How to Use SSL and HTTPS with Your WordPress BlogApr 13, 2018
Want to install an SSL certificate on your blog? Google now penalizes sites without an SSL certificate. In this tutorial, we'll share how to use SSL and HTTPS with your WordPress blog.
From buying to selling, from the first email in the morning till the last log out at night, we give out so much private information on the Internet. While some of this data sharing helps make our lives easier, online security has become an absolute necessity.
You see, cybercriminals work with the sole intention of stealing your private data to make monetary gain out of it.
When we say private data, we don’t mean your favorite music playlist on Spotify– some details are more sensitive which can have a long-term impact on your personal life, such as your bank account details, credit card number, your investment records, etc. Most of this digitized data can be easily stolen by hackers… turning your life upside down.
In an effort to crack down on unsecured sites, Google now flags any site without an SSL certificate as “Not Secure”.
So if you want your blog to grow into an authority site in 2018, having an SSL certificate is now required.
What is an SSL Certificate?
This way, online data transmission will be encrypted.
The present-day version of SSL is referred to as TLS (Transport Layer Security). Both SSL and TLS do the primary task of encryption so that your data will be protected online, and your site will safe from any unauthorized access.
Also, every website that has an SSL certificate enabled gets an HTTPS address bar by default.
As you may have noticed, some websites have a green address bar with the HTTPS address, while the rest have an ordinary address bar with an HTTP address.
The problem with not having an HTTPS bar is that Google Chrome marks your HTTP web URL as “Not Secure”. This can be such a deterrent for visitors who are serious about to their data privacy and security on the web.
(Source: The 23 Company)
Furthermore, Google considers HTTPS as ranking signal.
So, to recap the benefits of having an SSL certificate:
- Risk of data interception or snooping is eliminated.
- You’ll get a “Secure” badge– an excellent trust signal that helps to improve conversions.
- Your website visitors can identify whether the website is genuine or a fake one that looks like yours.
- You’ll get a search engine ranking boost.
Convinced you need one yet?
Good! Let’s go over how to install an SSL certificate on your WordPress site.
How to Install an SSL Certificate
There are a few different ways to install an SSL certificate on your blog. We’ll cover three different methods…
Method #1: Purchase an SSL Certificate from Your Hosting Provider
Some WordPress hosting providers offer SSL certificates with their plans. Persuasion Nation uses GoDaddy WordPress hosting, and you can purchase an SSL certificate with any of their plans.
This is by far the easiest method because GoDaddy will install the SSL certificate for you. No work on your part needed!
Method #2: Get a Free SSL from Cloudflare
Cloudflare automatically gives you an SSL certificate with their free plans. Just sign up for a free account, and click on Crypto to manage your SSL certificate.
Method #3: Purchase an SSL Certificate Separately
If you can’t get an SSL certificate from your hosting provider, and you don’t want to use Cloudflare, you can also buy an SSL certificate separately from an authorized provider such as Cheap SSL Shop.
Once you’ve purchased your SSL certificate, you’ll need to generate a CSR (Certificate Signing Request) within your cPanel account by following below steps:
Step 1. Login to cPanel and go to SSL/TLS under the Security section.
Step 2. Select the Private Keys (KEY) and Certificate Signing Requests (CSR) option to generate a private key and CSR key for your domain name.
Step 3. After submitting your domain name details, click on the Generate button.
Now, an encoded private key and CSR key have been generated which you can use to activate the SSL certificate that you purchased.
To configure your new SSL certificate with your WordPress website, there are a few extra steps…
Step 0. First, make a backup of your website so that in case something goes wrong, it can be easily restored.
Step 1. Login to cPanel again, and head back to the Security section. Click on the SSL/TLS Manager tab.
Step 2. On the following menu, click on Certifciates (CRT).
Step 3. Copy and paste the certificate code, or upload a new certificate (*.crt) file from the Choose Filebutton, and select the file that you have received from the certificate authority.
Step 4. Return to SSL manager, and click on Install and Manage SSL for your site (HTTPS).
Step 5. Select a domain name from drop down menu that will fetch certificate details automatically. Now refresh your page and check the HTTPS bar to make sure it is working.
Enable SSL on Your WordPress Blog
Now you need to enable SSL on your WordPress blog by updating your site URL.
Login to your WordPress admin dashboard by adding /wp-admin in the end of site address (URL) in browser address bar.
Next, go to Settings » General. Replace both http://URLs with https://.
Save all changes.
Now add the following code into your .htaccess file:
(Remember to replace yourblog.com with your blog’s URL.)
Finally, add the following code above the “That’s all, stop editing!” line in your wp-config.php file:
OR, if you feel uncomfortable adding code yourself, you can use the Really Simple SSL plugin to enable SSL with one click.
How to Keep Your HTTPS Bar Up-to-Date
Each SSL certificate will have a validity period for up to 2 years. When the validity of the SSL certificate expires, the website will return to the HTTP form along with the insecure tag.
You can make sure your HTTPS bar is always working simply by renewing the SSL certificate.
If you are using a self-signed SSL certificate, you will be spared the need to go through a certificate authority to renew the website. However, an SSL certificate bought from a renowned Certificate Authority is far more valuable and recognized than a self-signed SSL certificate.
Your SSL certificate could also become invalid for other reasons…
Outdated SHA encryption is one reason that could cause the SSL certificate to expire. SHA (or Secure Hash Algorithm) is a cryptography technique which helps SSL certificates to encrypt information sent across the Internet. SHA encryption levels are improved on a consistent basis. As new versions are introduced, the previous ones are phased out or are invalidated. As a result, SSL certificates that use outdated SHA levels also get invalidated.
The best way to avoid this hiccup is by upgrading your SSL certificate to a reliable certificate authority who offers the latest SHA encryption. If you purchased your SSL certificate from a reliable domain provider, like GoDaddy, then you don’t need to worry about this issue.
In this post, we shared why your website needs an SSL certificate, and how to set one up on your blog.
An SSL certificate is a must-have whether you’re running a personal blog with great traffic, or an online store that collects credit card information from customers.
Along with the SSL certificate comes the many benefits of SEO ranking, customer trust, reduced cyber risk and much more. So what are you waiting for? Go ahead and install one today!
Ganesh is a Digital Transformation enthusiast. He munches on everything related to technology and how it fits into our daily lives. Writing happens to be one of his passions.