What is SSL?
SSL stands for Secure Sockets Layer. We’re not going to go into the technical aspects of how SSL works, but it adds security to your website.
If Zip looks at his browser, he can see that there’s a little unlocked padlock symbol and the words, “Not Secure.” This bugs me and I’d install an SSL certificate just to get rid of that!
Fortunately, most web hosting providers will provide you with a free “Let’s Encrypt” SSL certificate now, and it’s not too hard to install one.
So I Need SSL on My Website?
Yes, if you’re going to have an online store, a membership site, or otherwise collect private data. But even for other sites, SSL certificates are becoming standard. It’s nice to NOT have a “Not Secure,” warning for visitors to your website.
Adding SSL to Your WordPress Website
Let’s Encrypt SSL Certificate in CPanel
Zip’s going to install a free Let’s Encrypt SSL certificate to Slothverse.com through CPanel.
Time needed: 20 minutes.
Adding A Let’s Encrypt SSL Certificate in WordPress
- Log into CPanel and Click on Let’s Encrypt
- Install the Certificate
Choose your domain and click “Install.”
- Check and See if Your SSL Certificate Has Installed
Wait a few minutes and refresh the page and see if your certificate has installed. Most of the time, it’s pretty quick now, for some hosting providers it may take a bit longer.
A note for Cloudflare users: If you already are using Cloudflare and are trying to install a Let’s Encrypt certificate, and your certificate will not install, try changing your SSL mode in Cloudflare to Flexible, try installing the certificate again. When it shows that it has been installed, switch it back to Full-Strict.
In the photo below, you can see that the certificate is now active. If Zip checks the front end of his website, he’ll see that he now has a little closed lock symbol in the browser where the Not Secure warning used to be.
- Change Your Domain Name in Settings
Go to Settings>General and change the beginning of the URL for your site from http:// to https:// and save. WordPress will probably log you out and you’ll need to log back in at this point.
- Check your website for any mixed content
Check your website thoroughly. Zip sees that he’s getting a non-secure warning on his post. Read on below for more about that.
What if I Don’t Have CPanel?
Some managed hosting providers do not give you cPanel access. Usually, adding SSL on these hosts is pretty straightforward. Check their documentation and ask your hosting provider if you encounter any errors.
I had a client who had a very basic hosting plan but did have the option of a free SSL certificate. On this hosting provider, you could turn SSL on using a simple switch. My client had done this, but SSL still wasn’t enabled on her website.
When he looks at his website, Zip sees that his post is “not secure.”
He tries going to the dropdown under Action and HTTPS Settings in Let’s Encrypt and turning on “HTTPS Enforce.” This should enforce the SSL on all page on his website and redirect non-https pages to https.
and then after that turning on “External Links Rewrite.” Sometimes, if you’ve loaded resources from other resources, thaat website doesn’t necessarily use SSL and your website will still show a non-secure warning or a mixed content error.
Turning this rule on should create a “rule” in a file called .htaccess which will tell WordPress to rewrite any non-http resources to https.
But, guess what? He checks his post again and finds that this didn’t work.
Enforcing HTTPS and Rewriting Exernal Links in Siteground
Zip’s website is hosted on Siteground, so it came with their optimization plugin, SG Optimizer, pre-installed. That give him a couple of easy options for enforcing https.
He switches on Enable HTTPS and Fix Insecure Content and IT WORKS! No more insecure warnings.
But What if I Don’t Have Siteground?
But you might not have Siteground, and I intend to make this series for beginners. You can install a plugin to do the same thing. Try the WP Enforce SSL plugin, or again, Really Simple SSL, but you may need to get the pro version to diagnose mixed content warnings.
Of course, you could add rules to your .htaccess file, but that’s beyond the scope of this beginning tutorial (we’ll save it for another post.)
And there are times when some of your files may not get changed to https://. You might need to use a plugin like https://wordpress.org/plugins/better-search-replace/ and do a search for http://yourdomain.com replacing it with https://yourdomain.com (and always do a test run first.)
But, right now, SSL on Slothverse.com seems to be working just fine!
Let’s get on to design and adding a theme next!
We're sorry you didn't like this post.
Help us improve!
Tell us how we can improve this post.