If your business has a WordPress website, there are two tech things that you need to do as soon as possible. The first is easy to spot if you need to do it to your site, the second is a bit harder. (I know that not everyone geeks out on tech stuff as much as I do, so I am going to try and de-jargon this as much as possible.)

Update 1: The Magic Green Padlock

Take a look at the URL of your website in your browser. Does it show the little magic green padlock and the word “Secure” or the magic green SSL (secure sockets layer) padlock and the name of your company?

Congratulations! Your site has an SSL installed, and you can move onto the second update.

No Padlock?

Does you site look like this? Then, this you need to get onto this update ASAP.

What is the magic green padlock (… and what the heck is an SSL)?

The green padlock means that your website has an SSL certificate installed. It means that all communications between visitors to your website and your website are encrypted and safe and is a massive way to build trust in your website.

While SSL doesn’t stop hackers from getting into your site, it protects your visitor’s private information. An SSL is great for your site visitors because it stops man in the middle attacks, eavesdropping and tampering with your information.

You can tell if a site has an SSL installed by the green padlock and the green letters https:// before the URL.

Early adopters of the SSL security were finance and banking organisations.  Later, companies that accepted credit cards or other payments over the net moved towards installing SSL.

And then Google got involved

Google wants to make the web safer for users, so back in 2014 it started to reward websites that had SSL with a ranking boost in search returns.

This worked well, but Google now is pushing for full adoption across the web. In January 2017, it started to display a Not Secure warning in Chrome if a page required you to enter a password or credit card details.

A few months ago, Google started to actively penalise non SSL sites that allowed password fields and credit card details to be filled in by putting up full page Deceptive Site Warnings before people went to your site. Do you think this may negatively impact on your site if this happened to you?
Google is keeping up the pressure to try and get websites to move to SSL to help increase the safety of the web, and have announced that from October 2017, it will show a Not Secure warning on any page where people enter their details onto a form.

This means any page that has a contact form will attract the Not Secure warning if your site is not https.  

Chrome has also flagged that the Not Secure warning is going to become more obvious in coming months.

What does this mean for your website?

If you want a contact form on your website, and don’t want to scare people away from filling in your form, you need to upgrade your site and install an SSL ASAP.

Unfortunately, the conversion of your site to SSL is not as simple as getting a certificate installed on your host, and whacking in a plugin (no matter what people try to tell you).

The problem is every page URL, logo, image, favicon and every link on your website has been coded to your current URL: http://www.mywebsite.com.au. Adding in SSL is as if you have moved to a new address, so all your mail needs to be changed to your new address https://www.mywebsite.com.au.

Whacking in a plugin to handle the redirection is the same as putting in a mail redirection at your local post office. The mail goes to your old address, where your local postal sorting worker then remembers you have moved, gets out a sticker with your new address on it, sticks it on the envelope before putting the letter back into the mail system to be reprocessed before finally being delivered to your new address. It all takes time and has many potential breakdown points. It is much faster for your mail to simply go to your new address.

Given website speed is a critical SEO factor, you don’t want to do anything that slows down your site.

When you get an SSL certificate installed and move to https, you should have someone to recode your site to ensure every URL across your site has been updated, and your site renders correctly without any warnings or problems, before finally putting in code to ensure that anyone who follows old links will find the new ones. This means there is minimal loss of speed to your site.

You also need your Google Analytics and Search Console to be updated to minimise any problems with Google not-knowing that you have changed your address.

There is a stack of technical stuff that goes into the migration (here are a few articles if you are keen on DIY SSL https://www.keycdn.com/blog/http-to-https/ and https://yoast.com/moving-your-website-to-https-ssl-tips-tricks/ )

If you are not tech savvy, then you need to budget for a web designer to do the migration for you in the coming financial year.

If you run ads from ad networks on your site then having the right web person manage your conversion is even more critical as not every designer can handle all the quirks of different networks. Choose wisely!

We build all our new small business websites with an SSL certificate installed as standard. One less thing to worry about!

A word on SSL cost

There are different levels of SSL certificates ranging from free to a few hundred dollars per year. Each has their pros and cons. Some hosting does not allow free certificates, and some free certificates need you take specific actions every few months to keep the certificate valid.

Update 2: PHP7

Just when you thought you had enough nerdy jargon for the day, we need to talk about PHP7. WordPress websites run on the base code of PHP.

As the years have moved on, the PHP developers have fixed bugs, corrected code and worked their butts off to create a stable, fast platform for your websites to run.

The problem is, only tech heads know that you need to update the versions of PHP that your website is running on. Unless you specifically asked your web host to do something about the version of PHP your site runs on, they tended to ignore it.

Until recently, there were no warnings in the back end of your WordPress site that your hosting was running an old version of PHP. That has now changed if you use the most popular SEO plugin, Yoast. If you are running an out of date version of PHP, you will now see a warning on your website like this.

Why you need to change

If you are running on an out of date version of PHP, your site is much slower than it could be (and we already have discussed that slow is a bad thing). Your site is also more vulnerable to hack attempts, which is bad for both you and your clients, and is potentially something you need to report under the Mandatory Reporting of Data Breaches laws. There are a few ways to reduce your risk of being hacked. If you run a small business website, you need to do everything in your power to reduce the risk!

What version of PHP do you need to change to?

Ideally, you want your site to be updated to a minimum of PHP7. However, be aware that some older sites and plugins may break as their code is not compliant with modern standards. That’s why you need to only use themes and plugins that are regularly updated and maintained. (Here are 5 plugins that we recommend for all websites.)

There are workarounds for this problem, ranging from reverting to a lower version of PHP, replacing out of date plugins with modern ones or getting a whole new site built.

My colleague MaAnna from BlogAid extensively covers off how and why you need to update to PHP7

How to change

Changing your version of PHP through your site’s CPanel is quite straightforward.

If you are not confident in using the PHP switcher, then ask your host or web designer to help you.


Websites are constant works in progress. If you haven’t touched your website for a few years, and don’t have an SSL certificate installed, and don’t know what version of PHP your hosting is running, then it is probably time for a website overhaul.

Get in touch, and we will help bring your website up to modern coding standards, as well as develop a site that not only looks brilliant it delivers fantastic outcomes for you.

Ingrid Moyle

Ingrid Moyle (BA - Psych/Industrial Relations) is the Chief Web Wizard at Heart Harmony Communications. A self-confessed multipotentialite, Ingrid shamelessly blends her passions of human resources, psychology, web design and copywriting. When not hardwired to her computer, she quests for the perfect coffee while chasing virtual reality creatures across the backstreets of Brisbane.