Adding SSL to WordPress

Adding SSL to WordPress
There are so many factors that come into play when creating an online business or shop. You have to think about pricing, and stock, and shipping. And then there’s style and content and layouts. However, there is one component that is perhaps more important than all and that is creating a secure connection for your customers.  Have you ever been browsing on an online shop and suddenly are left feeling unsafe? It’s probably because you are. It is so important that your customers feel confident and secure when browsing or shopping on your website. Not just for your customer’s sake, but for yours as well. And here is where our topic makes it debut…

What is SSL?

SSL is an acronym for Secure Sockets Layers. It is a standard security service used to create an encrypted link between a client and a server. When important data, such as credit card information and social security numbers, is being typed into a site, SSL is what protects this transmission. Without SSL, the information is sent between browsers and servers as plain text, allowing anyone to intercept this data and use the information given.

For the sake of identification, each site is assigned a unique SSL certificate in order to establish a secure connection. If a server is on HTTP rather than HTTPS, the certificate will not match and most browsers will output a warning stating that your connection is not private. When an SSL secured website is accessed by a web browser, the browser requests the server to identify itself. The server then responds by sending a copy of its SSL certificate, including its public key. The browser then checks if the SSL certificate can be trusted. If the certificate is unrevoked, unexpired, and using a valid name for the connecting website, the browser will then create, encrypt, and output a symmetric session key by use of the server’s public key. The server and browser will then use the session key to convert all transmitted data. This process is known as an SSL handshake.

How do you know if a site connection is secure?

When visiting a site, in the browser tab you should see a security icon or a green bar just before the URL. This is an indicator that a secure connection has been established. Clicking the icon will tell you the certification, identification and other information regarding the specific site you are visiting. Another way to tell whether or not a website is secure is by noticing if the site URL starts with http or https. Websites secured by SSL begin with https.

Why do you need SSL?

If you are planning to have an online shop of any kind, then it is so important for you to secure your site with SSL. It has actually become a requirement for some payment plans such as Stripe, PayPal Pro, and Authorize.net.  Adding an SSL certificate to your site helps you to help your customers, which in turn, helps you. When a customer feels secure, they are more likely to purchase a product. Everyone wins! Another added perk to adding an SSL certificate is that it can actually boost your SEO ranking! Google has recently started using HTTPS and SSL in their search results as a ranking signal. When it comes to good SEO, every little bit counts! Learn more about SEO here.

How to get an SSL certificate

First things first, check with your host! Many hosting providers actually include free SSL certificates within their plans or they sell them form a third party at a discounted rate. If you have to purchase a certificate, pricing typically ranges depending on your needs. We suggest talking with your host or their SSL partner company for the best option for your site. If your host does not provide SSL certificates or offer an easy way to add them then it might be time to find a better host :). Either way, we recommend you go through your host to get the SSL certificate and not through some other third party site on your own which can be more complex.

Setting up your WordPress site for SSL

Once you have had your host install SSL for your domain, it’s now time to set it up in WordPress. The first thing to make sure is that you are not redirected and your site shows up if you navigate to your URL using https:// at the beginning of your domain. This is the important first step. Once you can validate that your SSL certificate is connected then it’s time to change all the URLs on your site to use https instead of http

Step 1:

Login to your admin and click on Settings > General. In both your WordPress Address (URL) and Site Address (URL) make sure to change the protocol to https and click save. This will make you log back into your site.

Step 2:

Next, we need to make sure all your images, scripts and other resources are using https. You can check the site and if you have any resources loading through http your browser URL box will show this:

And we want it to look like this:

The easiest way to update all the strings in your site is to install Better Search Replace plugin, run a search, then replace through your site’s database for every instance of http://www.yourdomain.com to be replaced with https://www.yourdomain.com

*NOTE: Make sure to change “yourdomain” to match that of your domain and that you select the option to make changes to every database table.

Better Search and replace example

That’s it! Your site should now show secure with all your resources running through https. If you’re running into any issues you can get support on the support forms.