Security is one of the major ranking factors which Google takes into consideration while deciding the SERP rankings of your website or blog. So how can you build these so-called Security Features into your website? It’s simple: SSL.
In this article, I am going to explain you the basics of SSL Encryption and I will tell you how to get a Free SSL Certificate and how to configure it for your WordPress website.
SSL stands for Secure Sockets Layer, it is the standard security technology for establishing an encrypted link between a web server and a browser.
In simple terms, SSL makes sure that the communication between the user and the website remains secure and no one could access it from the outside.
Here comes the technical parts, so if you’re not interested you can skip through these sections 🙂
Why is SSL so important?
Thanks to the skilled and destructive hackers of our generation, most of the websites on the internet get attacked on a daily basis and lots of sensitive information such as credit card details, passwords, etc. are stolen from the users.
To overcome this problem, HTTPS was innovated, it is an extension to the basic HTTP connection with an added security feature, you guessed it right: SSL.
SSL makes sure that even if the hackers intercept these details while you are shopping or logging in somewhere, they couldn’t access your info as it is in the form of encrypted packets.
This is why most of the Search Engines (Google) now consider Security a ranking factor. If your website is secure, then there are chances that you will rank higher!
Who does this encryption?
All of the browsers nowadays have the ability to encrypt packets and secure your data. So what is the role of the website?
The answer is simple. To encrypt these packets of data, the browser requires some algorithm or a technique. Encryption is basically scrambling of the packets in such a way so that only your browser and the website knows about it.
This is where the SSL Certificate comes in. The SSL certificate contains keys which are basically the encryption algorithms for the browsers. In basic terms, the SSL Certificate tells your browser how to scramble the data packets in a specific way so that when the browser sends these scrambled packets to the website, it knows how to unscramble it and read the data in those packets.
The Process of Connecting to an HTTPS website
- Browser connects to a web server (website) secured with SSL (https). Browser requests that the server identifies itself.
- Server sends a copy of its SSL Certificate, including the server’s public key.
- Browser checks the certificate root against a list of trusted CAs and that the certificate is unexpired, unrevoked, and that its common name is valid on the website that it is connecting to. If the browser trusts the certificate, it creates, encrypts, and sends back a symmetric session key using the server’s public key.
- Server decrypts the symmetric session key using its private key and sends back an acknowledgment encrypted with the session key to start the encrypted session.
- Server and Browser now encrypt all transmitted data with the session key.
You can check this link to learn more about SSL Cryptography.
So why doesn’t everyone get these SSL thingies? You ask…
The most important part of an SSL Certificate is that it needs to be digitally signed by a Certification Authority (CA). Even though anyone can become a CA, the browsers only trust the sites whose certificates are signed by a CA which is on their list of trusted CAs.
Most of these CAs charge you a hefty sum to issue a certificate but don’t worry I have some ways by which you can get a FREE SSL Certificate for your WordPress website.
How to Get a Free SSL Certificate for your WordPress Website?
If you want to get an SSL Certificate for your WordPress website without spending lots of money, here are some ways you can get it for free!
Let’s Encrypt: Free SSL Certificates for Everyone
Let’s Encrypt is a cooperative venture with Linux Foundation and is supported by Mozilla, Akamai, SiteGround, Cisco, Facebook, and so forth which offers SSL Certificate for free.
This is awesome to spare funds on an SSL certificate and can be used by beginner bloggers easily.
It’s fully automatic so you don’t have to spend lots of time configuring it and everything is handled by their servers.
But for Let’s Encrypt to work, you need full server access of your website which is not possible for websites on Shared Hosting.
Comodo: Premium SSL Service with 90 days trial
Comodo is renowned for its antivirus software, but it also issues SSL certificates to websites. The Certificates are not free but you can get a free trial to get a firsthand experience.
It gives you free SSL at no costs for 90 days. This is a solid match if you are hoping to play around with SSL to learn more about it.
Get your completely free SSL certificate issued in minutes with most astounding quality and bit encryption. Every significant browser recognizes Comodo issued SSL certificates.
3. SSL For Free: Easily Set Up a Let’s Encrypt Certificate
SSL For Free is a simple website which issues free SSL certificates for your website. Its certificates are issued by Let’s Encrypt, but you do not need full server control to set this up! For this tutorial, I will show you how to get a free SSL Certificate from Let’s Encrypt and configure it on your WordPress Blog.
Setting up SSL Certificate on your WordPress Blog
Adding SSL Certificate Files in CPanel
- First of all head to the SSL For Free website.
- Enter the URL of your website.
- Now you have to verify that you own the website, the simplest way is to enter the FTP login details.
- Once you have verified your website, you will get 3 set of Codes. Certificate (CRT), Private Key (KEY) and Certificate Authority Bundle (CABUNDLE).
- Save them and head to your Hosting Control Panel.
- Here, search for the Security section and click on “SSL/TLS”. (This may be different for you but every variation of CPanel has an SSL section, explore to find it)
- Once you have found the SSL section, click on “Add New Certificate”.
- Now Paste the 3 set of codes which you have saved earlier into the 3 text boxes.
- Click on “Install Certificate”.
Configuring SSL Certificate in WordPress to make the site HTTPS
You have successfully installed an SSL Certificate on your WordPress Server/Hosting. Now, we have to configure the WordPress website to utilize the HTTPS protocol.
For this, we will use a WordPress Plugin named “Really Simple SSL”.
- Download the Plugin from the WordPress Directory and install it on your website.
- Activate the Plugin.
- Go to Settings>SSL.
- Go to Settings>General
- Change the Site address and WordPress Address from “http://example.com/” to “https://example.com/”
Now you have successfully configured SSL settings on your WordPress website.
If you liked this article, do share it with your friends on Social Media. If you have any queries, feel free to ask them in the comments below.