Posted on January 9, 2017 by Colin Newcomer in Tips & Tricks |
Does the idea of improving your search engine rankings and offering your visitors better security sound like something you’re interested in? What if I upped the ante and told you it wouldn’t cost you a penny? SSL certificates secure your website’s connection and boost its rankings in Google. And now, thanks to services like Let’s Encrypt, you can actually get a free SSL certificate for your website.
Yup, all of the benefits of SSL, none of the costs!
In this post, I’m going to dig into what SSL certificates are, how they benefit your site, and how you can get your very own free SSL certificate. Then, I’ll even share a super simple plugin that makes getting set up with SSL on WordPress an absolute breeze.
Have you ever noticed how sometimes websites start with “http://” and then sometimes they start with “https://” and have a green padlock nearby? If you have, you’ve seen the end result of an SSL certificate. But what you haven’t seen is what goes on behind the scenes.
SSL stands for Secure Sockets Layer. Essentially, SSL establishes an encrypted link between your web server and your visitor’s web browser. This ensures that all data passed between the two remains private and secure.
With an unsecured HTTP connection, third-parties can snoop on any traffic passing between your reader’s browser and your web server. Obviously, this is a huge issue if you’re passing sensitive information like credit card numbers.
But nowadays, many entities, including Google, are pushing to use secure HTTPS connections for all traffic, even things you might think are mundane.
In the past, the only time an average webmaster needed to care about SSL was eCommerce. But that all changed in late 2014 when Google dropped a bomb:
SSL was going to be rolled out as a ranking factor.
That’s right, sites that use SSL certificates get a boost in the SERPs. It might not be a huge boost, but I think you’ll agree with me that any boost in search rankings is a good one. When I moved my portfolio site to HTTPS, I experienced a notable bump in my search rankings.
But now Google is going even further. Starting in January 2017 (AKA right around the corner), Google will mark “HTTP pages that collect passwords or credit cards as non-secure.” That means your WordPress login page will be marked as non-secure if you’re not using HTTPS. Here’s what that change will look like in Google Chrome:
Google eventually plans to expand this feature to treat all HTTP pages like this:
You definitely do not want all of your users seeing that in their URL bar…
So, in addition to offering a benefit to your readers by securing their connection, you also have both a Google-provided carrot and stick to motivate you to use an SSL certificate for your WordPress site.
I don’t want to dig too deeply into premium SSL certificates because it deviates too much from the goal of this post (free!). But very briefly, there are a number of different SSL certificates you can choose from. Each offering various levels of trust.
For example, Elegant Themes sprang for one of the premium SSL certificates, that’s why they get their company name next to the green padlock:
I used a free SSL certificate, so I only get the green padlock:
Both connections are secure, but Elegant Themes’ certificate offers Extended Validation and higher levels of security.
An SSL certificate like Elegant Themes uses typically costs somewhere around $150 per year. This expense makes sense because Elegant Themes processes payments.
But if your site, like mine, doesn’t process payments, you’re totally fine to use a free SSL certificate.
If you’re just running a regular WordPress site and aren’t handling any super sensitive information (like credit cards), you can get a free SSL certificate from a service called Let’s Encrypt.
This certificate will give you all of the benefits of SSL without costing you a single penny. And here’s the best part:
Most major hosting providers are partnering up with Let’s Encrypt to make installing an SSL certificate totally painless.
Here are two ways to get your free SSL certificate from Let’s Encrypt:
As I mentioned, many hosts are partnering up with Let’s Encrypt to add free SSL certificates directly inside their customers’ cPanel dashboards. For example, if you’re hosting at SiteGround (as I am), you can install an SSL certificate in about two seconds from your cPanel dashboard. You just have to find the Let’s Encrypt button:
Then, all you need to do is select your desired domain and click Install:
Here’s a full list of web hosts who offer direct support for Let’s Encrypt. The process for most supported hosts should be similar to SiteGround.
If your host doesn’t support Let’s Encrypt, you may still be able to get your free SSL certificate by using a website called SSL For Free.
The site will help you configure Let’s Encrypt certificates. But, you will need access to your site’s FTP details and potentially support from your host.
If at all possible, you should try to find a host that offers direct Let’s Encrypt support because it greatly simplifies the process.
While Let’s Encrypt is the most popular free option, it’s no longer the only show in town. Here are some other options:
Once you get your SSL certificate installed, users will be able to view a secure version of your site by going to “https://yoursite.com”. But just because your HTTPS connection is active doesn’t mean you’re finished.
To properly configure WordPress to work with your SSL certificate, you need to make some changes. You could do this manually…or you could use an awesome plugin that does everything for you.
Really Simple SSL handles the whole process. Just install it and run the plugin and it will make all the necessary changes.
Just be aware – you will naturally get signed out of WordPress when you run the plugin. This is because the plugin changes your default URL from “http://” to “https://.” All you need to do is log in again with your normal login credentials. No need to be alarmed!
Because of how Google is pushing SSL, it’s not something you can ignore. Right now, you’ve got the carrot of improved search rankings. But Google is showing they’re not afraid to use Google Chrome to “punish” sites who don’t move to SSL.
Given that you can now get a free SSL certificate from Let’s Encrypt and others, there’s no reason not to protect your visitors’ connections and boost your search engine rankings in the process.
Have you already moved your site to HTTPS? Did you notice any change in your rankings? It would be awesome if you shared in the comments.