(847) 625-1774 sherry@sinkwebdesign.com
image of a secure website connecting across the world

Secure Your WordPress Website with an SSL Certificate

Security, Tips & Tricks

* This post was originally written for and posted on 9 Planets Design blog.

Is your WordPress website secure?

How can you tell?

Look at the top of your website: do you see a green lock next to your website address? Does it say at the top of the browser window HTTP://www.yourwebsite.com or does it say HTTPS://www.yourwebsite.com?

If you don’t see a green lock, HTTPS or any indication that says your site is secure, listen up — starting this month, Google Chrome plans to label websites as ‘unsafe’ if they don’t have proper security measures in place. This is part of a continuing project to eventually mark all HTTP sites as not secure, in order to make their browser safer and to alert users and protect their private info from external dangers (like hackers).

How does this affect you?

Do you have a search box or collect any information from your visitors, such as via a contact form, subscription sign-up or as part of a purchase?

If your site is being viewed in Incognito mode and/or if your site collects information via any type of form and isn’t secured with an SSL certificate, your website could be flagged as Not Secure. This label may scare your potential customers and could cause them to exit your site without doing business with you.

screenshot of ways Google Chrome will label various sites as Not Secure if they don't have an SSL certificate

What should you do?

It’s easy! You need to get an SSL certificate and have it applied to your website.

What the heck is an SSL certificate?

An SSL certificate creates a secure connection between your website and the server, so that any info your visitor sends to you via your website will be protected and kept secure. It’s also what helps protect businesses that are selling products directly from their website (to safeguard visitors’ personal information like credit card numbers and other data).

Adding an SSL certificate to your website creates that extra layer of security Google Chrome is looking for. It will add the green lock to your site name, and when your visitors start to fill out a form it will show that you’re secure.

How do you add an SSL certificate?

Most hosting companies provide one for free with your hosting account, so you should check with your host to see what they offer. Ask them if your account already has an SSL certificate and if your site needs to be upgraded in order to use one (this varies from host to host, depending on the type of account you have). They may be able to set it up for you, for a small fee.

If you sell products online, you may want to get a paid SSL certificate instead of a free one, for added insurance coverage. 9 Planets Hosting, the company that hosts this site, includes a free SSL certificate with every hosting plan, but if you need added insurance they also offer several paid certificate options that may work well for you. Or, speak with your own host to see what they offer and what’s included in that cost.

*IMPORTANT NEXT STEP FOR WORDPRESS WEBSITES

Once you have an SSL certificate added, you need to connect it to your WordPress website. If you want to set it up yourself instead of paying your host to do it for you, you can set it up using this Really Simple SSL plugin, a free option that will help connect the certificate with your website.

Here’s how…

Steps to Set Up the SSL Connection with your WordPress website

1   Log into your WordPress website

From your website’s admin dashboard on the left, click on Plugins

From the top of the Plugins screen, click on “Add New”

screenshot of the Really Simple SSL plugin activation

2   Add the Really Simple SSL plugin

In the “Search plugins” field, type Really Simple SSL – the Really Simple SSL plugin option should appear first in your search results

Click on “Install Now” button

Once the plugin has been installed, the “Install Now” button should turn blue and display the word “Activate” – click that button to activate the plugin on your website

3   Enable SSL

You should see a notification asking you to enable SSL – click the button.

This should complete the process, but it may ask you to complete one more step by bringing you to a login screen. If that comes up, simply log into your site again so that it can acknowledge the change from HTTP to HTTPS.

screenshot of the activation button to enable SSL

That’s it! You should now see a lock next to your website name at the top of the browser window, and when you click the lock, it should pop up a box that says something like “Secure” or “Secure Connection.”

screenshot example of a website that has been secured with an SSL certificate

Your WordPress website has now been updated with an SSL certificate.*

*NOTE: If your site still says elements are un-secure, it’s usually because an image or other random site element didn’t get updated with HTTPS (instead of HTTP). To track down those stray items and get them updated, there are a few options you can follow.

  1. If you’re a do-it-yourself-er, you can follow the suggestions from the creators of the Really Simple SSL plugin, as noted in their helpful article here.
  2. If you don’t mind paying for most of the work to be done for you, the pro version of Really Simple SSL can be uploaded to your website for a fee (currently about $25 for use on a single website). The free version of the plugin (as added via the instructions above in this article) automatically connects your website to your SSL certificate, but the pro version of the plugin also scans for these types of “mixed content” issues and provides you with a list of what needs to be adjusted. Each result comes with either a Fix button you can click to have the plugin auto-correct the issue for you, or — for those issues where an automatic fix isn’t possible — they provide instructions on how to fix it.
  3. In a pinch, there’s always Sink Web Design! I’d be happy to walk you through any “mixed content” issues that need to be updated, or take care of it for you.

NEXT UP…

IS YOUR NEWLY SECURE SITE UPDATED WITH GOOGLE ANALYTICS & GOOGLE SEARCH CONSOLE?

If your website has been set up in Google Analytics or Search Console — and it really should be! — you will need to update your site information so that Google knows your site is now HTTPS://www.yourwebsite.com instead of HTTP://www.yourwebsite.com.

For more instructions on how to update this (if your host isn’t doing it for you), stay tuned for step-by-step instructions in the next installment here on the Sink Web Design blog.

NOW IT’S YOUR TURN

Do you have any helpful tips and tricks of your own? Please share in the comments below. You never know who might read your words and benefit from your knowledge and experience.

And if there’s a topic you’d like to see covered here in the blog, please let us know.

SHARE THIS ARTICLE ON

Pin It on Pinterest