Website security is no joke. Many browsers and search engines are starting to expect HTTPS connections and will downgrade sites that don’t provide them — especially pages that handle passwords or payments.

So how do you ensure your site is compatible, safe and secure?

Here are the top five best practices for HTTPS:

1. Host with a provider that does it for you. Automattic turned on HTTPS for all its hosted WordPress clients in April 2016. Shop around and this could be the easy solution to lock up your site.

2. Get a free certificate from your web host. If you’re on Squarespace, Dreamhost or some other providers you can turn on HTTPS yourself in your site’s hosting settings. Free certificates from Let’s Encrypt make it simple and free.

3. Upgrade if you need to. Some shared servers won’t work with SSL certificates, at least not with all browsers. Find out whether your host will let you add a static IP address or if you need a dedicated virtual server.

4. Check your vendors. Making your site HTTPS won’t matter if the plugin you use for your checkout cart isn’t. Most ecommerce providers already use HTTPS, but check and make sure yours is one of them.

5. Test it out. Once you have all the certificates in place, click around on your site. Make sure that lock stays visible in your address bar no matter where you go.

It’s always worth the effort to provide an encrypted connection for your customers and it’s almost always free.

Also see:
5 best practices for switching your site to HTTPS for improved security
Google boasts HTTPS adoption numbers, gives advice to businesses making the switch
WWDC 2016: Apple to require HTTPS encryption on all iOS apps by 2017