2018 has brought some big changes for site owners, and two in particular can’t be ignored, especially for WordPress site owners: WordPress and PHP, and Secure Site (SSL) Certificates and Google.

1. WordPress sites and PHP

If you have a WordPress (“WP”) site, WP is the free software which powers your site, and gives you the administrative tools to manage it. Regardless of whether you are actively using the site management tools or not, your site isn’t just text and pictures, there is software powering it.

The programming language that WordPress is written in – called “PHP” – gets updated over time, and eventually old versions of the PHP code are no longer supported.

By the end of THIS YEAR, a major update is happening with WordPress where WP sites will no longer run on very old code. If your site hasn’t been updated in years, it may break in a matter of months or even weeks.

If your site hasn’t been updated in ages and is running on old PHP, it may soon break as hosting companies stop using PHP 5 (the old version), and force the switch to PHP 7 (the current version, which has now been around for years), in order to keep their WordPress sites running.

This issue is not unique to WordPress sites – Facebook uses PHP, as do Wikipedia, Yahoo, Mailchimp, and many big and small sites. It is one of the most used languages on the web, and this forced switch-over by WordPress is a rare event that you see once or twice a decade.

In fact this switch is overdue – two of the best articles I could find on the reason for the change are from early and mid-2017.

Webmasters were expecting to have to make the change last year, but it is now at the end of 2018 that we are seeing old and non-updated sites starting to fail, and this problem is about to get much worse in the coming weeks.

From the article Changing or Updating Your Version of PHP for WordPress:

Updating PHP for WordPress

What site owners need to do. The best practice is to update WordPress periodically, as new versions add security layers and fix web vulnerabilities which arise over time. For many of our maintenance clients, we upgrade WP a few times a year, with each update usually taking 15 minutes or less. If your site has been updated over time, this item is not an issue for you.

Outdated sites need to have multiple pieces updated: 1) the main WordPress software, 2) the feature add-ons or “plugins” that are part of the site (some sites have few plugins; others have many), and 3) the site “theme” or code which powers the site’s layout and styles and customizations.

The longer a site has gone without updates, the greater the chance that there may be an issue which comes up during the upgrade. We back up the site in its current state, perform the upgrades, and then assess the time needed to finish the process. If there are no issues, then the whole process can be an hour or less, even with multiple upgrades needed, like version 3.5 to version 4.0 to version 4.5.

If there are issues, then we can roll the site back and give an estimate for resolving the problems that came up during the upgrade effort.

2. Secure Site Certificates (SSL) and Google

A secure website with a “secure site certificate” is accessed via https instead of http, and you see a note in browsers that says some version of “this site is secure.” The browser may also show a lock icon, here’s our site notice in the Firefox browser.

Secure Site Indicators

Conversely, if your site does not have a secure certificate, Google Chrome is now showing site visitors a “This site is not secure” message right next to your website address.

SSL certificates used to be required only for e-commerce sites, and sites with forms collecting personal info. But now Google is expecting all sites to be secure – every page on the site. This is true even for info-only sites, because otherwise hackers can potentially hack those sites and infect visitors.

Google is now penalizing non-secure sites in their search results, considering it a negative factor when they weigh who should show up on top of the page.

You secure your site with an SSL certificate, which can be purchased from your hosting company for $50-$100/year. A service called Let’s Encrypt offers them for free, and that certificate works on most hosting services.

For 1-2 hrs. we can get you set up with the certificate (if a paid certificate is necessary due to your hosting company, that cost is paid by the client directly to the host), install and configure it on the site, then add a site add-on which makes sure that all site elements (images, PDFs, etc.) are served over https.

We then test the site after activating SSL. At that point your site will show as Secure to all browsers and search engines!

If you have any questions or would like an estimate for updating your site, please contact us. Thanks!