation.
How to fix SSL certificate warnings in a few simple steps
1) Check the validity of your SSL certificate. Certificates have expiry dates, and while some hosting providers offer automatic SSL certification renewal, not all do. If yours doesn’t, and your certificate goes out of date, website security warnings will appear to your customers. If it’s not an expired certificate, the warnings are likely from one of the following issues.
2) Incorrectly configured integration. If the integration of the HTTPS encryption weren’t correctly configured, you would need to change the dashboard settings to reflect the change from HTTP to HTTPS for the internal URLs. Also, take this opportunity to check that you have a rule in place to redirect any direct access users of the HTTP URL to the secured HTTPS version. You can do this manually or with the help of a plugin that forces the SSL certification onto every page.
3) Perform a search and replace. This will ensure that you have updated links in your database and existing content. Again, you can use a plugin to locate and change each link from HTTP to HTTPS. For images or other media with absolute HTTP links, you may need a further step of a database search and replace query to catch them.
4) Clear the cache and recheck. Once you have made the changes, clear your cache and revisit the site to ensure no further mixed content warnings appear. Keep a regular check just in case something does creep in.
Now you know how to do it (or at least have the information to give to your web developer). Remember the importance of ensuring that your customers feel safe and protected when purchasing online.
People are now far more wary of warnings and are more aware of the significance and protection offered by the padlock and the ‘S’ at the end of HTTP. For consumers to continue to shop and interact online, they must feel secure and know that when they give any personal data or financial details, they are protected.
For more technical information HubSpot have a useful guide to Secure Socket Layer (SSL)