Why SSL Is Important for Your WordPress Site and How to Get It for Free

Site owners or not, we all know that WordPress is the most popular CMS that powers more than 60% of the sites on the Web. When you deal with that much content, security should be one of the main concerns. That’s why it’s only natural that Automattic, the company behind WordPress, recently announced that it’s working together with Let’s Encrypt project to provide all the WordPress.com sites with free SSL (Secure Socket Layer) certificates.

ssl-mte-letsencrypt

For those who are unfamiliar with SSL, its job is basically to improve the security of your sites. It adds the “s” behind the “http” on your site’s URL. You can also notice the extra protection by the closed padlock icon on your browser when you open the site.

But what about the self-hosted WordPress sites? How can site owners put added layers of security on their sites? Is there an easy way to do it?

Long gone are the days when SSL and HTTPS are the acronyms associated with e-commerce sites. They still need the security measure, but with the increased threats to sites’ security today, so do regular sites. Anybody with the proper knowledge can intercept, modify, or redirect traffic to and from unencrypted sites.

Readers are also becoming more well-informed and more cautious of unencrypted sites. The stories of picking up malicious viruses or getting hacked after visiting suspicious sites have become one too many. Having the “https” trail on your URL will give you trusted online presence. Moreover, you and your readers will have more peace of mind.

And if you need another reason why you should have SSL certification for your site, it’s also known that Google and other search engines are giving higher page rates to sites with https trail. It means that secure sites will rank higher and naturally get more traffic.

There were the days when the only way to secure a site with an SSL certificate was to pay for it. Not only that but the process to set it up is also not for the faint of heart. You have to deal with lots of steps, codes, and back-and-forth authorizations. On top of that you still need to re-configure your site to adapt to the new settings, including the changes in the URLs. No wonder people were willing to pay a lot to have someone set the certificates for their sites and avoid all the hassles. Some of them still are.

Fortunately, things are better now. There are several ways that you can use to acquire an SSL certificate for your site, freely and easily. Here are some of the alternatives.

1. Use a webhost that offers built-in free SSL

The easiest option is to use a hosting company that offers built-in SSL so that all you need to do is to contact the help desk and have the certificate enabled for your site. Or even if you have to do it yourself, the process is relatively easy and usually accessible via the cPanel.

2. Use Cloud DNS service

Another alternative is to use one of the Cloud DNS services. Most of them include SSL certificates as part of their service. One example of such service is CloudFlare which offer a free plan that anybody can use. Other than extra layers of security, these services will also increase your Web performance.

ssl-mte-cloudflare

3. Use Let’s Encrypt Free SSL Certificate

We can also use the Let’s Encrypt free SSL certificate, similar to the one that WordPress.com uses. The problem is manually setting up the certificate is not a walk in the park, and most of the non-techie web owners will cower in fear and hide somewhere the manual SSL setup monster won’t find them. Another problem is the Let’s Encrypt certificate will only be valid for ninety days. While you can always renew indefinitely, doing it forever, every for ninety days, is not the kind of fun spare time activities that I have in mind.

Fortunately, there are plugins for that.

The two primary problems of doing your SSL setup are acquiring the certificate and adjusting your site after it has been certified. We are going to use three free WordPress plugins to solve both problems.

1. WP Encrypt

WP Encrypt is an easy-to-use WordPress client for the Let’s Encrypt service. The plugin will help you get a free SSL certificate for your site and also automatically renew it every ninety days before it expires. There’s one less thing to worry about.

To get started, all that you need to do is to fill in the fields and check the boxes on the Settings page. Click “Save Changes -> Register Account -> Generate Certificate.”

ssl-mte-wp-encrypt-settings-1

Up to this point we have achieved the goal of this article which is to get a free SSL certificate for your site. However, let’s take the journey a bit further.

2. Remove HTTP

Since an SSL certificate will turn your “http” protocol into “https,” problems will arise with your site’s content. It’s possible that your site URL is in https, but the assets (images, JavaScript, and CSS) refer to “http” links. This will result in getting mixed content warnings. What Remove HTTP will do is remove all the “http://” and “https://” protocols from the links without permanently changing anything.

You don’t need to configure anything. Just install the plugin, and it will do the rest. Your links will automatically become protocol-relative URLs that have only “//” without “http:” or “https:” preceding them.

3. Really Simple SS

After getting your certificate using WP Encrypt, you can activate and use Really Simple SSL plugin to take care of the rest. This plugin will:

  • handle most issues that WordPress has with SSL. For example loadbalancer issue or the no server variables set problem.
  • redirect all incoming requests to https using .htaccess or javascript.
  • change all the site URLs and home URLs to https. The plugin won’t change hyperlinks to other domains.
  • not change the database except for the siteurl and homeurl.

In some cases, there are still manual configurations that you need to do.

Important Note: It’s possible that after installing Remove HTTP and Simple SSL, your site will still not be configured correctly or can’t be configured at all. Your first option is either to do the configuration manually with the help of the instruction at the WP Encrypt settings page (click the Help tab at the top-right corner of the page). You can also opt for the Pro version of Really Simple SSL that will do the manual configuration for you or use the other two alternatives to get your free SSL certificate.

ssl-mte-wp-encrypt-help

Have you implemented SSL on your site? How is your experience? Please share using the comment below.

Leave a Reply

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.