Note: The links in this post are affiliate links.
Do you have a WordPress blog that you’ve upgraded from unencrypted http to https encryption to get that awesome little padlock?
If so, there’s a good chance you used a plugin called Really Simple SSL to facilitate the conversion for you.
And I must say, Really Simple SSL is an absolutely awesome plugin that does an excellent job at encrypting your blog’s contents and helping you handle any mixed content issues.
Truth be told, I really like this plugin a lot. I like it so much in fact that I use it on all of my WordPress blogs (including this one).
But there’s a serious problem with using the free version of the plugin: It doesn’t add the crucial security headers to your blog that it needs to have in place to ensure that the site (and its visitors) are truly secure from hackers and scammers.
In a nutshell, there are several important security headers that can protect your blog from “Man-in-the-Middle” hacks and various other types of attacks, but unfortunately they aren’t implemented on your blog by default.
Before you do anything else, I recommend that you check the security status of your blog right now. It’ll only take a minute or two.
Just plug your blog’s URL into the two tools listed below:
1 – Visit WebPageTest.org and type your blog’s URL into the box, then click the yellow Start Test button.
The tool will run a series of tests on your blog and then give it a series of “letter grades” for the various tests.
Note: Please be patient. These tests are quite thorough and they can take a minute or longer to complete.
The very first “grade” will be for your blog’s security level. If you see anything less than an “A” you need to get your security headers in place ASAP.
2 – For a second opinion (and more detailed test results) head over to SecurityHeaders.com and type in your blog’s URL.
After the test is finished you’ll see a letter grade for your blog’s security level. Again, anything less than an “A” is a serious problem.
But here, in addition to the letter grade you’ll also see a series of results for each of the individual headers your blog needs in order to be fully secure.
Green results with a check mark confirms that that particular header is present on your blog.
A red result with an X confirms that it isn’t.
Trust me, these headers really are important, for the following four reasons:
1 – They lock down your blog’s security against the aforementioned “Man-in-the-Middle” redirect hacks.
2 – They also protect your blog against several other types of dangerous attacks.
3 – They speed up your blog by forcing the browser to load the https version of a page directly instead of trying the http version first and then redirecting to the https version.
4 – Having these security headers in place will prevent Google and the other search engines from dropping your search engine rankings when (not if) they decide to add the existence (or lack thereof) of the headers as yet another ranking signal.
As I mentioned above, these critical security headers aren’t implemented on your blog by default. Instead, you have to implement them manually by editing some of your blog’s most critical files.
But guess what? If you make a mistake while editing those files it can cripple your blog and prevent it from loading in your visitors’ browsers.
If you’re the brave, “I’ll give anything a try!” type you can certainly implement these security headers yourself by following the directions located near the bottom of this outstanding guide to WordPress security.
However, there’s a much simpler (and much safer) way to implement the headers: Upgrade your free Really Simple SSL plugin to the Pro version.
Really Simple SSL Pro makes it easy to implement these crucial security headers on your WordPress blog just by toggling a few settings.
I gladly pay the low upgrade fee for Really Simple SSL Pro and I strongly recommend that you do the same. It’s the best $29 per year you’ll ever spend if you’re serious about your blogging endeavors.
Bottom line: While the free version of the Really Simple SSL plugin does an amazing job at converting a site from unencrypted http to encrypted https status, it doesn’t add the crucial security headers that your blog needs.
However, the upgraded Pro version does. That’s why you really need to upgrade to Really Simple SSL Pro right away.
This one simple and inexpensive upgrade can help protect your blog from hackers, speed it up a bit and eventually preserve your hard-earned Google rankings.
Never miss a tip! Click here to sign up for my free Daily Tech Tips Email Newsletter!