If you have ever seen the broken SSL notification on your site, you know this can be annoying. A couple of years ago, Google (and now all web browsers) decided that every site was required to have an SSL connection, even if it was an informational only website and people were not giving away sensitive information like cred card numbers. Without an properly installed and configured SSL certificate, your site is effectively “down” as no one will click on the advanced tab to get into your site.
SSL certificates all basically use the same technology, but vary in price from about $30 per year to several hundred dollars per year. The reason for the price differential is the amount of insurance the certificate carries, not how well the site is encrypted. Recently, a number of hosting companies have begun offering free SSL certificates using “Let’s Encrypt.” This is a great option for most small websites, as it is easy to install and doesn’t cost an arm and a leg.
Installing and configuring an SSL certificate is not the end however – you must still tell your website to serve everything over the secure connection. this does not happen by default. Plugins such as Really Simple SSL force a site to use SSL and fix mixed content (namely making sure that images are also served over SSL.
In spite of this, I still see sites that claim they are not secure. Finding out what elements on a website are not using SSL is a time consuming and challenging task, as the browser won’t tell you this information. Recently however, I have discovered a tool that will tell you exactly what elements on your page are causing the secure padlock to not display. It is called “Why No Padlock?” and I highly recommend this tool for determining what elements on your page are causing the secure icon to not display.