We have been working with WP Engine to provide our clients with reliable and secure hosting with 99.9% uptime for the past several years. Their technical offerings paired with amazing client support have made them an invaluable partner for GNGF. We count on them to keep us abreast of the latest in cyber security and technology. We’re excited to provide you a security update straight from the source.
By Duke McCoy, Customer Experience Operations with WP Engine
Securing your law firm WordPress site is imperative. It builds client and prospect confidence and trust, and can improve your site’s search rankings. One component to help keep your site locked down is SSL (secure sockets layer). Let’s look at what SSL is, why you should consider it for your site, the SEO implications, what is involved when installing an SSL, and what SSL options GNGF and WP Engine provide.
What is SSL?
SSL stands for Secure Sockets Layer. It’s a technology that encrypts all the information sent to and from your site; meaning private data your visitors share with your site stays private. How do I know if a site is secured by SSL? It’s simple. If the web address starts with HTTPS as opposed to HTTP, then that site is protected by SSL (that “s” stands for security). There’s also a nifty little lock icon next to the URL that indicates a site is protected. If you use Chrome, the lock icon is green and looks like this (a grey lock indicates that a site has mixed content, meaning some pages are protected by SSL):
Why should I consider SSL?
SSL ensures that hackers cannot see or intercept the data your users share on your site. Essentially, it creates a secure tunnel between the browser and the web server. It also verifies that your site is who it claims to be, and it’s not an imposter. So, if you’re buying something from Amazon.com an SSL certificate verifies that you’re actually sharing your data with Amazon.com, not some bogus site that’s going to steal your info.
Should I have SSL on my site?
If you have an e-commerce site (for example, you utilize LawPay or another legal online payment system) or any site where you collect sensitive data, like credit card or financial information, usernames and passwords, it’s strongly recommended that you have an SSL certificate to validate your site’s identity and encrypt all information sent to and from your site.
What does SSL have to do with SEO?
Having SSL protection on your site may soon positively impact your site’s Google search rankings, as Google is going to begin penalizing sites lacking an SSL certificate or with a certificate that is improperly set up.
When setting it up, it’s important to ensure all elements of your site use HTTPS. That includes widgets, JavaScript, CSS, files, images, and your content delivery network (CDN). Also, you must use 301 redirects to point all of your existing HTTP URLs to HTTPS (which is done automatically if you secure URLs via the settings in the WP Engine user portal).
How do you install an SSL?
Most certificates require a set of encoded text files that are unique to the domain(s) that the SSL is configured for. These files are mostly visible publicly. But not to worry, there is a Private Key file that goes with these files to complete the tunnel between the user and your site. The Private key is exactly that, private.
To generate all of these SSL parts, you’ll need to create a CSR (Certificate Signing Request) form. This creates the Private Key that gets stored on the hosting server. You then take the CSR to your SSL provider and have them generate the encoded files we talked about to match the Private Key. This process can take some time and involves some back and forth steps.
From there, the encoded files are installed on the server with the matching Private Key to complete the SSL installation process.
GNGF works with WP Engine to provide the following SSL option:
- RapidSSL is an automated certificate authority that sells domain-validated standard certificates and domain-validated wildcard certificates. We recommend RapidSSL if you like the convenience of their wildcard certificates (for either hundreds of subdomains or for WordPress Multisite).
- Standard certificates — Cover the naked domain and the www subdomain (e.g., foo.com and www.foo.com).
- Wildcard certificates — Cover the naked domain and all subdomains (e.g., foo.com and *.foo.com).
These options are easy to install and manage when you rely on WP Engine to take care of it for you. We want to make sure that your site is always secure and give you and your users the peace of mind you need.
Do you have questions about whether or not you should switch from HTTP to HTTPS? Contact your Strategic Account Manager at GNGF.