I understand that this is a blog about Bali, but I thought it was worth giving a heads up to anyone with a business website. I received a warning the other day from Google webmaster tools saying one of my websites was not secure. If you don’t have Google webmaster tools set up on your site, I would strongly suggest installing that as you will get emails if there are any major problems on your site.

Basically Google wants people to make their websites by installing a security certificate. I will admit I am no expert in this, but you should be able to tell easily if a website has a certificate set up. First, the website address should start with: https (instead of http).

Also if you are using Firefox as your browser, you will see a padlock toward the left of the address bar, as shown below.

https website certificate

Google has said that they will be using this as a ranking factor to encourage everyone to install a certificate, so it should help with your search rankings at least until

The easiest place to get a certificate is from your website host. There are free and paid ones available. I have read a few articles about whether to use a free or paid certificate and the consensus seems that a free one is fine. Obviously if it is a large company website, spending $100 is not going to be an issue. Lets Encrypt is one such free service and is the one I used on this site.

You can check if the certificate has been installed properly by going to: Even though, you have installed the certificate, the padlock might still not be green. You may for example have used links to images on your site with http, which you need to update. This plugin for WordPress can help to update all of the links on your site in one go: but make sure you back up your database first, just in case you make a mistake.

You can check what might be causing the problem by using this site: It will show you the things which you need to fix on your site to get the nice, green lock showing up. I found it fairly accurate.

When you have everything working, you need to set up a redirect to direct people to the secure version of your site. Basically from to

The easiest way to do this is to add some lines to your .htaccess file. This is what worked for me:

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$$1 [R,L]

You can change the URL to your own. If you are using WordPress, you should also change the URL to the new https one in General -> Settings.

If you have Google analytics installed, you may want to change your site also from http to https. Please feel free to email me if you have any questions about changing this or leaving a comment below.