Have you noticed that Google now shows some websites as “Not Secure”? This is down to them not having an active SSL certificate.
The problem with insecure sites is it makes them seem less trustworthy. No-one wants to click through to a website that could potentially harm their device.
The fact that SSL certificates are required for sites accepting online payments makes it all the more important to get one to protect your site data.
Given that paid SSLs are pretty expensive what should you do if you’re just starting out? Today we’ll show you how to add an SSL to WordPress for free so you can keep your costs down.
We’ll also explore the following topics:
Shall we get started?
What Is an SSL Certificate?
SSL is short for Secure Sockets Layer. It’s a protocol for securing information transferred between your browser and the site you’re visiting.
We all transfer information when we browse websites, and more often than not, it’s sensitive information like credit card details or login credentials.
Using the normal HTTP protocol makes this information vulnerable to potential hackers. This is where an SSL/HTTPS steps in.
Your website needs an SSL certificate issued by a recognized certificate issuing authority.
Then your certificate is verified and displayed in your browser’s address bar with a padlock icon. You’ll notice the URL changes from HTTP to HTTPS too, more on that later.
If you’re wondering exactly how an SSL works we’ll cover that next.
How Do SSL Certificates Work?
An SSL protects your information by encrypting it when it’s transferred between your browser and the website you’re visiting.
When you visit an SSL certified website your browser first confirms if the website’s SSL certificate is valid. Then, if it all checks out, it uses that website’s public key to encrypt your information.
Encryption is the process of turning the information into code so it’s scrambled and anyone without authorized access can’t read it.
The information is then sent to the website you’re visiting where it’s decrypted, or unscrambled, using the public key and a secret private key.
That said, do you really need an SSL certificate for your WordPress site? Let’s find out.
Why You Need an SSL Certificate for Your WordPress Site
It’s recommended that all websites on the internet use SSL/HTTPS. But what if you collect the following types of user information?
- Credit credit card details
- Payment information
- Login credentials
In this case, you definitely need a verified SSL certificate to protect your user’s data. What’s more, most online payment services require that your website uses SSL/HTTPS before you’re even allowed to receive payments.
Besides the security of user information research shows that websites with SSL enabled rank slightly higher in search results.
And lastly, if you’re not using SSL on your website Google Chrome will show visitors that your site isn’t secure.
This can negatively affect your brand’s image and the level of trust users have on your website.
So how much will a WordPress SSL certificate cost you? We’ll explore that question next.
How Much Does an SSL Certificate Cost?
How much SSLs cost can vary between certificate authorities. Their pricing could be anywhere from $50 to $200 a year. Some providers go as far as offering add-on services alongside their SSLs which could also affect the final cost.
If you’re looking to pay for an SSL certificate give Domain.com a try. They’re one of the largest domain name registration services and they offer great deals on SSL certificates.
Their simple SSL certificate plans start at only $35.99 per year. And, to top it off, you’ll get a $10,000 warranty alongside a TrustLogo® Site Seal.
What if you can’t afford to buy a WordPress SSL certificate? No need to worry. Next, we’ll explore how to get one for free.
How to Get a Free SSL Certificate
You might not want to use an SSL for your website because of the cost. But not doing so can leave your website vulnerable to information theft.
Step By Step
Learn more about securing your WordPress site in this expert guide.
Luckily Let’s Encrypt, a non-profit company, decided to fix this problem. They created a free certificate authority to make it easier for small websites to get a free SSL certificate.
Let’s face it, the internet would be a much safer place if all websites used an SSL.
Because of the success of the project, major companies like WordPress, Facebook, and Google offered their support.
With the big companies on board, another challenge is making it easy for beginners to install their free SSL certificates. It’s a pretty complicated process that requires knowledge of coding and how server systems work.
Thankfully as more and more people used Let’s Encrypt the best WordPress hosting companies started offering it with their hosting plans. This saves you the hassle of installing your SSL certificate on your own.
The following WordPress hosting companies all offer a free SSL certificate with their hosting plans:
To use BlueHost as an example, you can find their free WordPress SSL option by heading to My Sites » Manage Site and clicking the Security tab. From here you can turn on the free SSL option.
If your hosting company isn’t BlueHost the process for turning your SSL certificate on may look different. If you’re having trouble finding the option you can ask your hosting provider to turn it on for you.
Now let’s look at getting your WordPress site ready to use HTTPS with your new SSL certificate.
How to Add SSL to WordPress for Free
With your SSL certificate enabled with your hosting provider, you’ll need to set up WordPress so that it uses HTTPS instead of HTTP with all of your URLs.
The easiest way to do this is to add the Really Simple SSL WordPress plugin to your website. It’s one of the best WordPress plugins for the job and like the title, it’s super easy to use. For more details on installing WordPress plugins check out this step-by-step guide.
After you’ve activated the plugin it will check to see if your SSL certificate is enabled. Then it will turn on the HTTP to HTTPS redirect which changes your site settings to use SSL/HTTPS.
To ensure your site is fully secure you need to be certain your site URLs are loading using HTTPS. Really Simple SSL does this for you automatically by fixing the URLs when the pages load.
If even a single URL uses HTTP browsers will treat it as insecure. To fix it you’ll need to use the inspect tool in your browser to find and replace the old URLs with the secure HTTPs protocol.
Step By Step
To find out how to fix mixed content errors in WordPress this guide is a great place to start.
Great, that’s it!
We hope this article helped you to add SSL to WordPress, and saved you a little money too. Why not take a look at our guide on setting up a business email so your email address looks as professional as your URLs.