Sallie Goetsch explains three things website owners need to address in 2017: SSL certificates, intrusive interstitials, and Google AMP. From the East Bay WordPress Meetup, January 2017.

1. January 15,
2017

2. Schedule
•Pizza. Please bring it into the meeting room.
•Introductions
•Demo: Merel Kennedy, MK Design
•Demo: Rocky Butani, Private Lender Link
•Main Presentation: Is Your Website Ready for
2017?

3. EastBayWP.com

4. Our Meetup.com Page
http://www.meetup.com/Eastbay-WordPress-Meetup/

5. A Word from Our Sponsors

6. Ongoing Sponsor: Pagely
https://pagely.com/plans-pricing/managed-wordpress/

7. Ongoing Sponsor: O’Reilly Media
Use discount code PCBW for 40% off print & 50% off ebooks and videos on
http://shop.oreilly.com.

8. Today’s Pizza Sponsor: Lisa LaMagna
http://lisalamagna.com

9. Introductions
Tell us your name and something about yourself, e.g.
“I’m Sallie and I’m the organizer of this Meetup. I
started working with WordPress in 2005.”

10. Demo: MK Design
http://merelkennedy.com/

11. MK Design: WP Image Zoom Pro
• Zooms automatically when
you mouse over the image.
• Requires large image uploads
to work (2x or 3x).
• Add class=“zoooom” to images
or use visual editor button.
• Free plugin (1 zoom per page)
• Pro version ($48.90 for one
site)

12. Demo: Private Lender Link
https://privatelenderlink.com/

13. Private Lender Link: FacetWP
• Premium Plugin from
https://facetwp.com/buy/
($79 basic, $199 pro)
• Filter search results by
anything you can query.

14. Is Your Website ready for 2017?
Https, Interstitials, and AMP, oh my!

15. HTTPS: Securing Your Site

16. What Is HTTPS?
“Hyper Text Transfer Protocol Secure (HTTPS)
is the secure version of HTTP. The 'S' at the
end of HTTPS stands for 'Secure'. It means all
communications between your browser and
the website are encrypted.”
https://www.instantssl.com/ssl-certificate-products/https.html

17. HTTPS Requires an SSL Certificate
“SSL” is really TLS (Transportation Layer Security)
“An SSL Certificate (Secure Sockets Layer), also called a
Digital Certificate, creates a secure link between a website
and a visitor's browser. By ensuring that all data passed
between the two remains private and secure, SSL
encryption prevents hackers from stealing private
information such as credit card numbers, names and
addresses.”
http://www.networksolutions.com/education/what-is-an-ssl-certificate/

18. You need HTTPS…
•If you conduct financial transactions on your
site—even with PayPal Standard (since 2016).
•If anyone logs into your site, including you.
•Because Google says so (since 2014).
•Because WordPress says so (starting 2017).
•Because you need it for HTTP/2.

19. Good News: Free SSL Certificates

20. Can You Use Free SSL?
Yes, unless you need:
Organization Validation (OV) SSL Certificates: where
the CA checks the right of the applicant to use a
specific domain name PLUS it conducts some
vetting of the organization.
Extended Validation (EV) SSL Certificates: where
the Certificate Authority (CA) checks the right of the
applicant to use a specific domain name PLUS it
conducts a THOROUGH vetting of the organization.
https://www.globalsign.com/en/ssl-information-center/types-of-ssl-certificate/

21. What’s the Difference?
Standard (DV) Certificate
EV Certificate

22. When Would You Need OV or EV?
If you’re PayPal, eBay, a bank, or someone else whose
site hackers are likely to spoof in order to conduct
phishing attacks, you want one of these certificates.
Before you can get one, you have to be able to
demonstrate that you’re a legitimate business. For
most purposes, including e-commerce, a DV certificate
is fine.

23. Chrome Warnings on Non-HTTPS Sites

24. Get Let’s Encrypt
• A2 Hosting
• BlueHost (WP Only)
• Cloudways
• DreamHost
• Flywheel
• Pressable
• Pressjitsu
• SiteGround
• WordPress.com
• WP Engine
Don’t see your
hosting
company? I
might just have
left it out, so
contact support.

25. Install This Plugin First
https://wordpress.org/plugins-wp/really-simple-ssl/
WP Engine has
its own solution
so don’t install
this there.

26. Set Up Let’s Encrypt on SiteGround

27. Set Up Let’s Encrypt on DreamHost

28. Set Up Let’s Encrypt on WP Engine

29. Set Up Let’s Encrypt on Pressable

30. Set Up Free SSL on BlueHost

31. Set Up SSL with Cloudflare

32. Making It All Work Automatically sets
up a page rule so
your admin is not
cached. Use
additional page rules
to avoid caching
your store.
https://wordpress.org/plugins/cloudflare/

33. HTTPS Rewrites with Cloudflare
Too many levels of rewrites can
cause redirect loops. If enabling
this causes problems, disable it.

34. Update Google Analytics
• Set the default URL of your GA property to HTTPS

35. Update Google Search Console
Add all your website versions
Make sure you add separate Search Console properties for all
URL variations that your site supports, including https, http,
www, and non-www.
Select your preferred version
Choose whether you want your site to appear with or without
"www" in Google Search.
Note: if you have verified ownership of the http version of your
website, you won’t (usually) have to do it again.

36. Update Other Links
Check your email signature and links from your social
profile, and update them to HTTPs.

37. What to Do Next
Set this up for yourself, then offer it as a
service to clients (or invite the DIY types to
do it themselves).
Tutorial: How to Properly Migrate a WordPress Site to
HTTPS

38. Intrusive Interstitials
Otherwise Known as Popups

39. These Are Bad
They cover the
whole screen and
are hard to dismiss
on mobile. They
interfere with
accessibility. And
they’re just a PITA.
https://webmasters.googleblog.com/2016/08/helping-users-easily-access-content-on.html

40. These Are Okay
https://webmasters.googleblog.com/2016/08/helping-users-easily-access-content-on.html
Legally required popups
(such as for age-restricted
sites or the European
Cookie Law) will not be
penalized. Small ads, inline
ads, and exit-intent popups
are acceptable.

41. More About Interstitials
• This only applies to mobile: we’re going to keep
seeing obnoxious intersitials on our
desktops/laptops.
• Your email signup form and other offers for your
own products are included.
• The “interstitial” doesn’t have to be an actual popup:
anything that covers the first screen visitors land on
from a mobile search link counts.

42. To Avoid Penalties, Make Sure…
1. Popups are desktop only by Default
2. Device Specific Display Rules
3. Floating Bars are Mobile Optimized
4. Use Smart Display Rule Triggers
(Guidelines from OptinMonster)
http://optinmonster.com/the-new-google-mobile-friendly-rules-for-popups/

43. What to Do Next
First check your own site. Then contact
your clients to see whether they need
help with their interstitials.

44. Google AMP
It’s all about Mobile Speed

45. What Is AMP?

46. Automattic’s AMP Plugin
https://wordpress.org/plugins-wp/amp/

47. More AMP Plugins
• Glue for Yoast SEO & AMP (Supplement to
Automattic plugin)
• AMP for WP (Alternative to Automattic plugin)
• AMP Supremacy (Alternative to Automattic Plugin)
• Custom AMP (Alternative to Automattic plugin)
• Facebook Instant Articles & Google AMP Pages by PageFrog
(Alternative to Automattic Plugin)

48. AMP Support on Cloudflare

49. What Does AMP Look Like?
Regular WP Post WP Post on AMP
No subtitle
Duplicate
featured
image
Different
fonts
No background
image
No header or menu

50. Do You Need AMP?
Maybe. But you can have a fast mobile site
without it.
• Three reasons you might not need Google AMP after all
• Do I Need AMP?
• How to Set Up Google Amp for WordPress (And Why You
Should)
• Diving Into Google Accelerated Mobile Pages (AMP)

51. What Next?
Seems to me it’s best to wait on this one and
see how things develop, unless you’re a news
organization publishing to other platforms.

52. About Your Presenter
@salliegoetsch on Twitter
sallie@wpfangirl.com
(510) 969-9947
Sallie Goetsch (rhymes with ‘sketch’) built her first HTML
website in 1994. Since discovering WordPress in 2005, she
hasn’t looked back. Sallie became the organizer of the
East Bay WordPress Meetup in Oakland, California, in
2009.
Sallie has produced WordPress videos for Peachpit Press,
taught introductory WordPress classes for Mediabistro,
and acted as Technical Reviewer for O’Reilly’s WordPress:
The Missing Manual. She runs her WP Fangirl consulting
and development business from her home and appears
regularly on the WP-Tonic Live panel.