https and SSL checklist – it’s not as simple as you may hope.
I need to update my own site. I know this; AND the bulk of you need to get https:// SSL compliant on your sites. That means purchasing the proper SSL certificate for your precise domain – www vs. no www, subdomains, etc. THEN, you have to get it installed. Your site needs to update all paths to images, internal links and more to https:// vs. http://. With WordPress, there are plugins to help you with this quickly, but in the case of more complex sites, podcasts and more, it’s not that simple as a few clicks.
If you have drip campaigns that look to your site for new content before they send out to your subscribers, you’ll need to update that feed. It is no longer http://yourdomain.com/feed.rss – you have to update and test the https:// version of the same feed. That means all images need to have the full https:// path, too, or it will give the browsers and firewalls a cause for pause as you have mixed content – secure and non-secure.
How about those podcasts? If you send your content to blubrry or iTunes and the like, that feed will also need to be updated. BUT what happens to your old links you’ve shared and the links your guests have shared? Will they resolve and redirect to https:// from http:// ? You need to know this ahead of time and really think it through, or else all of your hard work at getting others to link to your content may be lost.
Social media links – profiles in social that link to your website – you’ll need to update those as well. Are any sites bringing in your images with a full path? You’ll need to either update those links, or test that they will redirect to the https:// path instead of giving a “file not found” or “404 error”.
Through this process for several clients know that when you buy an SSL certificate, and you MOVE your domain somewhere, you need a new SSL certificate. They are very specific to ensure security. It is tied to a specific domain – either with or without the www and to the domain registrar AND hosting company. It all goes together. Change one element and you will have a worthless certificate. It needs to be part of your domain move checklist. Sometimes hosting companies upgrade servers and do you a favor by moving your site to the better server. Fine and dandy, but there’s a very good chance it will affect the validity of your certificate.
Have subdomains? You know: blog.yourdomain.com, news.yourdomain.com, leads.yourdomain.com – those sites need to be ready to be compliant – images, scripts – other things feeding into those sites need to be https:// as well or you won’t get your coveted green padlock.
Do you use Google Console and Analytics? Add the new https:// property in the console AND in Analytics, make an annotation of the change you have made to your site to track any difference in traffic. Test on your phone, too. Analytics will need to know you are https:// as well. You can change it in the set up of the property.
Wondering why your site doesn’t have the green padlock? Find out here: https://www.whynopadlock.com