How to Get an SSL Certificate for Your WordPress Website
February 7. 2020
Online security is a major concern for most internet users today. We install anti-virus programs, use ad blockers, take care where we download from and just overall avoid any suspicious websites we encounter. So when our browser informs us that a certain website is “not secure”, we immediately become suspicious. We might not even visit the website because of it. You don’t want that to happen to your website, do you? Because it doesn’t matter how much you invest in the help of WordPress experts if people don’t trust your website enough to even visit it! That’s why you need to get an SSL certificate for your WordPress website. But what is an SSL certificate and how do you obtain it?
What is an SSL certificate?
A lot of things go into running a website. Sure, you must know how to create posts and pages, but you’ll also need to worry about themes and plugins and security. And that’s where SSL certificates come in. SSL is an acronym for Secure Sockets Layer, a protocol for securing data transfer. Every visitor to your website shares some data with it, even if it’s just a location or a public IP address. Often, the data shared is much more sensitive – an email address, personal information, credit card numbers. This is especially true if you’re running a website that requires a login or an e-commerce business. Without SSL, all this data is vulnerable to hijacking.
Using SSL, on the other hand, will protect the sensitive information your users trust you with by encrypting the data transfer between the user’s browser and your website. An SSL certificate is, therefore, a way to show your users that you care about them and their security. We are sure all visitors to your website would appreciate that!
Why do you need to get an SSL certificate for your WordPress website?
You can run a website without an SSL certificate and you wouldn’t be the only one. But we don’t recommend it! It doesn’t matter how much you spend on professional website maintenance services if your users don’t trust you enough to use your website. And if their browser informs them that your website is not secure, they might lose confidence in your webpage. So it is highly recommended that you get an SSL certificate for your WordPress website, no matter the kind of content you produce. If you take payments through your website, however, you definitely need an SSL certificate. Not only are you dealing with some seriously sensitive information, but many online payment services also require an SSL certificate before you can use them.
What should you do to get an SSL certificate for your WordPress website?
Getting an SSL certificate is not that hard. But there are still several steps in the process. You will also need to make decisions regarding the type of certificate you want to get and who to get it from. This decision will depend on the type of website you’re running, the cost of running a WP website that you find acceptable, what your main reason for getting the certificate is and more. But let’s start from the beginning!
Choosing a certificate authority
The first thing you’ll need to do when getting an SSL certificate for your WP website is to choose a certificate authority. A certificate authority, often shortened to just CA, is an organization through which you will get your SSL certificate. They will vet your credentials, check if you can get the kind of encryption you’re looking for, and finally, issue the certificate to you.
But before you start looking at your options, make sure to look at your web hosting plan. Many web hosting companies offer plans that come with an SSL certificate. In fact, you may already have one and not even realize it. If you do, examine the type of certificate you have. You may find it satisfying enough not to look for others. If you don’t have one, however, look into other plans your web hosting company offers. They may be able to provide you with a good enough certificate at a good enough price.
Finally, if all else fails, you can turn to some of the top CAs on the web. Comodo, GlobalSign, GoDaddy, SSL.com are all good options. They all offer a variety of SSL certificates (including domain validation, organization validation, and extended validation certificates) at affordable prices!
Purchasing and verifying the certificate
Once you’ve chosen a provider and the type of certificate you want, you can go ahead and purchase it. It may take anywhere between a few minutes and a few days depending on the type of certificate for the CA to approve your purchase. When they do, just download the SSL certification files.
Installing the certificate
How you install the certificate depends on your web hosting company. If you purchase an SSL certificate from them, they’ll likely install it for you as well. Otherwise, follow these general steps:
- log in to your web host manager
- find the “Install SSL certificate” option and click on it
- enter your domain name as well as the key and certificate you received from your CA
- click “Install”
Can you get an SSL certificate for your WordPress website for free?
If the cost of purchasing an SSL certificate seems too much, you also have the option of getting an SSL certificate for free. A non-profit project Let’s Encrypt which boasts a long list of some serious and seriously famous sponsors (including Google, GitHub, and FaceBook) has established a free certificate authority. You can get an SSL certificate from them without paying a dime. However, these certificates are often pretty basic and you will need some coding skills and server systems knowledge to install one.
What to do after you get an SSL certificate for your WordPress website
Once you get an SSL certificate for your WordPress website, you should check that it actually works. You can do this by simply visiting the website in an incognito window. Does the address contain HTTPS? Is there a padlock in the address bar? Congratulations! You now have an SSL certificate on your website. The link on your website should update automatically. But you’ll want to update the ones you have on your social media or elsewhere to the new HTTPS address. Finally, set up a 301 redirect to ensure a seamless transition to your new and more secure address. Voila – you’re now done!