Security: Do I Have a Secure Website?
Let’s find out if your website has the necessary security to keep your website visitors safe!
Head over to https://www.whynopadlock.com/ and put in your website URL. Your results will look something like this screenshot and will tell you everything you need to know (Don’t worry, we will walk you through how to read it to gather the necessary information).
These are our results:
It clearly says that we have passed and give us information on who issued out the SSL certificate and when it expires.
Another way to check is to go to your website on any browser. In the address bar (the box where you type in your web address), make sure that you have https:// and not http:// at the beginning. If you see a lock icon to the left like the image below then you have a secure website.
No lock means you do not have an SSL.
How much does it cost to get an SSL? Is $300+ worth it?
There are two types of SSL/Security certificates. The first is FREE and the second ranges from $300 to $2,000+.
If your business is generating over seven figures in revenue through your website, then get the paid one in order to fine-tune the control of the certificate.
For everyone else, get the FREE one.
Both will get you security.
Both will work on every browser and device.
And both will load your website faster.
If your host doesn’t offer a free SSL certificate and only has paid options for $70-$300, then they are very likely selling you the free one and pocketing a healthy 100% margin on your money. If that’s the case, we recommend you switch hosts ASAP.
A good hosting company wants as many of the websites on their servers as possible to have SSL so they can maintain the security of the servers. Reach out if you’d like us to review your needs (gratis!). We can recommend a new hosting company or SLL based on our experience and who we encourage our clients to use.
I have a secure website, why do some of my visitor still see it as unsecure?
You may have a secure site, but not disabled the insecure version of it.
If you did the test above, you will see a section that says Force HTTPS that will give you the answer.
Another way to test this is to try to open your website in an insecure way and make sure that it switches over to the secure website. You can do this by typing your website address with http:// at the beginning. So if your website is www.abc123.com, check that http://www.abc123.com will redirect you to https://www.abc123.com automatically.
If it does not automatically switch to https:// or you are able to see your website with the http:// at the front, then you have SSL enabled but it needs to be forced. Contact your website developer or your hosting company for assistance.
Why does my website say it might be insecure if I have Security/SSL enabled?
This most often due to “Mixed Content.” This means that your website is loading securely but something on your website is not loaded in a secure way. Usually, it ends up being one or more images on your website that are loading insecurely.
If you ran the test above, you can see at the bottom there is a section on mixed content. Make sure to test with EVERY page on your website.
If this is the case, you will need to update your page and reformat the culprit image(s) in order to force them to show the secure version of the image.
There are easier methods that will force all the images to be loaded only through https. These require Plugins or assistance from your hosting company.