Eileen Burns, Florida Probate Agent, would like to get ready for the google changes with Florida real estate SSL coming down the pike and she is following plenty of communication on this subject for implementation or NOT....
Kathleen Daniels shares another rabbit hole exercise, as if we have the time for this, and do business! As with the recent posts we have both been folliwng, I commend your efforts ALBEIT driving all us to drink! Love this #Active Rain community who share important issues coming down the pike.
Outsource will be the path I follow when push comes to shove
Fair warning to all my ActiveRain friends who manage their own real estate business and/or who have WordPress sites.
Setting IDX Aside: please note this is not about IDX providers not having SSL as was addressed in this post.
I am sharing this with the AR community to hopefully save you from going deep down the rabbit hole like I recently did. This post may be complicated for some to grasp. I know it would be for me IF I had not been the one to experience and write about it. Others, my tech-geek and engineer friends (you know who you are) may smile and the simplicity of my message.
I have a WordPress site that does not have IDX. My sites are all on a VSP with my hosting company. For those who do not know, and some may not, VPS stands for Virtual Private Server.
I decided that I would make my niche site secure. Why not? There is no IDX to be concerned about and it likely won’t do any harm. In fact, it might help.
My VPS has SSL enabled on the cPanel. Great! This should be easy. The switch is already on. In fact, the https://needprobatehelp.com/ site is there when https is typed in. The default is http.
Note: That site is undergoing a major face lift … so please pardon the dust if you happen to check the site out. I am using it by was of example as that is the site I am implementing SSL.
On the surface, it appeared that all I need to do was change my WordPress General Settings from http to https.
This might be the easiest thing I have done with "technology" since ... well ... never.
Once I changed the settings the site was not getting the green secure icon showing secure. What about the "easy" button?
Well Poop. By now, my dear and loyal friend, Mr. Crappy suggests I call my hosting company for help. Bless his heart. Some days he just won't let up. I digress. But, pun intended, I really do want to let it all out here.
I call my hosting company and a support ticket is opened. As you might imagine, this is where the $h*t starts to hit the fan.
Upon first review we see: Mixed Content: The page at 'https://needprobatehelp.com/' was loaded over HTTPS, but requested an insecure image 'http://needprobatehelp.com/wp-content/uploads/2014/12/courtroom12x4-1024x384.png'. This content should also be served over HTTPS.
The list of mixed content included all photos, graphics, logos, etc. The above is just one example from the list.
No Problem. How Do We Fix It?
From what the tech support could see, "the issue is that somewhere in your scripting, the sites are told to load using http:// and this is causing the issue. I am not seeing where in the scripting this is?" Do you know who made the site so that they can take a look?"
Deeper. Deeper. Deeper into the habbit hole I go.
I make a few calls and we do not see the scripting either. We are crystal clear on what the issues are. One tool we used is WhyNotPadlock. By this time my hosting company tech support peeps were pretty much done. We do not support third party ... yadda yadda ... boo hoo hoo.
Once I get my mind made up to do something … I tend to latch on and stay with it until it is done.
I asked Mr. Google and found this very helpful article. I admit most of it is over my head in terms of implementing. WordPress SSL Settings and How to Resolve Mixed Content Warnings.
By now, several hours have passed and the mixed content with no solution in site is causing me to want a mixed cocktail.
Assuming the article is accurate, aside from the mixed content issue simply changing the General Settings in WP turns off caching. Hold on there. We want caching. That won’t work.
I had to stop at that point because my rabbit hole had hit a brick wall. That means my must start digging a new hole in another direction.
What I Now Know About WordPress and SSL
Implementing SSL on a WordPress site without IDX is NOT done with the click of a button and changing the General Settings. I say without IDX because for many of us ... that is coming soon. Much like those new listings ... we just don't know when.
With this many issues implementing SSL on a WordPress site that does not have IDX ... good grief ... I don't want to even think about what it will be like to implement SSL on my WordPress site with IDX.
Mr. Crappy continues to be my helpful guide along with Mr. Google. I found this post about css tricks and moving to https on WordPres. It is clear now that there are solutions. No easy solutions for this non-teckie person. It appears scripting code must be changed, image up-loader scripts must be changed, and every page manually checked for mixed content warnings, and fixed manually.
I won't give up on this. I am on a break from it for now however I will revisit this. I would rather not be on the Google tracks and risk a negative impact to my business. I want to get in front of this before it runs me over.
Per the Official Google Webmaster Central Blog:
"For now it's only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web."
The train has left the station. It is not a matter of IF, but WHEN Google will penalize all sites, for general security purposes. Google has sent the signal that the train will switch tracks.
There is far more to being a small business owner these days than ever before due to ever increasing technology, which can either make a business stronger, or break a business. In today's world, a business without Internet presence it is like a business on life support.
At some future time unknown, I believe, for general security purposes, Google will reward small business owners like me, and perhaps you, for having SSL on our sites. Independent of that, as a San Jose probate agent I want my clients to know that my sites are secure.