Issues like identity theft, fraud, and the mishandling of customer data are a big deal to your customers and visitors. Addressing those concerns in a clear way is a great means of separating yourself from your competition and showing your customers that you have their best interests in mind. SSL for WordPress is a perfect tool for doing just that while boosting your website’s SEO in the process. Let’s look at how you can put it to work for you!
What is SSL and HTTPS?
If you’ve been working around computers for a while, you may remember a company called Netscape back in the 1990s. They developed the original SSL (Secure Socket Layer) protocol in the mid ‘90s as a security measure for data passed between a website and a user. Netscape’s engineers struggled to perfect the technology, and in 1999 it was taken over by the Internet Engineering Task Force (IETF) and re-released as TLS (Transport Layer Security). It’s nonetheless still commonly referred to as SSL.
In the process of enabling SSL you will be issued a unique SSL certificate. This certificate essentially acts as an online ID. When any visitor access your website, their browser IDs you and confirms to the user that you are who you say you are. All communication with the website is encrypted from that point forward.
SSL serves two purposes:
- Encrypts the traffic between your website and the end user, meaning the data passed is all but useless to a would-be thief
- Verifies for the user that they are in fact communicating with the website they intend to do business with and not an imposter or ‘man-in-the-middle”
HTTP (hypertext transfer protocol) is the ‘normal’ protocol for communication on the web. You’ll notice that prefixing any url you see: http:\\www.website.com. HTTPS (hypertext transfer protocol secure) is just an indication that the normal HTTP has been layered with SSL.
Why Use SSL for WordPress Websites?
Knowing their data is secure is a big plus for any potential customer, and many people will not do business with a website that does not have an active SSL certificate. How could anyone tell? When you visit a website using SSL, it is displayed clearly in the browser’s url bar, and the normal http:\\ prefix of the url is modified to https:\\
An added but very important bonus to going HTTPS over HTTP: Google has begun giving a SEO ranking boost to websites with an active SSL certificate. In an effort to encourage website security, this boost was implemented in 2014 as a small ranking advantage, and is expected to increase over time. Not only will your website be more secure, it will be more visible as well. It’s a win-win.
How Do I Use SSL for WordPress?
The process can be broken down into 3 steps:
- Confirm that you have a static or dedicated IP address. This may be part of your hosting package, or you may need to talk to your host about upgrading into one.
- Acquire an SSL certificate. This is a little more complicated. Read on.
- Configure your website for SSL. You can accomplish this with some quick edits or a plugin. We’ll go over options below.
Getting an SSL Certificate
You have 2 main routes you can choose from here: a simple one that will cost you a small to moderate amount of money, or a free option that takes some technical chops.
Option 1: Purchasing a Certificate From Your Web Host
The great majority of web hosts offer SSL certificates themselves. This is by far the easiest route to take, but it will also set you back $50-$300 dollars. Bluehost, WP Engine, and GoDaddy, for example, all have extensive documentation and easy to purchase options. The same holds true for most major web hosts.
Option 2: Obtaining a Certificate from a 3rd Party Certificate Authority
If you have the technical chops for working through the process, you can save money and obtain a perfectly valid SSL certificate from a Certificate Authority other than your webhost. You’ll have to act as a data passing middleman between them and your host to get things set up, but it’s perfectly within the realm of possibility. Let’s Encrypt is a great (beta) example of just such a service.
Configure SSL/HTTPS on Your WordPress Install
Regardless of how you acquire your certificate, you’ll need to configure SSL for WordPress afterwards. How you handle this depends on whether you’re setting up SSL on a new website or an existing one. Either way, you should check out Really Simple SSL. It’s handy and… really simple.
Configure a New Website for HTTPS
In your WordPress dashboard, go to Settings>General. Amend WordPress Address (URL) and Site Address (URL) to https:\\ from http:\\. Save your changes and that’s it, you’re done!
Configure an Existing Website for HTTPS
When you make the move to HTTPS, you don’t want existing links and bookmarks that point at your http:\\ prefix to suddenly leave visitors at a dead end. You need to set up a redirect that will send those folks to your new https:\\ url.
You can either keep things simple by using a plugin like Really Simple SSL to do it for you, or you can take charge of things yourself and configure WordPress manually.
Download and open .htaccess. You’ll likely see code between two commented lines, # BEGIN WordPress and # END WordPress. You’ll want to paste the following code into .htaccess directly above that standard WordPress code:
BE SURE to replace www.yourwebsite.com in line 5 of that with your actual address. Upload .htaccess back to your server via FTP and you’re now redirecting.
And that’s how you use HTTPS and SSL for WordPress websites! It’s a fairly simple procedure if you elect to purchase a certificate from your host, and a great learning experience if you choose to go the 3rd party certificate route. However you choose to do it, your customers will appreciate your looking out for them, your SEO will be affected positively, and hopefully that will be reflected in your bottom line. Good luck and be safe!