Let’s clarify the problem: If two different versions of a website are indexed in Google, let’s say:

  • http://your-website.com
  • http://www.your-website.com

…then both versions are independent websites from the point of view of a search engine. Search engines then have problems to decide which version of a website is the relevant one. In addition, there is the danger that a website is indexed several times (which is rare but possible) and that the same versions of websites are in competition with each other.

Our task is, therefore, to open the input mask of a browser and call up every version of your website. In the best case, no matter which version of your website you type in, you will be redirected to a single one of them.

Überprüfen dass WordPress nur über https// erreichbar ist.
Püfen dass WordPress nur über SSL erreichbar ist

Possible URL variants of a domain:

  • http://your-website.com
  • http://www.your-website.com
  • https://your-website.com
  • https://www.your-website.com

If your website is available under several domains, ask your web host to adjust the .htaccess or DNS settings of the website so that this error is corrected.

Install a valid SSL certificate

You should also make sure that your website has a valid SSL certificate. Almost every web host is now able to issue a free and automatically renewing SSL certificate using Let’s Encrypt.

1Klick Installation auf Raidboxes.io
Example: 1 Click Installation in Raidboxes

Unsecured pages are now marked as “unsafe” by most browsers.

Beispiel einer Webseite die Mixed Content anbietet und als unsicher dargestellt wird

Since this message can be a deterrent for many users, you should make sure that your website is always accessible at https://. If you are an online shop or process personal data on your website, you may even be obliged to operate the website using secure encryption.

Last but not least https:// is a minimal ranking factor, as Google has already publicly confirmed several times.

Check that all content is embedded via https://

Unfortunately, the sole integration of an SSL certificate is not sufficient to make all the contents of your website accessible via https://. You also have to change all URLs & contents of your website so that they can be called with https:// instead of Http://.

Meanwhile this process is quite simple with the help of some plugins. Enclosed we show you two solutions to move to an encrypted connection.

Attention: Please create a backup of the website before you work with the following plugins.

Better Search Replace

Visit WordPress-Plugin

With this plugin, it is possible to search all URLs of a WordPress website within the MYSQL database and change certain entries.

Instructions:

Time needed: 10 minutes

The following instructions describe how you can change the URL version of your WordPress website with the plugin “Better Search Replace“.

  1. Open the WordPress Dashboard

    Open the backend of your WordPress installation.

  2. Install WordPress Plugin

    Install the plugin “Better Search Replace” & activate it. We also recommend that you make a backup of your website.

  3. Visit the Plugin Settings

    Call up the plugin interface under “Tools” > “Better Search Replace“.

  4. Check WordPress Database for outdated Domain Versions

    Look for the following scheme if you want the website to be accessible at https://ihre-website.de: “http://ihre-website.de“. If you want your website to be accessible at https://www.ihre-website.de, search for the following scheme: “http://www.ihre-website.de“.

  5. Replace URL

    Replace the URL with https://www.ihre-website.de or https://ihre-website.de.

  6. Perform test run

    Activate “Test run” to see whether the operation can be performed at all.

  7. Deactivate test run

    If the “test run” is successful, you can perform the same procedure again. However, deselect “Test run”.

  8. Remove Better Search Replace

    You can then disable & uninstall the plugin again.

Better Search Replace Plugin

Really Simple SSL

Really Simple SSL Plugin
Visit WordPress-Plugin

Another plugin for setting up an SSL certificate is the Really Simple SSL plugin. Here, only the activation of the plugin is necessary because the plugin works completely without configuration (out of the box).

A disadvantage, however, is that the plugin must remain permanently activated. This can cause incompatibilities, security gaps and maintenance efforts.

Notes from the developer console

You can use the developer console to check your website for errors. You can find it in Google Chrome under “Settings” > “More tools” > “Developer tools“.

Google Chrome Entwicklertools öffnen
Open Developer Tools in Google Chrome

In the tab “Console” you should not get an error message in the best case. However, if scripts and contents of other websites are integrated, it often happens that these are still loaded via http://. These then cause a so-called “Mixed Content Error” inside the “developer console“.

Mixed Content: The page at ‘https://googlesamples.github.io/web-fundamentals/fundamentals/security/prevent-mixed-content/active-mixed-content.html’ was loaded over HTTPS, but requested an insecure script ‘http://googlesamples.github.io/web-fundamentals/samples/discovery-and-distribution/avoid-mixed-content/simple-example.js’. This request has been blocked; the content must be served over HTTPS.

Example for a Mixed Content Error

As a website operator, you should resolve such warnings. Not only because they reduce the loading time of your website enormously, but also because they can lead to display errors if the corresponding content is blocked by the browser or any extensions.

Ein Beispiel für Mixed Content in Google Chrome
An example of Mixed Content in Google Chrome

Conclusion: SEO without SSL is not possible!

Search engines like Google have long since admitted that SSL is a ranking signal. Since December 2010, pages with unsafe content have even been blocked. Until now, unsecured pages were loaded anyway. Since security warnings can have a huge negative impact on the user experience, you should always make sure you have a valid SSL certificate. And finally, privacy is also in the legal and everyone’s personal interest.

The next step of the SEO audit is to check if all pages of your website can be indexed.