Whether you are familiar with SSL certificates or not, you have most probably seen them in action. An SSL certificate is what is required to turn an HTTP URL into an HTTPS URL.
SSL certificates have become a necessary security protocol for certain websites, specifically those that store or transfer any type of personal data, like e-commerce websites.
These certificates have become a very important component in the machine that keeps our internet secure, so much so that Google made an announcement that they had started to use it as a ranking factor. However, companies should also know that the above-mentioned ranking factor affects less than 1% of the global queries, and it also carries less weight than some of the other signals like good quality content.
In conclusion, they said that over time they may begin the strengthen it, as they would like to encourage those who own websites to switch from HTTP to HTTPS in order to keep everyone safe on the web.
When it comes to WordPress working with SSL and HTTPS, there was a blog posted in 2016 by Matt Mullenweg where he stated that they are at a turning point and that 2017 was going to be the year that you would start to see features in WordPress which will require hosts to have HTTPS available.
The future that WordPress has with SSL will begin by only partnering with web hosts who offer SSL certificates as a default for their WordPress hosting services, says Matt.
What exactly is an SSL certificate?
The very first thing you will need is to properly understand what SSL is before you are able to understand what an SSL certificate is. SSL is an abbreviation for “secure sockets layer”, but that is not really what you will need to know. Below is the official definition from SSL.com:
SSL (Secure Sockets Layer) is the general security technology used to establish an encrypted link between a certain web server and a browser. This link helps to ensure that all of your data that is passed between the web server and the browsers stay private and integral. Secure Sockets Layer is an industry-standard and is used by millions of sites around the world in the protection of their online transactions with customers.
For example, think of your SSL connection on a checkout page of an e-commerce website as taking a drive from the actual store to your house during a thunderstorm. You are representing the personal data (your payment and shipping information) that you are sending to the website. And the store is the browser, your house represents the site’s server, and the hail, rain and debris are the hackers.
Your car is representing the SSL connection. It is what keeps you protected from everything going on outside just like your SSL connection will protect your personal data from any hackers.
You will need an SSL certificate in order to form this connection. If your website does not have this protection in place, a hacker could potentially steal or “intercept” your personal data before it gets to your server. For this reason, ensure you have SSL ns HTTPS are important to have for any type of website that processes any personal data from users, like e-commerce websites which accept payments from customers.
You as a user, are able to tell if the page that you are currently visiting is encrypted with SSL by having a look at the URL in the address and seeing if it begins with “https”. There is a certain type of certificate that gives you the green text and padlock. When clicking on this padlock you are able to see where the certificate came from. Or you can even click on the certificate information and be able to see when it expires.
A website that has not been encrypted with SSL will have a paper icon next to it in your Chrome browser. In Firefox, this area will be blank. When clicking on the paper or the “I” icon in either of these browsers, you will see a message explaining that your connection to the website is not secure.
How do I get an SSL certificate?
There are two common ways for you to obtain an SSL certificate:
- Through an SSL certificate provider, most commonly known as a “certificate authority.”
- Your host
Below are a few WordPress hosts, which will include an SSL certificate in some of their plans:
- WPX Hosting
So basically, if your current host does not offer you an SSL certificate or one is not included in your specific plan, you will need to obtain one from a third party. Below is a list of services, which sell SSL certificates:
You could also get a free certificate from open-source CA Let’s Encrypt. You will need to have shell access (SSH) in order to use a certificate from Let’s Encrypt, and you will also need to install the certificate manually if your host does not do it for you already.
Luckily for us, there are many different web hosts, which include a few of the above mention ones, which are usually offering free SSL certificates through Let’s Encrypt as a standard feature in their hosting packages, which helps negate the need for you to have to install a Let’s Encrypt certificate manually.
Here are just a few of them:
- WPX Hosting
- WP Engine
Regardless of where you get your SSL certificate from, the prices are going to vary greatly based on the type of certificate you are looking for as well as the level of protection that it will offer you. You can find some for free and others for more than R1200.00.
The different types of SSL certificates:
When are visiting any of these websites or you are attempting to install an SSL certificate from your host, you will see a few different names that come us. There is “EV certificates”, “DV certificates”, “wildcard certificates”, and many more that you may see.
Below is a simple rundown of the different types of SSL certificates that are out there.
Organization Validation (OV)
An OV certificate is a bit more premium than some other certificates. They are known as the certificates with the minimum level of protection that is required by e-commerce websites and all types of websites that process data from users.
Domain Validation (DV)
Domain Validation is one of the most cost-effective types of SSL certificates. They are perfect for blogs and websites which do not process any type of personal information from users as it only offers very basic encryption. You will need to validate the domain ownership, but the validation process will only take a couple of hours.
You validate DV certificates yourself, but with OV certificates, they are validated by what we have explained are “certificate authorities.”
Extended Validation (EV)
With an Extended Validation SSL certificate, it gives you the green text and a padlock icon as mention above. This type of certificate is a more premium certificate than the DV or OV certificate. It is also the more popular certificate available, especially when it comes to e-commerce sites.
Continuing with the trend of the previous two types of SSL certificates, the process for validating an EV certificate is not as simple as the process for validating OV or DV certificates.
When making use of a SAN certificate, it will allow you to encrypt many different domains with one certificate. They are also a bit more pricey than the single-domain OV, DV, or EV certificates.
Using a wildcard certificate will allow you to encrypt as many subdomains as you want under a single domain.
How to know if you need an SSL certificate
This might seem like something that you will only need if your website accepts payments but there is more to it.
As we discussed earlier in this article, your SSL is a way of securing data that gets sent between your website and a users device.
This does not exactly make your website more secure; however, it is still really important from a security standpoint.
For example, if you are busy browsing the internet, using public Wi-Fi or a hijacked router – your SSL is made to stop any information from being intercepted. This is a crucial step when it comes to protecting users and it also improves trust.
Then you get the technology that helps improve website performance. Do we not all want faster websites?
And now Chrome is also labelling websites without SSL as “not secure”.
So, with how easy and cost-effective it has become to get yourself an SSL certificate nowadays, there is actually no good reason for us to avoid switching over to https.
That being said, if you are able to get a better SSL certificate than what we have covered, then it is definitely worth doing.
Installation of an SSL certificate
The installation process of your SSL certificate is where things start to become a bit more complicated. This process can vary between hosts. For example, if your host is SiteGround, it will allow you to install an SSL certificate on to your website by using cPanel. All that you will really need to do is enter your cPanel details into the dashboard, scroll down to the security section, select Let’s Encrypt, and then just install it.
Take your time and read through all of the knowledge base articles and tutorials that your host has published about getting, configuring and installing the SSL certificate.
How do you use SSL with WordPress
So at this point, you have decided that you need an SSL certificate, you have purchased one and then installed it onto your server. There is only one issue now; your website has not switched over to HTTPS. Unfortunately, there are still some more steps you will need to take in order to properly enable your SSL on a WordPress website. Let us have a look at them:
If your website is new
This process is going to be simple if your website is new. All that you will need to do is go to your settings – general and enter the HTTPS URL for your website in the WordPress Address (URL) and Site Address (URL) boxes. You then click Save Changes when you are done.
If the above fails, or your website is not brand new
We will get to how you enable your SSL on a WordPress website with code soon, but for now, let us go through a simpler way first. Make use of a plugin called “Really Simple SSL”. Once your SSL certificate is installed onto your server, all you will need to do then is install and activate your plugin to correctly configure SSL on your website.
If this does not work for you, go to your settings – SSL to see if the plugin has detected and enabled SSL on your website. Enable it, if not.
What exactly does this plugin do? Here are the basics:
- It changes your website URL and Home Page URL to HTTPS for you.
- It will fix any insecure content and changes it to HTTPS.
- It will configure any server problems that may come up when you first enable SSL on a WordPress website.
At Hosting24 we offer dedicated server packages, hosting packages, domain availability and SSL Certificates. To find out more, contact us on 011 867 6380 or visit our website on www.hosting24.co.za.