In this session we discuss how to identify non-secure elements on a page to get approved for a SSL & HTTPS service. We use a free web tool, www.whynopadlock.com, to help identify what needs to change. We also discuss some possibilities of why you need to use HTTPS in all the site’s pages or use HTTPS in one page only.
Rick: Fran’s got an intriguing little question. Good evening, Fran.
Fran: Hello there, Rick.
Rick: How are you doing?
Fran: Good, good. Are you a little… feeling better today?
Rick: I am, yes. Although I’ve had a very frustrating day with stuff not working properly. But nevertheless…
Fran: Well, you’d know what your… us customers out here feel.
Rick: Yeah. So you want to know about… you know, we didn’t fully necessarily understand your question so why don’t you ask it?
Fran: Okay so some of the things we did offline is I was trying to get the Main Clinic Supply, the SSL certificate and I finally got it carved away into its own domain so we could apply the SSL sticker or the certificate. So now we have it but when I was talking to GoDaddy, they say I’m not completely secure on the page. There’s some insecure content or unsecure content that’s in the page that I need to go through and make everything secure. So I have it up on my screen right now if I can show it to you.
Fran: Alright. Okay so you see I got the https showing now and the guy in GoDaddy kind of showed me you know, to get in here that we… that the certificate is applied but yeah, I still have some things that are not secure. He said just quickly looking, he saw something in the header and some other stuff. So how is the best way to kind of scrub through this and get it where it’s secure?
Rick: Okay so I want you to go to a site or open up another page, another browser window, www.whynopadlock.com.
Fran: Alright. www.whynopadlock.com like that? Okay, I suppose drop in the page there.
Rick: Put your URL in there, yeah. Theoretically, this should give you a list of those parts of your page that are not secure.
Fran: 51 items.
Fran: Yeah, I mean, some of these plugins and stufff, yeah.
Rick: Yeah so I would have assumed that they would recognize the SSL certificate or the https and resolve themselves. Show me your page again. Browse the homepage.
Rick: Okay, go to the Medical Equipment page. So why is the Medical Equipment page being served with https but not the rest of it?
Fran: Well, the GoDaddy guy…
Rick: That’s the reason why you have the problem is because your whole site is not https. And so all of WordPress’ parts you know, don’t know about the https. So it just serves the regular…
Fran: Okay now something the guy in GoDaddy told me… tell me if this is right or wrong but he says he only want to secure what you have to because search engines don’t necessarily like to index secure pages. Do you agree with any of that?
Rick: Well, I haven’t heard that. I don’t know. We can do a little bit of research but I haven’t heard that. You don’t really have… in WordPress… well, there may be a plugin. You know, there is a plugin for WordPress that…
Fran: Handles the SSL certificate?
Rick: Well, handles the https stuff.
Fran: Search engines stay away from…
Rick: So my trusty research assistant here, he’s going to go check our authority to see whether or not there’s any… to see what truths he can find out about that and I’ll come back to that before the end of the night then. The answer to the question about whether or not search engines don’t index secure pages is that’s false. A search engine will index a secure page in the same way it indexes a regular page. As long as it can access the content, it’s going to index it. So… and that’s from the authority that we use for making all of our SEO decisions, Planet Ocean. So anyway, Fran doesn’t have to worry about that.