You can no longer ignore your website’s SSL implementation. Search engines like Google have been telling web administrators that it’s beyond time for them to migrate their site from plain old “http” to “https”. When this push first started, moving to https was complicated and expensive. Certificates had to be purchased and renewed, and we had to make extensive site-wide configuration updates.
Things have changed a lot since then. Now, getting an SSL certificate is easier than ever, and can also be obtained for free. Hosting companies have started promising free SSL certificates with their hosting plans, and many popular software installations come with https support enabled.
All this is a good sign, because Google is becoming increasingly serious about its SSL rules. Soon, Chrome browsers all over the world will start displaying scary warning messages for all pages that use insecure http.
Even a single link to a non-https site will be flagged as insecure and will display the warning!
As a result, it’s extremely important to know the status of your website and whether or not it’s implementing SSL properly. If not, you need to identify the problem and fix it. And this is where our SSL tool comes in.
Using the SSL tool checker on this page, you should have all the information you need to get HTTPS ready.
All you need to do is type in your website URL into the box. Just make sure you include the “http” or “https” before the URL:
Just input your URL and click “Check”. The tool will download and examine your URL and show you the SSL status. For example, with the domain webhostinghero.com, here are the results:
You get information about the certificate itself – its issuer, the expiry date, and what SSL protocols are supported. In addition, you get valuable information about external links:
In this particular case, these are the “secure calls” made to other websites. They’re secure because they all start with “https”. If you’re experiencing the dreaded “broken padlock” symbol on your website when viewing it with a Chrome browser, it could mean that your site is linking to other http resources. This tool will help you identify those resources and fix them.
Unfortunately, this is the part of SSL migration that can still get messy. Most often, you won’t be linking to external (or internal) https URLs manually. In WordPress for example, you can have a plugin that links to an https CSS file. If this is the case and if you can’t do away with the plugin, you have no choice but to manually go into the plugin code and change the URL if it links to a file on your own site.
Unfortunately, this opens up other problems like what happens when the plugin updates? Your changes might just revert back and make your site insecure again! In which you have to make the hard decision to either somehow disable updates for that plugin, or switch to another instead.
But the first step is identifying the insecure resources that your site links to, and this tool will help you do just that.
But why is this so important? Why are companies like Google making it so difficult for website administrators to switch to HTTPS? The reason is that even a single insecure element using HTTPS can compromise the security of the whole site! How is this possible?
The answer is that an SSL connection provides three different types of security:
- It ensures that the resource you’re connecting to is actually served from the server in question;
- It ensures that the content hasn’t been changed in transit (man in the middle attack);
- It ensures that no one is snooping on the content as it reaches you.
Another threat is that someone will intercept the data sent back over the insecure connection, and modify it to suit their needs. This is completely unacceptable for obvious reasons. There have been scary stories of ISPs who intercept web requests and inject their own advertisements into web pages! This is made possible only because of insecure HTTP requests.
With a misbehaving ISP who has default access to everything that passes over their network, consider that your web page visitors might be exposed to advertisements that haven’t been put there by you! Not only does it spoil your brand image, there’s the idea that someone else is profiting from your hard work and monetizing your content without your permission or knowledge!