Site owners or not, we all know that WordPress is the most popular CMS that powers more than 60% of the sites on the Web. When you deal with that much content, security should be one of the main concerns. That’s why it’s only natural that Automattic, the company behind WordPress, recently announced that it’s working together with Let’s Encrypt project to provide all the WordPress.com sites with free SSL (Secure Socket Layer) certificates.
For those who are unfamiliar with SSL, its job is basically to improve the security of your sites. It adds the “s” behind the “http” on your site’s URL. You can also notice the extra protection by the closed padlock icon on your browser when you open the site.
But what about the self-hosted WordPress sites? How can site owners put added layers of security on their sites? Is there an easy way to do it?
Why Should You Use SSL?
Long gone are the days when SSL and HTTPS are the acronyms associated with e-commerce sites. They still need the security measure, but with the increased threats to sites’ security today, so do regular sites. Anybody with the proper knowledge can intercept, modify, or redirect traffic to and from unencrypted sites.
Readers are also becoming more well-informed and more cautious of unencrypted sites. The stories of picking up malicious viruses or getting hacked after visiting suspicious sites have become one too many. Having the “https” trail on your URL will give you trusted online presence. Moreover, you and your readers will have more peace of mind.
And if you need another reason why you should have SSL certification for your site, it’s also known that Google and other search engines are giving higher page rates to sites with https trail. It means that secure sites will rank higher and naturally get more traffic.
How to Acquire a Free SSL Certificate for Your Site
There were the days when the only way to secure a site with an SSL certificate was to pay for it. Not only that but the process to set it up is also not for the faint of heart. You have to deal with lots of steps, codes, and back-and-forth authorizations. On top of that you still need to re-configure your site to adapt to the new settings, including the changes in the URLs. No wonder people were willing to pay a lot to have someone set the certificates for their sites and avoid all the hassles. Some of them still are.
Fortunately, things are better now. There are several ways that you can use to acquire an SSL certificate for your site, freely and easily. Here are some of the alternatives.
1. Use a webhost that offers built-in free SSL
The easiest option is to use a hosting company that offers built-in SSL so that all you need to do is to contact the help desk and have the certificate enabled for your site. Or even if you have to do it yourself, the process is relatively easy and usually accessible via the cPanel.
2. Use Cloud DNS service
Another alternative is to use one of the Cloud DNS services. Most of them include SSL certificates as part of their service. One example of such service is CloudFlare which offer a free plan that anybody can use. Other than extra layers of security, these services will also increase your Web performance.
3. Use Let’s Encrypt Free SSL Certificate
We can also use the Let’s Encrypt free SSL certificate, similar to the one that WordPress.com uses. The problem is manually setting up the certificate is not a walk in the park, and most of the non-techie web owners will cower in fear and hide somewhere the manual SSL setup monster won’t find them. Another problem is the Let’s Encrypt certificate will only be valid for ninety days. While you can always renew indefinitely, doing it forever, every for ninety days, is not the kind of fun spare time activities that I have in mind.
Fortunately, there are plugins for that.
The Terrific Trio
The two primary problems of doing your SSL setup are acquiring the certificate and adjusting your site after it has been certified. We are going to use three free WordPress plugins to solve both problems.
1. WP Encrypt
WP Encrypt is an easy-to-use WordPress client for the Let’s Encrypt service. The plugin will help you get a free SSL certificate for your site and also automatically renew it every ninety days before it expires. There’s one less thing to worry about.
To get started, all that you need to do is to fill in the fields and check the boxes on the Settings page. Click “Save Changes -> Register Account -> Generate Certificate.”
Up to this point we have achieved the goal of this article which is to get a free SSL certificate for your site. However, let’s take the journey a bit further.
2. Remove HTTP
You don’t need to configure anything. Just install the plugin, and it will do the rest. Your links will automatically become protocol-relative URLs that have only “//” without “http:” or “https:” preceding them.
3. Really Simple SS
After getting your certificate using WP Encrypt, you can activate and use Really Simple SSL plugin to take care of the rest. This plugin will:
- handle most issues that WordPress has with SSL. For example loadbalancer issue or the no server variables set problem.
- change all the site URLs and home URLs to https. The plugin won’t change hyperlinks to other domains.
- not change the database except for the siteurl and homeurl.
In some cases, there are still manual configurations that you need to do.
Important Note: It’s possible that after installing Remove HTTP and Simple SSL, your site will still not be configured correctly or can’t be configured at all. Your first option is either to do the configuration manually with the help of the instruction at the WP Encrypt settings page (click the Help tab at the top-right corner of the page). You can also opt for the Pro version of Really Simple SSL that will do the manual configuration for you or use the other two alternatives to get your free SSL certificate.
Have you implemented SSL on your site? How is your experience? Please share using the comment below.