1
00:00:00,680 --> 00:00:05,570
In this video you'll learn about the advantages and benefits of serving a Web site to visitors through

2
00:00:05,570 --> 00:00:10,570
a secure connection using HDTV apps and SSL certificates.

3
00:00:10,790 --> 00:00:14,530
You'll be setting up a secure web site using free tools within your site.

4
00:00:14,530 --> 00:00:20,180
Ground student hosting account e-commerce sites aren't the only websites that should be encrypted while

5
00:00:20,180 --> 00:00:22,860
communicating with visitors through the browser.

6
00:00:22,970 --> 00:00:29,060
These days there's no reason why every Web site shouldn't be delivered over the HTP s secure protocol

7
00:00:29,510 --> 00:00:32,190
by adding the secure sockets layer to your web sites.

8
00:00:32,300 --> 00:00:34,750
Your sites will build trust with web site visitors.

9
00:00:34,850 --> 00:00:41,360
Speed up loading secure any data sent in contact form sign ups and e-commerce fields and get a nice

10
00:00:41,360 --> 00:00:46,030
advantage with the search engines offering this as part of your business is a no brainer.

11
00:00:46,100 --> 00:00:48,700
When there's a free solution that's easy to use.

12
00:00:48,740 --> 00:00:49,610
Let's check it out.

13
00:00:50,750 --> 00:00:54,270
First let's learn about HTP versus HTP.

14
00:00:54,290 --> 00:00:58,180
S for a few minutes before we start setting up our secure Web site.

15
00:00:58,520 --> 00:01:04,440
Here's an interesting page at HTP versus h TTP s dot com.

16
00:01:04,460 --> 00:01:09,470
It illustrates what I think is one of the most important benefits to switching to a secure connection

17
00:01:09,470 --> 00:01:11,010
for delivering Web sites.

18
00:01:11,150 --> 00:01:15,030
Which is it makes your website load so much faster.

19
00:01:15,080 --> 00:01:22,070
This interesting web page shows that on its secure page where it's got the green padlock symbol over

20
00:01:22,070 --> 00:01:28,940
here and you can open up and get some information that the domain that it's using has been verified

21
00:01:28,940 --> 00:01:36,740
by a third party and any data going back and forth between the server and the user was encrypted before

22
00:01:36,740 --> 00:01:39,510
being transmitted over the Internet.

23
00:01:39,560 --> 00:01:46,670
So not only does this build trust with your web site visitors but it also enables a Web site to use

24
00:01:46,820 --> 00:01:56,720
what's called the H TTP to protocol instead of HTP 1.1 which was last updated in 1999.

25
00:01:56,720 --> 00:02:06,830
All modern browsers allow for HTP to to be used but using the secure h TTP S is a requirement.

26
00:02:06,830 --> 00:02:16,640
This little web site page shows us how h t t p s and HDTV too can be so much faster than HTP itself

27
00:02:16,670 --> 00:02:19,310
which is also unsecure.

28
00:02:19,310 --> 00:02:26,090
So if you start out by just clicking HTP here or opening up the page fresh your browser will record

29
00:02:26,090 --> 00:02:33,230
how long it takes to load all of the data from this web page and it says it took eight and a half seconds.

30
00:02:33,230 --> 00:02:41,220
Now if I just click HTP s we can see that this loads in 1.7 seconds.

31
00:02:41,240 --> 00:02:42,960
Now you may not have noticed.

32
00:02:42,980 --> 00:02:48,890
But back in the web site that is live on the internet that I've been working on in this course is that

33
00:02:48,890 --> 00:02:51,190
Greg Davis dot com slash MailChimp.

34
00:02:51,260 --> 00:02:57,500
It's where we built the newcomers store and the MailChimp integrations but at Greg Davis dot com I have

35
00:02:57,500 --> 00:03:00,580
an H T T P S protocol here.

36
00:03:00,620 --> 00:03:07,700
The green padlock shows and you can see that Greg Dave is dumb as a domain name has been verified by

37
00:03:07,700 --> 00:03:09,990
a third party called Let's encrypt.

38
00:03:10,130 --> 00:03:16,550
And if I had more information you can see that all the data has been encrypted before being transmitted.

39
00:03:16,820 --> 00:03:22,580
So anyone viewing my connection say if I was in a coffee shop or anything like that I cannot see any

40
00:03:22,580 --> 00:03:28,490
of the information traveling back and forth in both directions between the server and the user with

41
00:03:28,490 --> 00:03:31,320
their browser open.

42
00:03:31,370 --> 00:03:39,470
You can see if I scroll back to the original Gray Davis com WP admin options page here.

43
00:03:39,470 --> 00:03:47,240
My settings generally shows that I'm using the Wordpress address with the h t t p s and the site address

44
00:03:47,270 --> 00:03:54,800
as the same HTP as to force the website to open using that secure protocol.

45
00:03:54,800 --> 00:04:01,610
Once I have a certificate installed and verified at the server I can also make one more add it to a

46
00:04:01,730 --> 00:04:04,970
hidden H.T. access file at the server.

47
00:04:04,970 --> 00:04:13,650
Adding a few lines so that if anyone goes to any page of my website without typing h t t p s.

48
00:04:13,760 --> 00:04:21,560
If I type HTP colon slash last Greg Davis dot com when I open that web page the browser goes directly

49
00:04:21,560 --> 00:04:27,310
to the secure version and doesn't allow the insecure version to be opened.

50
00:04:27,430 --> 00:04:34,870
Let's encrypt is a new certificate authority that can verify the domain and the ownership and organization

51
00:04:34,990 --> 00:04:43,690
behind your web site and allow you to use the HTP protocol for free though it gets pretty complicated

52
00:04:43,690 --> 00:04:45,130
pretty fast.

53
00:04:45,130 --> 00:04:52,570
Luckily a lot of the best Web site hosts are now implementing a clickable utility inside the C panel

54
00:04:52,570 --> 00:05:00,280
or inside of their server areas that allows you to set up a let's encrypt HTP as certificate quickly

55
00:05:00,310 --> 00:05:01,750
and easily.

56
00:05:01,870 --> 00:05:07,700
So what other reasons are there for using this security TTP as connection for serving your Web site

57
00:05:07,690 --> 00:05:08,800
to visitors.

58
00:05:08,800 --> 00:05:15,910
Well another big reason is that in the last couple of years Google has made HTP as a ranking signal

59
00:05:16,000 --> 00:05:22,420
meaning that they are going to look at secure web sites and give them higher rankings than web sites

60
00:05:22,420 --> 00:05:25,330
that aren't delivered securely.

61
00:05:25,330 --> 00:05:33,460
Google also rewards the speed of loading of a Web site too with higher rankings and if you read some

62
00:05:33,460 --> 00:05:39,430
of the articles on the Internet you can find that there are some more obvious reasons to use secure

63
00:05:39,620 --> 00:05:44,110
TTP as the most obvious one is if your site's an e-commerce site.

64
00:05:44,230 --> 00:05:50,650
If you are asking your visitors to put any sensitive or private information into a form and send it

65
00:05:50,680 --> 00:05:57,460
to the web server you need to be using SSL to encrypt that information as it goes across the Internet

66
00:05:57,460 --> 00:05:58,810
lines.

67
00:05:58,870 --> 00:06:06,070
If you use a third party payment processor you can get away with sending your visitors to a secure page

68
00:06:06,130 --> 00:06:12,040
away from your web site such as PayPal and then having them put in their payment information there and

69
00:06:12,040 --> 00:06:15,540
then being sent back to your non-secure site.

70
00:06:15,640 --> 00:06:16,520
But why not.

71
00:06:16,600 --> 00:06:21,570
If it's going to be faster it is going to get better page rankings with Google and other search engines.

72
00:06:21,580 --> 00:06:28,450
Why not use HDTV for your entire website regardless of whether you're taking payments directly or not.

73
00:06:28,450 --> 00:06:29,950
Do you have a log in form.

74
00:06:29,950 --> 00:06:36,700
Well of course we as Wordpress users all have log in forms to log into our WordPress dashboards and

75
00:06:36,940 --> 00:06:42,490
somebody who is hacking and looking at the traffic of your Web site say at a coffee shop with a public

76
00:06:42,490 --> 00:06:48,520
Wi-Fi connection would be able to see or log in and your password and potentially do something bad with

77
00:06:48,520 --> 00:06:49,020
it.

78
00:06:49,030 --> 00:06:54,880
And finally if you have any kind of form on your website when you ask users to fill out a contact form

79
00:06:55,120 --> 00:07:00,820
or a log in form if they're becoming members of a Web site you'll want to encrypt that information like

80
00:07:00,820 --> 00:07:06,520
their usernames passwords or any information they might be sending to the Web site's server so that

81
00:07:06,520 --> 00:07:09,910
it's secure and can't be read while it's on its way.

82
00:07:09,910 --> 00:07:15,820
Now that I've convinced you of the need to make all your web sites SSL supported and secure at h t t

83
00:07:15,830 --> 00:07:17,060
p s.

84
00:07:17,080 --> 00:07:21,360
Let's just quickly look at the different types of SSL certificates.

85
00:07:21,640 --> 00:07:27,220
There's three different types and the one you often see with the name of the business in green in the

86
00:07:27,220 --> 00:07:34,290
address bar is the most expensive and is the extended validation SSL certificate.

87
00:07:34,570 --> 00:07:41,640
The certificate authority that's providing the certificate here does a thorough vetting of the organization

88
00:07:41,890 --> 00:07:49,260
and it's the only type of SSL certificate that puts the name of the business in the address bar the

89
00:07:49,260 --> 00:07:56,030
second level is an organization validation which really looks the same as the third domain validation.

90
00:07:56,190 --> 00:08:00,520
But it doesn't have the name up here but it does have the green padlock.

91
00:08:00,630 --> 00:08:06,290
All three of these send data over the Internet in a secure and encrypted fashion.

92
00:08:06,360 --> 00:08:12,420
But the organization validation is a little less expensive and there's certificate authority conducts

93
00:08:12,510 --> 00:08:15,240
some vetting of the organization.

94
00:08:15,240 --> 00:08:21,960
The most versatile and the least expensive is the domain validation SSL certificate where the certificate

95
00:08:21,960 --> 00:08:26,820
authority checks the right of the applicant to use a specific domain name.

96
00:08:26,850 --> 00:08:32,530
There's no company or identity information that is vetted and certified.

97
00:08:32,700 --> 00:08:40,140
But it goes all the way down to zero dollars to get a domain validation SSL certificate.

98
00:08:40,140 --> 00:08:45,950
Now if you go to a number of different certificate authorities go daddy is one.

99
00:08:46,050 --> 00:08:51,720
If you look at the certificate types here the standard one which has a domain validation they actually

100
00:08:51,720 --> 00:08:55,180
charge almost $70 a year to do that.

101
00:08:55,500 --> 00:09:02,430
And the ii-V or the extended validation costs two hundred dollars a year and a lot of the big certificate

102
00:09:02,430 --> 00:09:10,230
issuers are still in this old paradigm of charging some amount under $100 per year for a domain verification

103
00:09:10,920 --> 00:09:18,810
and then charging about $200 a year for the extended validation rapid SSL is another recommended one

104
00:09:18,960 --> 00:09:23,570
from G.O. trust their domain is $69.

105
00:09:23,880 --> 00:09:30,660
And if you go down and open up you know they're G.O. trust extended validation.

106
00:09:30,850 --> 00:09:37,710
You're looking at $300 a year for that flywheel being a managed WordPress host.

107
00:09:37,780 --> 00:09:44,560
Once they get in there and help you manage and set up your security certificates personally it's a great

108
00:09:44,560 --> 00:09:50,650
service and for building a client web site for an e-commerce store that was going to take credit cards

109
00:09:50,650 --> 00:09:54,170
or someone that needed an extended validation certificate.

110
00:09:54,310 --> 00:09:58,560
I would set up their site at flywheel where they would be able to manage my certificate.

111
00:09:58,620 --> 00:10:03,490
It's renewals and it's set up in the back end for me.

112
00:10:03,490 --> 00:10:08,870
There was a couple of security help articles at flywheel and they give you a couple of steps.

113
00:10:08,920 --> 00:10:17,230
They do charge you $10 a month to manage your SSL certificate on your host but it's worth doing if you're

114
00:10:17,230 --> 00:10:23,740
buying an extended validation certificate so you purchase the SSL add on from fly wheel for $10 a month

115
00:10:23,740 --> 00:10:31,540
per website and then once you buy your SSL certificate from Go Daddy or another provider you will get

116
00:10:31,540 --> 00:10:38,460
a zip file that you need to send to flywheel and then they'll set up your Web site posting under HTP

117
00:10:38,490 --> 00:10:45,570
s they don't offer SSL certificates themselves and that's why you have to buy one from a third party

118
00:10:46,380 --> 00:10:52,440
and then you can have them force SSL on your site just the same way that we're going to be doing with

119
00:10:52,620 --> 00:10:56,490
the free let's encrypt certificates at site ground here in a minute.

120
00:10:56,730 --> 00:11:04,240
Let's encrypt in contrast is an open source free and automated certificate authority.

121
00:11:04,290 --> 00:11:05,760
It works equally as well.

122
00:11:05,760 --> 00:11:08,000
It encrypts data equally as well.

123
00:11:08,040 --> 00:11:12,620
It makes your Web site just as fast and lets it use HTP too.

124
00:11:12,780 --> 00:11:15,480
And it's absolutely free.

125
00:11:15,480 --> 00:11:21,930
It's just now starting to get hosting companies to install utilities that lead easy for users like you

126
00:11:21,930 --> 00:11:24,200
and me to get it working.

127
00:11:24,210 --> 00:11:25,410
Let's get started with it.

128
00:11:27,100 --> 00:11:34,060
Now I've got a new WordPress installation at my site Ground student edu does site account and here's

129
00:11:34,060 --> 00:11:35,020
my domain name.

130
00:11:35,170 --> 00:11:38,410
It's Greg Deedat s g edu dot site.

131
00:11:38,530 --> 00:11:43,060
So if you have a site set up already you can go ahead and encrypt that site.

132
00:11:43,150 --> 00:11:49,120
You can set up a different one if you've expanded your site ground to use more than one domain or on

133
00:11:49,120 --> 00:11:51,910
another server that you already own.

134
00:11:51,910 --> 00:11:58,330
I'm going to go over to the admin panel which is my wordpress dashboard log in and you can see that

135
00:11:58,330 --> 00:12:01,510
this is not being served under a secure connection.

136
00:12:01,510 --> 00:12:04,310
It's just a regular HTP site.

137
00:12:04,780 --> 00:12:07,510
And if I log in.

138
00:12:07,550 --> 00:12:10,190
It'll open up the Wordpress dashboard.

139
00:12:10,450 --> 00:12:16,830
And I'm also going to open up the site itself in another tab so that I can see the results of my work.

140
00:12:16,830 --> 00:12:26,190
You can see them on a regular HTP site non-secure so follow along with me inside of your Wordpress installation

141
00:12:26,440 --> 00:12:29,560
and your server space in the C panel.

142
00:12:29,560 --> 00:12:36,010
I'm going to open up the see panel in my site Ground account and the first thing I'm going to do is

143
00:12:36,010 --> 00:12:43,370
just go down and I'm going to go down to the security area right down here and click let's encrypt.

144
00:12:43,720 --> 00:12:49,330
Go ahead and pause the video wherever you need to and follow along and do the same thing.

145
00:12:49,690 --> 00:12:52,050
So I've just got the one domain right here.

146
00:12:52,240 --> 00:12:57,810
I'm going to use a testing e-mail address that I have right here which is my admin e-mail.

147
00:12:57,820 --> 00:13:02,870
Anyway here at my testing site Ground account and I'll just click install.

148
00:13:02,990 --> 00:13:07,890
Now if you follow along with some of the report you'll get here in the above the progress bar.

149
00:13:08,120 --> 00:13:09,710
It's pretty interesting.

150
00:13:09,710 --> 00:13:12,270
I'll pause the video now and let that finish.

151
00:13:13,650 --> 00:13:17,860
All right after just a few seconds I got a success message here.

152
00:13:17,930 --> 00:13:21,270
Let's encrypt certificate installation success.

153
00:13:21,380 --> 00:13:27,410
And if you followed those progress bar messages you could see all those little steps that the server

154
00:13:27,410 --> 00:13:34,780
was taking to insert the certificate signing requests and to respond and to open the HTP connection.

155
00:13:34,820 --> 00:13:40,650
All those things are things you would have had to do manually if site Ground hadn't installed this utility.

156
00:13:41,000 --> 00:13:46,690
So now that I hit OK I can see that I've got an installed certificate for this domain name.

157
00:13:46,760 --> 00:13:53,320
It's active and it has a renewal date and this is something to note but doesn't give us any extra work.

158
00:13:53,360 --> 00:14:01,190
Let's encrypt certificate authority issues certificates that expire every three months and so on some

159
00:14:01,190 --> 00:14:05,980
servers they require you to go in and renew the certificate manually every three months.

160
00:14:06,080 --> 00:14:12,590
Whereas here at site ground it's got an automatic renewal going on inside of the server so we won't

161
00:14:12,590 --> 00:14:14,930
have to do anything else with the certificate.

162
00:14:15,000 --> 00:14:22,720
Again now back at the Wordpress dashboard there's a change we need to make in the settings under general

163
00:14:23,470 --> 00:14:29,380
and just because I installed the let's encrypt certificate on my server under this domain that doesn't

164
00:14:29,380 --> 00:14:35,290
mean that every time anyone goes to the Web site they will be automatically redirected to the secure

165
00:14:35,290 --> 00:14:35,910
Web site.

166
00:14:36,040 --> 00:14:42,120
In fact if I refresh the page here you can see that it easily opens the non-secure version of my website

167
00:14:42,220 --> 00:14:43,080
right here.

168
00:14:43,120 --> 00:14:49,570
We need to do two more quick changes to force all visitors to the Web site to be redirected to the secure

169
00:14:49,600 --> 00:14:51,530
and encrypted version.

170
00:14:51,670 --> 00:15:00,760
So I'll go back into that general settings and I'm just going to add the s right after TTP and wordpress

171
00:15:00,760 --> 00:15:07,780
address and site address and all I'm doing here is I'm defining the HDTV as protocol inside the database

172
00:15:07,900 --> 00:15:14,120
for my wordpress dashboard and my web site click save changes there at the bottom.

173
00:15:14,530 --> 00:15:19,840
And when you do that it will force you to go ahead and log back in again.

174
00:15:20,650 --> 00:15:22,540
But that's really all I have to do.

175
00:15:22,570 --> 00:15:28,870
Back at the Wordpress dashboard the next thing I have to do is add a specific little three lines of

176
00:15:28,870 --> 00:15:33,530
code inside of the C panel and the file manager.

177
00:15:33,820 --> 00:15:40,780
I'm just going to go to the file manager a little bit lower under files I'm going to click File Manager

178
00:15:41,200 --> 00:15:44,260
and I want to make sure that this box is checked right here.

179
00:15:44,260 --> 00:15:45,990
Show Hidden Files.

180
00:15:46,060 --> 00:15:51,910
The file that we're going to edit is the H.T. access file which actually starts with a dot dot H.T.

181
00:15:51,930 --> 00:15:52,750
access.

182
00:15:53,020 --> 00:15:56,170
And that file is a hidden file.

183
00:15:56,170 --> 00:16:02,410
Data Files are hidden files but if we can use this file manager to not only look at and download and

184
00:16:02,500 --> 00:16:08,680
upload files but to edit them as well inside of the subpanel utility here inside of site ground.

185
00:16:08,950 --> 00:16:15,220
So I click the H.T. access the one that's inside my public underscore HTL mail folder.

186
00:16:15,320 --> 00:16:18,040
That's right where my wordpress installation files are.

187
00:16:18,220 --> 00:16:20,890
And I'm going to go up and click code editor.

188
00:16:20,890 --> 00:16:26,980
Now I can just hit edit and it opens up the content of this HD access file what I'm going to be doing

189
00:16:26,980 --> 00:16:31,320
is placing a few lines of code above the word Press.

190
00:16:31,330 --> 00:16:36,040
Rewrite rules that are automatically in there from WordPress.

191
00:16:36,040 --> 00:16:42,400
Now I've opened up a text file that I provided to you in the Resources page of the students that WP

192
00:16:42,570 --> 00:16:49,300
of course does com Web site as well as in the resources page after this chapter inside of the course

193
00:16:49,380 --> 00:16:50,530
web site.

194
00:16:50,920 --> 00:16:58,900
This code gives us a 3 rewrite rules that we want to add to our H.T. access file and then edit the Web

195
00:16:58,900 --> 00:17:01,210
site you are able to our own.

196
00:17:01,330 --> 00:17:09,160
I'm going to hit copy control C and then we go over to the HD access files put the cursor there and

197
00:17:09,160 --> 00:17:13,510
hit the control V to paste those three lines in here.

198
00:17:13,510 --> 00:17:20,040
What this does is you can see that it forces the browser when they go to this Web site to be redirected

199
00:17:20,050 --> 00:17:24,160
if they're not already to the HTP s version of the Web site.

200
00:17:24,430 --> 00:17:30,430
And you can find these lines of code if you do a little bit of research on your own on H.T. access rules

201
00:17:30,640 --> 00:17:34,080
for SSL or for secure web sites.

202
00:17:35,330 --> 00:17:42,660
So paste that in there and then put your own web site you Arel in here instead of the example your Web

203
00:17:42,650 --> 00:17:50,120
site dot com where I'm going to get that is just over at my web site address here I can just grab the

204
00:17:50,120 --> 00:17:55,400
text instead of here and hit copy control-C.

205
00:17:55,880 --> 00:18:01,310
And now I'm going to go back into that file editor and I'm going to control and I'm going to select

206
00:18:01,310 --> 00:18:07,250
everything inside the slashes there and hit Control V and just make sure that that's right no extra

207
00:18:07,250 --> 00:18:09,350
spaces or anything.

208
00:18:09,350 --> 00:18:10,250
That's correct.

209
00:18:10,300 --> 00:18:17,490
OK then I can hit save in my HD access file I can close that window now when I go back into the Wordpress

210
00:18:17,550 --> 00:18:18,440
dashboard.

211
00:18:18,500 --> 00:18:21,570
And I was already on the secure version of the site here.

212
00:18:21,860 --> 00:18:26,040
So if I refreshed the page let's just make sure everything is working.

213
00:18:26,080 --> 00:18:27,530
You have that loaded great.

214
00:18:27,650 --> 00:18:34,720
I go to the Web site where it's in the non-secure version in my browser and I just hit refresh and I'm

215
00:18:34,720 --> 00:18:36,230
got the green padlock.

216
00:18:36,230 --> 00:18:36,740
Excellent.

217
00:18:36,740 --> 00:18:38,230
A secure connection.

218
00:18:38,240 --> 00:18:39,020
I open it up.

219
00:18:39,020 --> 00:18:45,320
It's verified by let's encrypt can go to more information and I could see that the page was encrypted

220
00:18:45,350 --> 00:18:47,700
before being transmitted over the Internet.

221
00:18:48,820 --> 00:18:54,670
In this lesson you transformed your life site at site ground into a super fast loading secure site that

222
00:18:54,670 --> 00:18:57,690
automatically uses the HTP to protocol.

223
00:18:57,880 --> 00:19:03,010
Now all your client sites can be 10 times faster get higher page ranking with the search engines and

224
00:19:03,010 --> 00:19:06,990
transmit and receive only encrypted data to and from the server.

225
00:19:07,030 --> 00:19:12,310
In this chapter we've really taken your Web site management and client offerings to another level from

226
00:19:12,310 --> 00:19:18,280
managing multiple websites to updates and security hardening to the best insights speed and security

227
00:19:18,280 --> 00:19:19,540
through SSL.

228
00:19:19,540 --> 00:19:23,010
You're ready to bring all this to clients in the next chapter.

229
00:19:23,020 --> 00:19:28,150
We'll put it all together and wrap up the course with lessons about proposals and Web site care plans

230
00:19:28,150 --> 00:19:34,120
for client work billing and invoicing techniques and reviewing everything you learned in this course.

231
00:19:34,150 --> 00:19:34,840
Let's do it.