The Definitive Guide to SSL and WordPress

The Definitive Guide to SSL and WordPress

The Importance of SSL in Today’s Web Environment

It’s become commonplace for a majority of internet users to share personal information on the internet.

With the disregard for protecting personal data becoming second nature, how do we protect ourselves and our users? That’s where the power of SSL comes in.

If your site requires users to submit any valuable or fragile information, then having an SSL certificate is a must-have. Below you’ll learn what SSL actually is and how you can install your SSL certificate on your WordPress site.

Understanding SSL: The Basics

What is SSL? Having a secure website is an absolute necessity these days. SSL is the current web standard for exchanging information securely between a website and a user. Most information traveling over the web can be easily accessed anytime by people who know what they’re doing. You know, like hackers and the government.

Since this is such a common occurrence, the best line of defense is to encrypt your data. The way anyone who accesses your data, besides the person you were intending, will receive nothing more than a string of gibberish.

For SSL to be valid on your site, the first thing you need is to have a working SSL certificate and a host capable of supporting SSL integration.

When to Implement SSL on Your Website

When It’s Best to Use SSL Not every style of website requires SSL. For some websites obtaining an SSL certificate will be a waste of time and money. However, these cases are becoming more and more rare.

In fact, Google recently announced that sites that have an SSL certificate will actually receive a rankings boost. So, if your site is reliant on search engine traffic to do business, then this boost might be a good idea for your site. Currently, the rankings increase you’ll receive is small, but if you’re in a competitive space, then this could mean all the difference.

Beyond the reasons why you might want it, there are a few instances that basically require using SSL. These instances include:

  • Requiring your users to login
  • Users can submit personal information
  • Credit card details
  • SSN or other private details
  • Personal address
  • You run an eCommerce website
  • If you want to run your site over HTTP/2 Without SSL there’s a chance your user’s information could be stolen, and in today’s internet age trust means everything.

Considering the Flip Side: Drawbacks of SSL

Now, SSL isn’t without its drawbacks. Below we highlight a few of the main objections about SSL.

The cost It isn’t particularly expensive, but an extended SSL certificate does cost a bit more. Plus, you need to remember to renew your certificate every year.

ROI isn’t guaranteedYou need a little technical knowledge to set it up.

SSL and HTTPS: What Changes?

When your site is protected, the usual “http” prefix will instead be changed to a secure “https” preface. There will also be a green padlock to the left of your domain, like the image below.


ssl pagely example

Some sites will use an Extended Validation Certificate, which will make your site name and URL appear green, like we have at Pagely. These certificates offer more WordPress security and are issued after a more vigorous application and verification process.

How SSL Encryption Works

SSLs encrypt the information traveling between the server and browser. If at any point someone beyond the intended recipient tries to access the information it will be illegible.

In order to use this encryption you need to install an SSL certificate on your server. You can obtain a certificate from a company known as a Certificate Authority.

After you’ve purchased a certificate you’ll submit your website and company information and receive a public and private key. Your public key will then get submitted with your previous information in your Certificate Signing Request.

After this information is verified, your SSL certificate will be signed with an SHA. Then, the actual certificate will be issued and you can use it on your site.

Keeping Your SSL Certificate Current

When you have an SSL certificate installed on your site, you need to ensure it doesn’t expire or become invalid. If this happens, your visitors won’t be able to visit your site and, instead, will  be taken to a screen that says ‘This site’s security certificate is not trusted!’

Having a first-time visitor see this screen when they visit your site won’t help to build trust. At all.

It’s important to purchase your SSL certificate from a known authority. Otherwise, you run the risk of your user running into a screen that says ‘Secure connection failed’. This screen won’t look as serious as having an expired certificate, but it still deters visitors from accessing your site.

Step-by-Step: Integrating SSL with WordPress

Once you obtain an SSL certificate you can then move forward with integrating SSL and your WordPress site. Before making any changes to your site it’s always a good idea to backup your site, just in case something happens.

  1. The first step will be editing your wp-config.php file. Open up wp-config.php in your favorite code editor program and add the following line of code.

    define(‘FORCE_SSL_ADMIN’, true);

    This will force the SSL certificate to load for any user who visits your site.
  1. Next we’ll add a 301 redirect to ensure visitors to your site are automatically sent to the secure HTTPS version.

    To do this we’re going to edit the .htaccess file. Open up your .htaccess file, or create one if your site doesn’t already have one, and add the code below.

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$$1 [R,L]

You’ll need to change the URL of your site, and possibly the server port if yours is different.

SSL is a great way to ensure your site remains protected, however, it’s just one of many security measures you should incorporate into your site. Having a secure hosting environment, strong admin passwords, and using a few select WordPress security plugins will help take your site the rest of the way.”

New Posts in your inbox