Making your website secure with an SSL certificate can be quite a scary prospect. To be honest, we put it off for far too long ourselves. We were scared it was going to be a long, complicated process that could potentially turn our brains into mush. We were wrong, it’s really, really easy and you don’t need to be worried at all.
What is SSL/https?
Warning! Warning! This is the boring geeky bit. Stick with us, it gets better and loads more fun… honest!
SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser. Typically, SSL is used to secure credit card transactions, data transfer and logins, and more recently is becoming the norm when securing browsing of social media sites.
Some browsers may even give you a warning about a site that doesn’t have that little padlock in the corner and will warn you that the site is not secure.
Do I need it?
That is a damn good question, well done you 👏🏻. The simple answer is YES!
In days gone by, SSL certificates were only really necessary on checkout pages where you were sharing your credit card details or login pages where you were sharing your passwords and personal information. No-one wants their personal info nabbed by those dastardly cybercriminals, right?
Well, things have changed a little. Chrome, the world’s leading internet browser, now shows us how secure each and every site on the web is. We have our very own little padlock when you view our site in Chrome – looks good right?
Data breach here, personal information hack there, credit card details stolen everywhere (catchy eh? 😜)
With various companies hitting the headlines recently for having their systems hacked and their customers details stolen. Cybersecurity is a big deal, so with Chrome putting its arm around people while they browse the web and whispering “ooh, I’m not sure I’d do that if I were you” in their ear if there is not a secure connection, now is a great time to add one to your site.
People will listen to their buddy Chrome, and if your site isn’t the proud owner of a shiny little padlock, those people that were about to have a good long browse of your site may well be running down the road screaming in fear, with a little Chrome shaped devil on their shoulder, chuckling away.
Google (the undisputed Kings of the internet) own Chrome. They also run a little search engine that is so big, it has become a verb. We’ve all said: “Google It!” right? Well, these guys are the people we need to keep on-side if we want our sites to be found in search results. Since July 2018, Google has been using the SSL status of sites as a ranking signal, meaning those that start with https rather than just http will be boosted in search rankings. If your site is secure, you will be easier to find, simple as that.
What are my options?
We are going to talk to you about WordPress websites because we love them, build all of our sites with WordPress and this little beauty you are currently on is built using WordPress 😍
The simple answer to this is free or paid!
“Free” options usually mean they are included in your web hosting package. Companies like WP Engine and Flywheel include SSL certificates in their packages. These guys offer fantastic WordPress only hosting packages that can help with the overall security and speed of your website and even offer automated backups for your site. We are really big fans of both of these companies, but some people may not want to pay a premium for their service.
Most other hosting companies will allow you to buy an SSL certificate from them or a third party supplier and apply it to your site. Prices for this can range from £10 to £200 per year, some premium services can go into the thousands 🤯
Your host will, of course, tell you that their SSL certificate product is the one to go with.
Let’s Encrypt is a free open certificate authority that aims to provide SSL certificate for the general public. It is a project of Internet Research Group, a public service corporation. Let’s Encrypt is sponsored by many companies including Google, Facebook, Sucuri, Mozilla, Cisco, etc.
Let’s Encrypt is supported by an ever increasing number of hosts – check out the list here. When your host supports Let’s Encrypt adding a FREE SSL certificate is a really easy process that will probably take less time than it will to read this post (it’s worth it though, because this post rocks!).
So how do you do it?
TSO is a well known hosting company that offers built-in integration of free SSL with Let’s Encrypt. We use TSO for this very site.
Here is how to enable Let’s Encrypt free SSL in TSO.
Simply log in to your Control Panel in your hosting package and choose the domain you would like to add the SSL certificate to. Once on your dashboard scroll down to the Advanced Management Tools section. Then click away on the Let’s Encrypt icon.
This will bring you to the Let’s Encrypt install page. TSO will check that your website has it’s DNS pointed to them when you click the green Check My Domains button.
You can now click on the Request SSL button and Let’s Encrypt will issue a unique SSL certificate for your website. Once it’s finished, you will get a lovely little message confirming your success. Well done, grab yourself a cuppa and a biscuit to celebrate. You’re nearly there!
That’s it, you can now bask in the glory (with your celebratory tea and Hob Nob) of successfully integrating a Let’s Encrypt free SSL certificate to your WordPress site.
So, your SSL Certificate is ready, but your WordPress website isn’t. Firstly, you will need to update your WordPress URLs.
Updating WordPress URLs
After setting up the Free SSL certificate with Let’s Encrypt, the next step is to move your WordPress URL from HTTP to HTTPS.
A normal site without an SSL certificate uses the HTTP protocol. In the browser address bar an HTTP site will look like this:
Secure websites with SSL certificates get one of those funky padlocks and use HTTPS protocol. In the browser address bar their addresses look like this:
Without changing the URLs in your WordPress site, you will not be using SSL and your padlock will remain a mere pipe dream.
So, this is how we change our URLs from http to https:
For a Brand New WordPress Website
If your website is still shiny and new, then you can just head over to your WordPress admin area and click on settings. There you will need to update the WordPress URL and Site URL fields to use https.
For Existing WordPress Sites
If your site has been around the block a few times, then hopefully it is indexed by search engines. Anyone that may have linked to your site, will have done so using http in the URL. You need to make sure no-one gets lost when trying to find your new, secure home and that all traffic is redirected to the https URL.
No need to worry, the process is still dead simple. The first thing you need to do is install and activate the Really Simple SSL plugin.
This fab little plugin will automatically detect your SSL certificate and set up your site to use it, using a heady mix of science and magic. That should be that, you’ll not have any more changes to make. The plugin will even wave it’s magic wand a bit more and fix any insecure content issues.
Last, of all, don’t forget to add your lovely new https address into Google Analytics. You can then track all those carefree website visitors that are no longer hiding behind their sofas.
That turned out much easier than we thought, hopefully, you find it a piece of cake too. Let us know how you get on in the comments.