The biggest buzzword around WordPress, and websites in general, for the last several months has been SSL.
It used to be the case that if you were taking payments directly onto your website, you needed to have an SSL certificate. Because visitors would be directly inputting their credit card information, and other sensitive data, into your website, SSL ensured them that this data would be encrypted.
However, Google recently announced that they would begin to penalise websites that didn’t have an SSL certificate, whether they were taking direct payments or not.
This has lead to a flurry of people trying to wrap their heads around SSL, and trying to implement it on their own websites. So I thought it might be useful to give an overview of what SSL is, and the easiest way to set it up on your WordPress website.
What is SSL?
SSL stands for “Secure Socket Layer,” and it ensures that communication between web hosts and website visitors is encrypted and secure. Web addresses for websites that have an SSL certificate start with “https” rather than “http,” which indicates that the website is data is being sent securely.
Why set up SSL?
As I outlined above, Google has started penalising websites that don’t have an SSL certificate. So no matter what your website is, it’s crucial that ALL websites are updated to https to retain SEO benefits.
How can I easily install SSL on my website?
There are two main steps to set up SSL: obtaining an SSL certificate, and converting your website to https.
- Get an SSL certificate: All web hosts offer an upgrade to SSL for their hosting accounts. Traditionally, this was something you’d need to pay for. However, the Internet Security Research Group now provides free SSL certificates via Let’s Encrypt. Many web hosts will offer a Let’s Encrypt installation via the hosting panel, however if your host doesn’t offer it, there’s a way to install it manually. Note that the Let’s Encrypt certificate has a 90-day lifetime, so you’ll need to stay on top of renewing it. If your host offers an automatic installation, they should remind you to do this.
- Convert your website to https: Your website now needs to be updated so all links and references are using https. I’ve found that the best way to do this in WordPress is via the Really Simple SSL plugin. Once you install and activate the plugin, it will check that an SSL certificate is installed on your hosting. It will then prompt you to go into your website files (generally this will be the theme files, in particular the CSS stylesheet) to update any http references to https. When you run it, it will then convert the website to https.
Once you have done these two steps, it’s a good idea to test your website to make sure that it’s running under https. Your browser should tell you whether your website is secure or not – for instance, in Google Chrome you will see a warning before the site is loaded if there are resources that are not secure.
Still need help?
If you would like me to help you set up SSL on your website, please get in touch.