One of the best ways to increase your WordPress site’s security is by installing an SSL certificate. It prevents hackers from stealing personal information by encrypting the connection between a visitor’s browser and your site. However, installing one can be incredibly difficult and costly.
Fortunately, this is no longer the case with Let’s Encrypt, which offers free, automated SSL certificates to anyone who needs one. In this post, we’ll walk you through a step-by-step tutorial on how to secure your WordPress site with HTTPS using a free SSL certificate from Let’s Encrypt.
Let’s put everything into context before we begin.
What Is an SSL Certificate and Why Do I Need One?
Whenever you send information over the Internet, it is done via HTTP protocol which is, by default, unencrypted. In simple English, this means that the data we send over it can be intercepted and doctored. This is where HTTPS comes into play.
HTTPS is a combination of HTTP and the Secure Sockets Layer (SSL) – a collection of protocols that is designed to encrypt the transmission of data. The protocol allows end users to authenticate the website they’re accessing and rest assured that the data they send over it is encrypted.
SSL certificates are nothing more than small data files that digitally bind cryptographic keys to a website’s details. When they’re installed on a web server, SSL certificates activate the HTTPS protocol, enabling secure communication between the web server and the end user’s browser. SSL certificate issuing authorities (such as Let’s Encrypt and CAcert) validate site ownership before supplying the most suitable certificate.
As you may probably already know, sites using SSL are ranked better by Google than those that don’t. But is SSL necessary for everyone? The short answer is: it it depends. If you sell products, offer memberships, or require visitors to submit sensitive information on your site, then chances are you need to secure your WordPress site with HTTPS. Here’s why:
- Data security. Whether your site’s visitors need to enter their credit card information to complete a transaction or submit personal information through web forms, it’s important for them to rest assured their data won’t be compromised.
- Better SEO. Google is giving a rank boost to sites that use HTTPS. Though it has a minor effect on search engine rankings right now, it’s entirely possible that it may have a greater impact later on.
Simply put, if you want your visitor’s data to be secure online, you’ll have to secure your WordPress site with HTTPS by installing an SSL certificate. In the past, adding an SSL certificate to your site was both difficult and pricey. However, Let’s Encrypt changed that forever with its initiative to make SSL certificates free and automated for everyone.
How Do I Secure My WordPress Site With HTTPS?
Let’s Encrypt is a relatively new certificate authority operated by the Internet Security Research Group that aims at simplifying SSL implementation. The company issues digital certificates to ordinary site owners so that they are able to enable HTTPS on their site for free.
We give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free, in the most user-friendly way we can. We do this because we want to create a more secure and privacy-respecting Web. – Let’s Encrypt
There are two main ways to get started with implementing an SSL certificate from Let’s Encrypt. You can take the DIY approach and install it manually by following the official documentation. However, if you’re not particularly technically inclined, then you can go for a host that supports Let’s Encrypt.
In this section, we’ll show you how you can secure your WordPress site with HTTPS by installing an SSL certificate from Let’s Encrypt. It’s always a good idea to create a full backup of your website before making significant changes to it.
Step 1: Install Your Free SSL Certificate
Many reputable hosting providers offer free SSL certificate installation from within their user portals. Here’s how you can install your own:
- Login to your hosting account or cPanel.
- Navigate to SSL > Add Certificates > Let’s Encrypt.
- Choose the domain(s) you want to secure with HTTPS.
This is the easiest way to get started with securing your WordPress site with HTTPS. Keep in mind that the page names may vary from host to host but the process remains the same. However, if your current hosting provider doesn’t include installation options then you can consider switching over to one that does or install an SSL certificate manually.
At this point, you should have an SSL certificate installed on your WordPress site, which means that it’s now using the HTTPS protocol to ensure secure communication. In the next two steps, we’ll update our WordPress site’s URLs and Google Analytics settings from HTTP to HTTPS.
Step 2: Update Your WordPress Site’s URLs
You’ll notice that even though you’ve installed an SSL certificate, your WordPress site’s URL still reads http://www.your-site.com instead of https://www.your-site.com. Since your site’s visitors will see your URL, it’s important to update it to HTTPS.
If you installed an SSL certificate on a new WordPress website (that isn’t being indexed by search engines), then updating its URL is simple. Here’s how:
- Login to your WordPress site’s admin panel.
- Navigate to Settings > General from the WordPress dashboard.
- On the General Settings screen, you should see two fields:
- WordPress Address (URL)
- Site Address (URL)
- Change the URLs in both fields from http to https. It should look something like this:
- Click the Save Changes button to continue.
On the other hand, if you’ve installed an SSL certificate to an existing WordPress site (one that is being indexed by search engines), then you’ll need to use a plugin to update the URLs. We’ll use the Really Simple SSL plugin to update URLs on existing sites.
Step 3: Update Your Google Analytics Settings
Some of you may be using Google Analytics to monitor different metrics on your WordPress site. In order to continue receiving accurate traffic data, you’ll have to update your site’s URLs in the Google Analytics settings, as well. Here’s how:
- Login to your Google Analytics account.
- Navigate to Admin > Property Settings from the dashboard.
- In the Property Settings screen, change the Default URL value from http:// to https://.
- Click the Save button to save changes.
Installing an SSL certificate to secure your WordPress site with HTTPS allows your site’s visitors to rest assured that their sensitive information won’t be intercepted and doctored. Hopefully, you’re in good position now to enable HTTPS on your website. Let’s run through the main steps you need to follow once again:
- Install the SSL certificate to your WordPress website either manually or through your hosting provider.
- Update your website’s URLs from http to https by changing the settings or using the Really Simple SSL plugin.
- Update the Google Analytics account settings associated with your WordPress site.
Are you planning on installing an SSL certificate from Let’s Encrypt on your WordPress website? Let us know in the comments section below!