How to add SSL and HTTPS to WordPress & Your Website

If there’s one thing that is more important than your revenue, then it’s the security of your customers’ data! Playing fast and loose with bank details, addresses, credit card details, and other key sensitive information might not be a major concern right now, but if something goes wrong, you’ll ultimately pay for it with your business which can cost you thousands of pounds in legal fees and compensation! That is of course if you are trading as a business, if not the consequences can be even direr.

Luckily there is technology out that to protect your website’s visitors, such as Secure Sockets Layer (SSL) and Hyper Text Transfer Protocol Secure (HTTPS). Its primary function exists to protect data entered into a browser as it flows from server to server. These technologies can be complex under the hood but are simple for WordPress users and website owners to implement.

Don’t know how to add SSL and HTTPS to WordPress or your website? Keep reading.

Introducing Secure Sockets Layer (SSL) and HTTPS

The green padlock is a key indicator of an encrypted site.

The data that’s passed from server to server when you interact with a website hasn’t always been encrypted and safe from interception. In fact, there’s still a long way to go in that regard. But authorities like Let’s Encrypt are pioneering the way to a more secure internet for all, and best of all they provide certificates completely free of charge.

The history of SSL and HTTPS is a little involved, but ultimately both were born out of a need to protect online data, many official signing authorities have since consolidated within the market, and many web hosts will now charge you upwards of £49 a year for a basic site certificate.

These two technologies have their own distinct roles to play:

  1. SSL: This is the protocol that provides communications security over a network.
  2. HTTPS: This is essentially a protected version of HTTP, which provides authentication for a website and its associated server.

However, it is impossible to have one without the other This means that as soon as they’re both implemented, data transferred between servers is protected as fully as possible.

How to add SSL and HTTPS to WordPress

While they’re complex protocols, and sound scary to implement for any small business owner, independent trader or just your average WordPress blogger. Using ‘Secure Sockets Layer’ and ‘Hyper Text Transfer Protocol Secure’ on your site has become drastically much easier over the years. Almost anyone can learn how to add SSL and HTTPS to WordPress or your basic HTML powered website these days. Simply follow the three steps outlined below, and you will be up and running in no time.

Choose a suitable SSL certificate.

While the process of connecting a certificate to your site might be simple, choosing the right certificate is a little more involved. There are many options available depending on your needs, but the most commonly used are one of the following three types:

  • Domain Validation (DV): This certificate simply verifies you as the owner of the domain.
  • Organization Validation (OV): Along with verifying the domain, this certificate also proves that your organization is legitimate.
  • Extended Validation (EV): With this certificate, you offer the highest level of security assurance to your customers. All applicants must pass a strict vetting process.

Ultimately it will all boil down to price, what level of insurance cover you require and how you want to portray your site security to the world. Don’t forget here at PlanYour.Website we provide all of our WordPress Hosting customers with free SSL provided by Let’s Encrypt. Sure, it protects your website and customers data, but who cares now a day if you pay for an EV certificate showing your name in the browser bar.

On the whole, the more sensitive the data you process is, the greater security level you’ll require to protect it. However, keep in mind that higher security comes with an additional cost. The level you need is up to you, but we’d recommend that if you deal with customer banking data, anything other than an EV SSL certificate would be risky.

PlanYour.Website offers all of these solutions from Let’s Encrypt to DV, OV, and EV certificates. You can purchase any of the above three certificates directly from our hosting portal, prices start from £31.80 a year.

Generate a Certificate Signing Request (CSR).

To help validate your website, business and server, you’ll need a Certificate Signing Request (CSR). In short, this identifies the server and domains you’ll use your certificate with.

The instructions are different depending on the server you’re using, but generally, you’ll need to:

  1. Connect to your server via Secure Shell(SSH).
  2. Run a console command.
  3. Enter your URL and business details.
  4. Copy and paste the text into your account’s SSL request area.

As we alluded to earlier, WordPress Hosting and Hosting customers have fewer steps to take to encrypt their data because of PlanYour.Website takes care of this part of the process. However, regardless of your hosting provider, you’ll still need to make some tweaks within your WordPress dashboard or .htaccess for a general HTML powered site once your certificate is ready to go.

Direct WordPress to use SSL and HTTPS.

The final step is to make sure WordPress knows you’re now using SSL and HTTPS. First, head to your WordPress dashboard and navigate to Settings > General. Scroll down to the WordPress Address (URL) and Site Address (URL) fields, and swap out HTTP:// for https://:

Once you’ve saved your changes, you should be all set. However, if you’re implementing SSL on your existing website, you’ll also need to make a change to your .htaccess file. But before you go tinkering with your WordPress/website core files, you should brush up on your File Transfer Protocol (FTP) skills and back up your website in case something goes wrong.

Then, log in to your site via FTP, find the .htaccess file in your main directory, and add the following code:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$$1 [R,L]

Make sure you replace with your site’s URL and save your changes. At this point, your site should be encrypted, but navigate to your front end and check out the browser bar to make sure.

Finally, it’s possible your site might only be deemed “partially secure” by the browser. This is a common issue with WordPress sites using third-party certificates. The good news is that you can use a plugin, such as Really Simple SSL, to solve it quickly.

When it comes to your website, your users’ security should be a top priority. What’s more, influential companies, such as Google and WordPress itself, are pushing for all sites to protect the data they process. This means you need to learn how to add SSL and HTTPS to WordPress and make the change right away.