What is SSL?
SSL (secure socket layer) encrypts the communication between website and the visitor’s browser. When a website visitor enters details such as name, email address, username, password, or credit card number, SSL prevents them from being read by nefarious third parties who may intercept them.
You can identify a website using https in two ways:
— the address will begin with https, not http.
— there will be a green lock in the address bar, to the left of the address.
SSL keeps your visitor’s information from being breached. Not only that, but seeing that little green lock will make you feel better, too, as you know that your visitors’ information will remain private.
Google has announced that beginning with the release of Chrome68 in the summer of 2018, they’ll begin to flag non-https (http) sites as insecure. Currently, Chrome doesn’t issue a warning for non-https sites.
Here’s an image showing what it looks like now and what it will show this summer.
So, if your website features input forms such as login pages, email forms, newsletter signups, payment forms that dont’go through a third-party payment processor, you need SSL. If you haven’t implemented SSL yet, it’s time to do so!
So, how do you start using SSL on your WordPress website? Thankfully, it’s pretty easy!
1. Make sure that your site has a valid SSL certificate installed.
There are two ways to go about this.
Buy a certificate. A purchased certificate is valid for one year; you’ll need to renew it before the year expires. Cost can be anywhere from a few dollars for a basic certificate up to hundreds of dollars, but for informational WordPress sites, the low-end certificate is often all you’ll need. After you have it, install it via CPanel. Here’s how.
Use AutoSSL. Many web hosts use a system which automatically issues free basic SSL certificates via CPanel. Each certificate is valid for a couple months and automatically renews, so you don’t have to bother with it once it’s set up. AutoSSL certificates are typically supplied by Let’s Encrypt, are automatically available for your website to use, and cost nothing. This is the simplest way to do it.
Once your certificate is installed correctly, you will be able to access your website at two different addresses: https://yourwebsite.com (the ‘s’ stands for ‘secure’) or the insecure http://yourwebsite.com. But you only want the ‘https’ version now — and it’s easy to make that switch.
Here’s how — for WordPress sites and others.
Let’s set it up in WordPress
For the tutorial below, I’ll assume you’ve already got your SSL certificate and are ready to get it to work with WordPress.
1. Log in to WordPress. On the admin menu, under Plugins, click Add New.
2. Search for Really Simple SSL.
3. Next, click Install, then Activate.
4. You will now see a notice asking you to enable SSL. Click it and log in again.
Voila! Your site should be accessible using https. That should do it.
If your site is traditionally built with HTML/CSS, first, as above, make sure you have your SSL certificate installed. Then, you’ll need to add code to your site’s .htaccess file in order to redirect the old “http” address to the new “https” address.
If your site is built on some other platform, the process will likely be similar.
If you get stuck or just want someone else to take care of it for you, just get in touch with me and I’ll be glad to help.