Urgent: Enable SSL in WordPress
It is and has been time to enable SSL in WordPress. If you haven’t done it yet, do it now.
I still see many customers and clients running their websites on an insecure protocol so I decided to write this article, hoping that it would reach some website owners ready to embrace the benefits of running SSL on their WordPress websites.
There are many benefits to SSL which I will explain below but one of the main aspects is that your users will be alerted in modern day browsers if your website is not running SSL and will alarm them, possibly causing them to leave. Don’t let your website visitors leave if you can prevent it.
You’ve probably seen SSL: The lock icon in the browser address bar or the green address bar. It may seem complicated and that’s why you haven’t done it yet but let’s jump right in and get your website secured with SSL.
Quick, Important Topics:
Please have a read, this is very important! I will go over these important parts of SSL real quick:
- What is SSL?
- What Modern Day Browsers are Showing
- Importance of SSL in WordPress
- How to install and enable SSL in WordPress
SSL stands for Secure Sockets Layer.
In short it creates a secure connection between the client – people browsing your website – and the server. The secure connection encrypts all data in transit to prevent hacks such as interception and theft of data as it is being transferred.
When I refer to SSL, I’m pointing out a website that runs on the SSL protocol which is https:// as configured on the hosting and server. Not only should the website run on https:// but the domain should have a valid SSL certificate installed and all resources loaded into the website – such as images, scripts and stylesheets – should load over this secure protocol as well.
SSL is important for websites that transfer sensitive data such as billing details.
Modern day browsers such as Chrome, Safari, Firefox, Edge, etc. on all devices verify and validate SSL to ensure the security of its users.
If your site is not on SSL or there is a problem validating the SSL, browsers will display a warning to your visitors in the following cases:
- “Not Secure” when the website is on http:// (non-SSL).
- “Connection is not private” when on https:// (SSL) with an invalid or expired SSL certificate.
- “Connection is not fully secure” when on https:// (SSL) with insecure resources loading.
- “Insecure login” on login forms when trying to login over http:// (non-SSL)
- and several more…
Alternatively if all goes well and you enabled SSL in WordPress correctly, the browser will be satisfied and show a “Secure” alert.
The address bar in the browser will show a lock icon and with specific SSL certificates a green address bar will be displayed.
An address bar showing a lock or a green status is proven to increase trust by your users.
Having SSL on your WordPress website is very important for several reasons. Here are the benefits:
- Increases the trust of your users.
- Secures the data of your users.
- Increase search engine rankings.
- Prevent bad SSL warnings to users.
- Block hackers from website.
- Allows for PCI compliance.
These are the main benefits of having SSL enabled on your website.
Installing and enabling SSL in WordPress is quick and easy. Here are the steps:
1. Install an SSL certificate
Get SSL support on your WordPress website by installing an SSL certificate for your domain or ask your hosting provider to install it for you.
Some hosting providers provide free SSL certificates while others may require you to purchase an SSL certificate. For a free SSL certificate, have a look at Let’s Encrypt and Comodo Free SSL. They will provide you with a free SSL certificates and instructions to install it.
On our WordPress hosting for example, we provide free, automatic SSL for all hosting accounts so you don’t need to do anything, it is done for you.
2. Enable SSL in WordPress
With your SSL certificate installed, you can now enable SSL (https://) on your WordPress website.
There are many ways of doing this such as via a configuration file on the hosting with a redirect to installing a WordPress plugin. There are several WordPress SSL plugins available for you to choose from.
The easiest way of enabling SSL in WordPress is by installing the free One Click SSL plugin I developed specifically for this purpose. The plugin will check if SSL is installed and supported before enabling it. It will also convert all insecure resources on your pages, handle redirects and provides a scanning utility to see if there are any resources loading insecurely that may be static.
Once you realize how important and urgent it is to enable SSL in WordPress and follow this guide to enable it, your website will be much improved.
The little time and effort it takes to install and enable SSL is well worth the benefits.