How to install SSL on a WordPress website


The creativity of cybercriminals has been increasing with the evolution of the Internet, hence the need for better solutions to protect web users. For more than a decade, organizations like Google have been at the forefront of the fight to make the Internet a safer place. 

One of the most important developments has been encouraging website owners and operators to implement the HTTPS protocol. The protocol ensures that all data sent from a user’s computer to the website they are visiting is encrypted and secure. 

Since June 2018, Google has marked all websites without the HTTPS protocol as not secure in the user’s browser. Sites with an SSL certificate will have a green bar or lock icon to tell users that the website is secure.

What is an SSL certificate?

SSL in full is “Secure Sockets Layer”, which is the global standard for establishing secure and encrypted links between a server and a browser. The link ensures that all data exchange between the browser and the web server is secure, making it very critical especially for sites that deal with sensitive information. 

You can tell a website is encrypted if it has the “s” at the end of the “HTTP” in the URL bar. Users can also check for other indicators that include a green stripe with organization details, or a green padlock on the browser.

Why implementing SSL on your website?

Apart from telling users that the site is secure, the following are some of the benefits of implementing an SSL certificate:

  • Protects data – SSL encrypts and secures all data such as credit card numbers, passwords, and other sensitive data sent from a user’s browser to the website. This protects the data from skimmers and hackers.
  • Affirms your Identity – An SSL certificate authenticates your website. It is impossible for anyone to impersonate your website if you have an SSL certificate, and hence your users can be certain that they are dealing with the legitimate website.
  • Better Search Engine Ranking – Google has included SSL into its ranking algorithm. Websites with the HTTPS protocol now have a slight advantage on the search engines over those without. As such, installing an SSL certificate may improve your SEO.
  • Helps Satisfy DSS/PCI Requirements – If you accept online payments you will need to have SSL to be PCI compliant. Payment processors such as Stripe and PayPal require that you have an SSL before you are allowed to receive payments on your website.
  • SSL Improves Customer Trust – The easy to identify signs such as the green padlock and green bar makes customers trust your site more. These indicators make it easy for users to know they are dealing with a legitimate website, hence making them more likely to do business with you.
  • Google Ads – If you use Google’s merchant center validation, AdWords product listings, and shopping feeds, you will have to implement SSL since Google has been forcibly removing any of these ads if your website does not have SSL.

How to install SSL on a WordPress website?

Follow the following steps to install SSL on your WordPress website.

1. Buy an SSL certificate
You will need to buy an SSL certificate if you do not have one. However, major hosting providers in Australia such as Mash.host, Bluehost and WP Engine provide free SSL certificates for all websites on your hosting account. If your host does not provide the certificate, you will have to buy from the likes of GlobalSign, Comodo, and Verisign for a couple hundred of dollars.

2. Install certificate on server
There are two ways to install an SSL certificate. The manual method and the plugin method.

Using a Plugin

Really Simple SSL – This makes installation so easy as once you install it, all you need to do is activate and it will change your “.htaccess” and configure the entire site to run on HTTPS.

WP Force SSL – The plugin redirects all HTTP traffic to the HTTPS version without requiring any coding or technical knowledge. All, you have to do once you have activated the plugin is log into your WordPress dashboard and change your site and WordPress address from HTTP to HTTPS.

The manual method

Change WordPress Settings to Https – To update go to settings, then general, and then update the site URL on the address fields.

Edit .htacess – Add the following code which will set a redirect from HTTP to HTTPS:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

If by any chance you are on nginx servers, you will use the following code instead of the one above

server {
listen 80;
server_name website.com www.website.com;
return 301 https://website.com$request_uri;
}

Rewrite URLs – Install the Better Search and Replace Plugin and then run search and replace. Enter the homepage of the site in HTTP, for example, http://example.com with https://example.com

Check for Green Lock – Enter the https URL for your website in the browser to check for the green lock indicator.

Resolve Mixed Content Issues – Right click on any part of the page and click on inspect. This will take you to a console. Check for any messages about mixed content typically shown in red. You can then manually edit the problematic content in the widget area, stylesheet, theme settings, and plugin.

Clear browser, hosting and website cache – Flush all caches to avoid troubleshooting non-existent mixed content issues.

Installing an SSL is critical not only for the security of your website but also for your SEO. You can install SSL either manually or by using a plugin.

Summary:
A plugin is overall more convenient though there are more options for customization with a manual install. Nonetheless, regardless of the method, you use to install, having an SSL certificate is a positive thing not only for you and your brand, but also for your users.