Three things you need to look at to avoid penalties from Google in 2017: HTTPS (a.k.a. SSL certificates), intrusive interstitials (a.k.a. popups), and whether to make use of Google AMP (Accelerated Mobile Pages) to speed up your mobile website. Learn why these things are important and how to set them up on WordPress. From the East Bay WordPress Meetup, January 15, 2017
•Pizza. Please bring it into the meeting room.
•Demo: Merel Kennedy, MK Design
•Demo: Rocky Butani, Private Lender Link
•Main Presentation: Is Your Website Ready for
Our Meetup.com Page
A Word from Our Sponsors
Ongoing Sponsor: Pagely
Ongoing Sponsor: O’Reilly Media
Use discount code PCBW for 40% off print & 50% off ebooks and videos on
Today’s Pizza Sponsor: Lisa LaMagna
Tell us your name and something about yourself, e.g.
“I’m Sallie and I’m the organizer of this Meetup. I
started working with WordPress in 2005.”
Demo: MK Design
MK Design: WP Image Zoom Pro
• Zooms automatically when
you mouse over the image.
• Requires large image uploads
to work (2x or 3x).
• Add class=“zoooom” to images
or use visual editor button.
• Free plugin (1 zoom per page)
• Pro version ($48.90 for one
Demo: Private Lender Link
Private Lender Link: FacetWP
• Premium Plugin from
($79 basic, $199 pro)
• Filter search results by
anything you can query.
Is Your Website ready for 2017?
Https, Interstitials, and AMP, oh my!
HTTPS: Securing Your Site
What Is HTTPS?
“Hyper Text Transfer Protocol Secure (HTTPS)
is the secure version of HTTP. The 'S' at the
end of HTTPS stands for 'Secure'. It means all
communications between your browser and
the website are encrypted.”
HTTPS Requires an SSL Certificate
“SSL” is really TLS (Transportation Layer Security)
“An SSL Certificate (Secure Sockets Layer), also called a
Digital Certificate, creates a secure link between a website
and a visitor's browser. By ensuring that all data passed
between the two remains private and secure, SSL
encryption prevents hackers from stealing private
information such as credit card numbers, names and
You need HTTPS…
•If you conduct financial transactions on your
site—even with PayPal Standard (since 2016).
•If anyone logs into your site, including you.
•Because Google says so (since 2014).
•Because WordPress says so (starting 2017).
•Because you need it for HTTP/2.
Good News: Free SSL Certificates
Can You Use Free SSL?
Yes, unless you need:
Organization Validation (OV) SSL Certificates: where
the CA checks the right of the applicant to use a
specific domain name PLUS it conducts some
vetting of the organization.
Extended Validation (EV) SSL Certificates: where
the Certificate Authority (CA) checks the right of the
applicant to use a specific domain name PLUS it
conducts a THOROUGH vetting of the organization.
What’s the Difference?
Standard (DV) Certificate
When Would You Need OV or EV?
If you’re PayPal, eBay, a bank, or someone else whose
site hackers are likely to spoof in order to conduct
phishing attacks, you want one of these certificates.
Before you can get one, you have to be able to
demonstrate that you’re a legitimate business. For
most purposes, including e-commerce, a DV certificate
Chrome Warnings on Non-HTTPS Sites
Get Let’s Encrypt
• A2 Hosting
• BlueHost (WP Only)
• WP Engine
Don’t see your
might just have
left it out, so
Install This Plugin First
WP Engine has
its own solution
so don’t install
Set Up Let’s Encrypt on SiteGround
Set Up Let’s Encrypt on DreamHost
Set Up Let’s Encrypt on WP Engine
Set Up Let’s Encrypt on Pressable
Set Up Free SSL on BlueHost
Set Up SSL with Cloudflare
Making It All Work Automatically sets
up a page rule so
your admin is not
additional page rules
to avoid caching
HTTPS Rewrites with Cloudflare
Too many levels of rewrites can
cause redirect loops. If enabling
this causes problems, disable it.
Update Google Analytics
• Set the default URL of your GA property to HTTPS
Update Google Search Console
Add all your website versions
Make sure you add separate Search Console properties for all
URL variations that your site supports, including https, http,
www, and non-www.
Select your preferred version
Choose whether you want your site to appear with or without
"www" in Google Search.
Note: if you have verified ownership of the http version of your
website, you won’t (usually) have to do it again.
Update Other Links
Check your email signature and links from your social
profile, and update them to HTTPs.
What to Do Next
Set this up for yourself, then offer it as a
service to clients (or invite the DIY types to
do it themselves).
Tutorial: How to Properly Migrate a WordPress Site to
Otherwise Known as Popups
These Are Bad
They cover the
whole screen and
are hard to dismiss
on mobile. They
they’re just a PITA.
These Are Okay
Legally required popups
(such as for age-restricted
sites or the European
Cookie Law) will not be
penalized. Small ads, inline
ads, and exit-intent popups
More About Interstitials
• This only applies to mobile: we’re going to keep
seeing obnoxious intersitials on our
• Your email signup form and other offers for your
own products are included.
• The “interstitial” doesn’t have to be an actual popup:
anything that covers the first screen visitors land on
from a mobile search link counts.
To Avoid Penalties, Make Sure…
1. Popups are desktop only by Default
2. Device Specific Display Rules
3. Floating Bars are Mobile Optimized
4. Use Smart Display Rule Triggers
(Guidelines from OptinMonster)
What to Do Next
First check your own site. Then contact
your clients to see whether they need
help with their interstitials.
It’s all about Mobile Speed
What Is AMP?
Automattic’s AMP Plugin
More AMP Plugins
• Glue for Yoast SEO & AMP (Supplement to
• AMP for WP (Alternative to Automattic plugin)
• AMP Supremacy (Alternative to Automattic Plugin)
• Custom AMP (Alternative to Automattic plugin)
• Facebook Instant Articles & Google AMP Pages by PageFrog
(Alternative to Automattic Plugin)
AMP Support on Cloudflare
What Does AMP Look Like?
Regular WP Post WP Post on AMP
No header or menu
Do You Need AMP?
Maybe. But you can have a fast mobile site
• Three reasons you might not need Google AMP after all
• Do I Need AMP?
• How to Set Up Google Amp for WordPress (And Why You
• Diving Into Google Accelerated Mobile Pages (AMP)
Seems to me it’s best to wait on this one and
see how things develop, unless you’re a news
organization publishing to other platforms.
About Your Presenter
@salliegoetsch on Twitter
Sallie Goetsch (rhymes with ‘sketch’) built her first HTML
website in 1994. Since discovering WordPress in 2005, she
hasn’t looked back. Sallie became the organizer of the
East Bay WordPress Meetup in Oakland, California, in
Sallie has produced WordPress videos for Peachpit Press,
taught introductory WordPress classes for Mediabistro,
and acted as Technical Reviewer for O’Reilly’s WordPress:
The Missing Manual. She runs her WP Fangirl consulting
and development business from her home and appears
regularly on the WP-Tonic Live panel.