It’s easier than ever before to launch a website as a non-developer. There are website builders, like Wix, Weebly, and Squarespace that have templates and are out-of-the box ready for anyone to set up. And there are other creative ways to publish essays and blogs: Notion, Substack, and even notes apps like Simplenote.
This is a huge step in access and democratization of the web. More access allows for more ideas to come to life, more connection, more expression, and more creativity. And yet, there are still a few traps to fall into without knowing how the web works.
The big ones are security, performance, URL structure, and SEO. This post is going to focus on one aspect of website security.
Website Audit Patterns
I do SEO audits on websites and recently finished doing a market research project which included reviewing hundreds of websites. I started noticing a pattern and wanted to write about it to help people avoid the traps that hold them back from having a website that is secure, performant, and will ensure they land on page one search engine results.
When I dig into sites built on website builders (like Squarespace, Wix, Weebly, etc) by non-developers there tends to be one of three issues:
SSL is not enabled (security)
URLs are not search engine friendly (for search bots or humans)
Images are large and impact page load speed (performance)
Here, I’m going to talk about how to fix the first issue: SSL is not enabled.
First, is SSL enabled on your website? How do you know?
One of the easiest ways is to look at the URL in the browser and focus on the first part where it says http:// or https://. This is the web protocol for fetching your website. If your URL has HTTP, you don’t have an SSL certificate. If your URL has HTTPS, you do have an SSL certificate and your site is using the security protocol.
✅ https://kristenwomack.substack.com/
🚫 http://kristenwomack.substack.com/
Often your browser will even have a warning that if your site isn’t secure, it will look like this:
If you see the padlock icon, you can hover over it or click on it and determine if the connection if it’s secure or not. Here are some examples:
Firefox
Safari
Chrome
Ok, but why is it important?
The TD;LR (too long; didn’t read) here is that the HTTPS protocol is far more secure than HTTP. The security, privacy, and data integrity in the transfer of data is important so that information being passed in forms and check out (personal information, login credentials, payment card information, etc) is kept secure and not intercept-able by other application and people. The certificate does this by establishing an encrypted link between a web server and web browser to ensure all data passed between the server and browser remain private.
A more detailed explanation for the more curious:
As I mentioned above in the anatomy of a URL, that the first part where you see HTTP/S is the scheme. And this defines how you get the resource (a webpage, a data set, etc.) or the HTTP protocol. The protocol HTTP stands for Hypertext Transfer Protocol. Basically this is a computer protocol for accessing distributed information on the internet.
HTTPS is an extension of the HTTP that uses Transport Layer Security (TLS) to encrypt the exchange of information and communication. TLS was formerly Secure Sockets Layer (SSL). Another way to say it is HTTP over TSL (or SSL).
To make your site HTTPS, you add a SSL Certificate (also known as an SSL Cert). It is a key that lives on a web server and is used to decrypt information encrypted by the public key.
And how does this relate to SEO?
You might be thinking: I don’t have any forms and I don’t exchange data on my site, I don’t need to worry about this. In fact, having a secure site gives your site credibility and legitimacy. When determining what websites to return in search results, search engines have a vested interest in giving credible results. The legitimacy of having your website communicate to the server over HTTPS signals trust. Google has confirmed that a secured website will have an advantage over unsecured websites in their search algorithm.
How to enable SSL on Squarespace, Wix, Weebly, and others
Most of these builders have really good documentation. You can search “Enable SSL on Squarespace” in the website builder’s support docs.
Enable SSL on Wix
https://support.wix.com/en/article/troubleshooting-your-ssl-certificate
Enable SSL on Weebly
https://www.weebly.com/blog/ssl-certificate
Enable SSL on Squarespace
https://support.squarespace.com/hc/en-us/articles/205815898-Understanding-SSL-certificates
Note: this may get more complicated if you have subdomains that are hosted off their platform. For example, if your main website is on the website builder but you have a subdomain like “blog.yourwebsite.com” then that SSL cert would need to be managed elsewhere — at the host or your DNS registrar.
Here’s to a more secure internet 🥂
Hope this is helpful in making sure your site is more secure. If you have comments or suggestions to make this article more clear, I’d love to hear from you. hello@kristenwomack.io