When hearing about SSLs, you most likely land in two groups: The ones who have no idea what I’m talking about right now or the folks who have attempted (or implemented) a website SSL for a fee.
If you’re in the first group, fret not. We’ll explain what an SSL entails and why it’s important for a WordPress site. For those paying for an SSL, we have good news for you. There’s no longer a need to keep that around as an expense.
Because free SSLs are currently available through a nonprofit called Let’s Encrypt.
If you keep reading we’ll cover all of the options you have for adding a free SSL to WordPress, along with some additional tips, and of course, the initial explanation of what an SSL does.
I’m glad you asked.
An SSL (secure sockets layer) is a form of technology used to encrypt the data being passed between the browser and server. Encryption ensures that all of the data remains private and secure.
Since the internet is a rather insecure place without encryption, security plugins, and spam deterrents, it wouldn’t seem like a good idea for users to share their personal information if it lacked this protection.
The interesting part about browsing the internet is that information about each user gets shared, sometimes without the person knowing. Then, of course, there’s the act of shopping online and signing up for accounts, which both require you to punch in details like your name and all the way to sensitive information like your credit card number.
Although you may not know it, most reputable websites have SSL encryption. Therefore, your information is safe. However, owning a website brings up a new responsibility to protect both your business and its customers.
In short, an SSL certificate keeps bad guys from trying to hack in and steal the data transferred from server to browser. If a website tries to fake an HTTPS, yet the SSL certificate doesn’t match up, the user sees a warning that the site might not be safe to visit.
Before Let’s Encrypt, SSL technology required some sort of payment. However, that has since changed, since a wide range of companies like Google and Mozilla have come together to sponsor the efforts of Let’s Encrypt, strengthening the overall security of the internet.
Now that you have a general idea of what an SSL certificate does for your site, keep reading to see exactly how to go about gaining access to your free SSL certificate.
The SSL with Let’s Encrypt is always free. That said, you’ll have to pay for a hosting account in order to get it. But since you’ll need a host to launch your website, that was going to be a given anyway.
Here are the options for getting an SSL on your site:
The good news is that a few hosting companies provide SSL integration in the CPanel. Therefore, it’s similar to the WordPress one-click install button we’re all used to by now. They make it much easier for beginners, and the more advanced users can cut down on the time they spend for their clients.
What’s more is that any hosting site can technically support an SSL. Therefore, it doesn’t matter which host you go with. However, it’ll most likely take a little longer and potentially require more technical knowledge.
Seeing as how Let’s Encrypt is already integrated with SiteGround, you won’t have to go through much trouble to figure this out.
Start by logging into your SiteGround hosting account. Navigate to your CPanel and locate the Security section. You’ll have to scroll down on the CPanel since this section is towards the bottom.
A few options are given to you, but you should click on the Let’s Encrypt button.
This leads you to an area that displays all of your installed SSL certificates. You might actually have one already, so if that’s the case, you don’t have to continue. However, if the list of Installed Certificates is empty, go to the area that asks you to install a new Let’s Encrypt Certificate.
Select the domain you’d like to use, and type in the email address that’s most appropriate. Hit the Install button to proceed.
It generally takes a few minutes to process the request, but afterwards you’ll see a box that tells you the setup was a success.
In my opinion, SiteGround has the quickest and easiest method for adding a free SSL to your WordPress site. Therefore, if you are just launching a new website, the SSL setup delivers a solid reason to consider SiteGround for your hosting.
Flywheel hosting (reviewed) configures SSL certificates pretty rapidly as well. It definitely takes a little longer than SiteGround, but the steps are nicely laid out, and you receive a few guides along the way for additional configurations.
To get the ball rolling, login to your Flywheel hosting account. The Flywheel dashboard shows a tab called Add-ons. Scroll over this to reveal a few more options. Find and select the Add SSL Support button.
Two options are available when it comes to your SSL. The first is the free Let’s Encrypt solution. For this tutorial we’re going to be selecting that. However, you also have the option to bring over your own certificate if you’ve purchased one in the past. However, the setup is going to cost you $10 per month.
After you choose the free one, click on the Configure SSL button.
Personal information is required to get an SSL. Therefore, the next page asks for details like your address, organization, email, and domain.
The next step requires you to select the domain you’d like the SSL to work on. Keep in mind, this is the only domain the SSL will function on. It’s recommended you select your primary domain, but it’s not required. Flywheel also lets users add new domains if they’re just getting a site configured.
Once you have the right domain, click on the Complete SSL Setup button.
Note: SSLs can only be assigned to individual domains. So, you can’t go in there and place an SSL on a network of sites. You’ll have to do it one by one.
It usually takes about 15 minutes for the SSL validation, but once it’s done you’ll see a new tab in the Add-ons menu item. However, this assumes you already have a site launched on Flywheel with a domain pointing to this Flywheel site.
The SSL status changes to Active when everything is running properly.
Some users don’t have their sites live yet. Therefore, they’ll receive the following message before they can do anything else.
Since the site isn’t live yet, it means you must validate your domain. The Get DNS Help button serves as your best friend when trying to figure out how to point your DNS to Flywheel. The company also provides a guide on validating your domain for a Simple SSL.
We recommend walking through those steps in order to launch your site and make your SSL active.
The whole point of Let’s Encrypt is to make it free and available to everyone in the world. Therefore, the only requirement for using Let’s Encrypt is a domain.
So, if you decide to go with a host like Bluehost or GoDaddy, you can still add a free SSL, even if they don’t provide integrated solutions.
Look around your host’s CPanel to see if they offer a built-in SSL tool. If that’s not the case, you can generally find documentation support areas to help out. The final outlet is to contact the support team and ask them to walk you through it.
The reason we’re recommending documentation and support teams is because each setup process differs depending on the hosting company you choose. Therefore, it wouldn’t be prudent to cover just one or two of various other possible hosts you could go with.
Since your site is now secure with an SSL, you’ll need to switch your WordPress URL to HTTPS.
Chances are it’s currently HTTP, looking something like this: http://www.mysite.com.
The goal is to make it like this: https://www.mysite.com.
Not only does this let the browser and your users know the site is secure, but the SSL you just installed won’t work if the URLs aren’t modified.
Therefore, let’s walk through the steps needed to initiate this change.
Switching to an HTTPS only takes a few steps with a new site. Open up your WordPress dashboard and click on the Settings tab. Change the WordPress Address (URL) and the Site Address (URL) to include the HTTPS at the front of your domain.
After you hit the save button the setup is complete.
Changing to an HTTPS for an existing site is the same as with a new site.
However, a live WordPress website has already been indexed by Google, and I’m sure you have some incoming links from other websites. None of the links are going to work unless you redirect them to the new HTTPS URL.
Download and install the Really Simple SSL plugin. It does all the work for you, finding your SSL certificate and configuring your site to work properly with it. This includes redirecting links to the new URL and making it so that the search engines are indexing the right URLs.
If so, feel free to let us know in the comments section below. As we talked about before, your best option is to go with a hosting company that includes an integration with Let’s Encrypt. These hosts make it simple for even the least knowledgeable developer.
If you’d rather go with a different host, simply take the time to walk through the documentation. Also, be prepared to speak with support reps.
Other than that, congratulations on making your website more secure and desirable for all visitors!
Searching for the best WordPress maintenance service to get a little helping hand with your…
Do you really need managed WordPress hosting? Let's face it: Running a WordPress blog or…
WP Engine is one of the very first companies to start offering tailor-made hosting for…
Cloudways is a very original type of a web hosting company when compared to other…
WordPress is incredibly easy to install, but if you want to move an already setup…
Considering using the Divi theme for your WordPress site? In our hands-on Divi theme review,…