Is Your (Client's) Website Ready for 2017?


Published on

Sallie Goetsch explains three things website owners need to address in 2017: SSL certificates, intrusive interstitials, and Google AMP. From the East Bay WordPress Meetup, January 2017.

Published in: Internet
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Is Your (Client's) Website Ready for 2017?

  1. 1. January 15, 2017
  2. 2. Schedule •Pizza. Please bring it into the meeting room. •Introductions •Demo: Merel Kennedy, MK Design •Demo: Rocky Butani, Private Lender Link •Main Presentation: Is Your Website Ready for 2017?
  3. 3.
  4. 4. Our Page
  5. 5. A Word from Our Sponsors
  6. 6. Ongoing Sponsor: Pagely
  7. 7. Ongoing Sponsor: O’Reilly Media Use discount code PCBW for 40% off print & 50% off ebooks and videos on
  8. 8. Today’s Pizza Sponsor: Lisa LaMagna
  9. 9. Introductions Tell us your name and something about yourself, e.g. “I’m Sallie and I’m the organizer of this Meetup. I started working with WordPress in 2005.”
  10. 10. Demo: MK Design
  11. 11. MK Design: WP Image Zoom Pro • Zooms automatically when you mouse over the image. • Requires large image uploads to work (2x or 3x). • Add class=“zoooom” to images or use visual editor button. • Free plugin (1 zoom per page) • Pro version ($48.90 for one site)
  12. 12. Demo: Private Lender Link
  13. 13. Private Lender Link: FacetWP • Premium Plugin from ($79 basic, $199 pro) • Filter search results by anything you can query.
  14. 14. Is Your Website ready for 2017? Https, Interstitials, and AMP, oh my!
  15. 15. HTTPS: Securing Your Site
  16. 16. What Is HTTPS? “Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP. The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are encrypted.”
  17. 17. HTTPS Requires an SSL Certificate “SSL” is really TLS (Transportation Layer Security) “An SSL Certificate (Secure Sockets Layer), also called a Digital Certificate, creates a secure link between a website and a visitor's browser. By ensuring that all data passed between the two remains private and secure, SSL encryption prevents hackers from stealing private information such as credit card numbers, names and addresses.”
  18. 18. You need HTTPS… •If you conduct financial transactions on your site—even with PayPal Standard (since 2016). •If anyone logs into your site, including you. •Because Google says so (since 2014). •Because WordPress says so (starting 2017). •Because you need it for HTTP/2.
  19. 19. Good News: Free SSL Certificates
  20. 20. Can You Use Free SSL? Yes, unless you need: Organization Validation (OV) SSL Certificates: where the CA checks the right of the applicant to use a specific domain name PLUS it conducts some vetting of the organization. Extended Validation (EV) SSL Certificates: where the Certificate Authority (CA) checks the right of the applicant to use a specific domain name PLUS it conducts a THOROUGH vetting of the organization.
  21. 21. What’s the Difference? Standard (DV) Certificate EV Certificate
  22. 22. When Would You Need OV or EV? If you’re PayPal, eBay, a bank, or someone else whose site hackers are likely to spoof in order to conduct phishing attacks, you want one of these certificates. Before you can get one, you have to be able to demonstrate that you’re a legitimate business. For most purposes, including e-commerce, a DV certificate is fine.
  23. 23. Chrome Warnings on Non-HTTPS Sites
  24. 24. Get Let’s Encrypt • A2 Hosting • BlueHost (WP Only) • Cloudways • DreamHost • Flywheel • Pressable • Pressjitsu • SiteGround • • WP Engine Don’t see your hosting company? I might just have left it out, so contact support.
  25. 25. Install This Plugin First WP Engine has its own solution so don’t install this there.
  26. 26. Set Up Let’s Encrypt on SiteGround
  27. 27. Set Up Let’s Encrypt on DreamHost
  28. 28. Set Up Let’s Encrypt on WP Engine
  29. 29. Set Up Let’s Encrypt on Pressable
  30. 30. Set Up Free SSL on BlueHost
  31. 31. Set Up SSL with Cloudflare
  32. 32. Making It All Work Automatically sets up a page rule so your admin is not cached. Use additional page rules to avoid caching your store.
  33. 33. HTTPS Rewrites with Cloudflare Too many levels of rewrites can cause redirect loops. If enabling this causes problems, disable it.
  34. 34. Update Google Analytics • Set the default URL of your GA property to HTTPS
  35. 35. Update Google Search Console Add all your website versions Make sure you add separate Search Console properties for all URL variations that your site supports, including https, http, www, and non-www. Select your preferred version Choose whether you want your site to appear with or without "www" in Google Search. Note: if you have verified ownership of the http version of your website, you won’t (usually) have to do it again.
  36. 36. Update Other Links Check your email signature and links from your social profile, and update them to HTTPs.
  37. 37. What to Do Next Set this up for yourself, then offer it as a service to clients (or invite the DIY types to do it themselves). Tutorial: How to Properly Migrate a WordPress Site to HTTPS
  38. 38. Intrusive Interstitials Otherwise Known as Popups
  39. 39. These Are Bad They cover the whole screen and are hard to dismiss on mobile. They interfere with accessibility. And they’re just a PITA.
  40. 40. These Are Okay Legally required popups (such as for age-restricted sites or the European Cookie Law) will not be penalized. Small ads, inline ads, and exit-intent popups are acceptable.
  41. 41. More About Interstitials • This only applies to mobile: we’re going to keep seeing obnoxious intersitials on our desktops/laptops. • Your email signup form and other offers for your own products are included. • The “interstitial” doesn’t have to be an actual popup: anything that covers the first screen visitors land on from a mobile search link counts.
  42. 42. To Avoid Penalties, Make Sure… 1. Popups are desktop only by Default 2. Device Specific Display Rules 3. Floating Bars are Mobile Optimized 4. Use Smart Display Rule Triggers (Guidelines from OptinMonster)
  43. 43. What to Do Next First check your own site. Then contact your clients to see whether they need help with their interstitials.
  44. 44. Google AMP It’s all about Mobile Speed
  45. 45. What Is AMP?
  46. 46. Automattic’s AMP Plugin
  47. 47. More AMP Plugins • Glue for Yoast SEO & AMP (Supplement to Automattic plugin) • AMP for WP (Alternative to Automattic plugin) • AMP Supremacy (Alternative to Automattic Plugin) • Custom AMP (Alternative to Automattic plugin) • Facebook Instant Articles & Google AMP Pages by PageFrog (Alternative to Automattic Plugin)
  48. 48. AMP Support on Cloudflare
  49. 49. What Does AMP Look Like? Regular WP Post WP Post on AMP No subtitle Duplicate featured image Different fonts No background image No header or menu
  50. 50. Do You Need AMP? Maybe. But you can have a fast mobile site without it. • Three reasons you might not need Google AMP after all • Do I Need AMP? • How to Set Up Google Amp for WordPress (And Why You Should) • Diving Into Google Accelerated Mobile Pages (AMP)
  51. 51. What Next? Seems to me it’s best to wait on this one and see how things develop, unless you’re a news organization publishing to other platforms.
  52. 52. About Your Presenter @salliegoetsch on Twitter (510) 969-9947 Sallie Goetsch (rhymes with ‘sketch’) built her first HTML website in 1994. Since discovering WordPress in 2005, she hasn’t looked back. Sallie became the organizer of the East Bay WordPress Meetup in Oakland, California, in 2009. Sallie has produced WordPress videos for Peachpit Press, taught introductory WordPress classes for Mediabistro, and acted as Technical Reviewer for O’Reilly’s WordPress: The Missing Manual. She runs her WP Fangirl consulting and development business from her home and appears regularly on the WP-Tonic Live panel.