What is SSL?
SSL (secure socket layer) encrypts the communication between website and the visitor’s browser. When a website visitor enters details such as name, email address, username, password, or credit card number, SSL prevents them from being read by nefarious third parties who may intercept them.
You can identify a website using https in two ways:
— the address will begin with https, not http.
— there will be a green lock in the address bar, to the left of the address.
SSL keeps your visitor’s information from being breached. Not only that, but seeing that little green lock will make you feel better, too, as you know that your visitors’ information will remain private.
Google has announced that beginning with the release of Chrome68 in the summer of 2018, they’ll begin to flag non-https (http) sites as insecure.
Here’s an image showing what it looks like pre-and-post summer 2018.
So, if your website features input forms such as login pages, email forms, newsletter signups, payment forms that dont’go through a third-party payment processor, you need SSL. If you haven’t implemented SSL yet, it’s time to do so!
So, how do you start using SSL on your WordPress website? Thankfully, it’s pretty easy!
1. Make sure that your site has a valid SSL certificate installed.
There are two ways to go about this.
1. Buy a certificate. A purchased certificate is valid for one year; you’ll need to renew it before the year expires. Cost can be anywhere from a few dollars for a basic certificate up to hundreds of dollars, but for informational WordPress sites, the low-end certificate is often all you’ll need. After you have it, install it via CPanel. Here’s how.
2. Use AutoSSL. Many web hosts now use a system which automatically issues free basic SSL certificates via CPanel. Each certificate is valid for a couple months and automatically renews, so you don’t have to bother with it again once it’s set up. AutoSSL certificates are typically supplied by Let’s Encrypt or Comodo, are automatically available for your website to use, and cost nothing. This is by far the simplest way to do it.
Once your certificate is installed correctly, you will be able to access your website at two different addresses: https://yourwebsite.com (the ‘s’ stands for ‘secure’) or the insecure http://yourwebsite.com.
But you won’t want both addresses — you’ll only want the ‘https’ version now — and it’s easy to make that switch.
Here’s how — for WordPress sites and others.
Let’s set it up in WordPress
For the tutorial below, I’ll assume you’ve already got your SSL certificate and are ready to get it to work with WordPress.
1. Log in to WordPress. On the admin menu, under Plugins, click Add New.
2. Search for Really Simple SSL.
3. Next, click Install, then Activate.
4. You will now see a notice asking you to enable SSL. Click it and log in again.
Voila! Your site should be accessible using https. That should do it.
However — to check, look at each of your webpages and check if there’s a padlock to the left of the address. If there is, you’re good to go. If not, check the troubleshooting tips below.
On other sites — or on WordPress the manual way
If your site is traditionally built with HTML/CSS, first, as above, make sure you have your SSL certificate installed. Then, you’ll need to add code to your site’s .htaccess file in order to redirect the old “http” address to the new “https” address.
If your site is built on some other platform, the process will likely be similar.
Enabled https but still not getting the padlock indicating that your site is secure? Enter your website’s address on the Why No Padlock? website to see why.
The reason is usually that you have something — maybe an image or a script — which is not served from a secure server. However, it’s usually fairly straightforward to fix these issues. It’s often as simple as making some easy edits.
If you have WordPress and don’t feel like fixing any insecure content manually, you can use the SSL Insecure Content Fixer, which will take care of most problems. Again, take a look at your website or run the pages’ addresses through Why No Padlock to verify that everything is indeed secure.
If you get stuck — or just would like someone knowledgeable to take care of it for you — just get in touch with me and I’ll be glad to help. My rates start at just $60.