When it comes to the internet, security is king.
All websites must have SSL certificates for visitors to trust that they communicate with the correct website without being hacked or spied on by a third party.
This article will explain how to set up an SSL certificate on your WordPress website!
What is an SSL certificate?
SSL is a standard security technology for establishing an encrypted link between a web server and a browser. It’s also known as Secure Socket Layer (SSL) or Transport Layer Security (TLS). It ensures that all data sent between the web server and browsers remain private.
Users can easily recognize SSL-secured sites by their green lock symbol in browsers like Chrome and Safari, which will help boost your SEO rankings.
In July 2018, Google announced that it would display “not secure” warnings on pages with no HTTPS certificate when users accessed them through the Chrome browser.
There are many reasons to add SSL, including:
- Improving customer trust
- Reducing the risk of third-party intrusion (such as phishing)
- Protecting personal information on your website
Furthermore, setting up SSL for WordPress is easy and doesn’t require fancy technology or expensive software. In just a few minutes after installing the plugin, you can set your website to use HTTPS with an SSL certificate from Let’s Encrypt.
How does Google penalize HTTP websites?
Google penalizes websites that don’t use HTTPS, a secure website protocol. This helps prevent phishing scams from taking place and encrypts the data transferred to make it more difficult for hackers to steal personal information.
It’s essential for websites that get traffic from Google Search results to use SSL, or else the site will appear as “Not secure” in your browser.
How to add an SSL certificate in WordPress
This article covers the steps you need to take to add SSL in WordPress, including updating Google Analytics and Google Search Console.
Step 1: Add WordPress HTTPS by installing your SSL certificate
SSL certificates are what get you the HTTPS connection for your WordPress site. Let’s Encrypt is a free and widely supported certificate, making it easy to implement on shared web hosting providers.
First, you contact your hosting provider’s support and ask them to help you install an SSL certificate. Alternatively, you can consult their online help articles or follow specific instructions for installing the certificate.
Several hosting companies offer automated and free SSL certificates – our favorite is Skystra, which also offers a free one-month trial.
Step 2: Install and configure the Really Simple SSL plugin
You can also use a free WordPress plugin to handle the SSL usage on WordPress automatically for you.
Here are the steps to set up an SSL certificate on WordPress using a plugin:
Login to your WordPress dashboard and head to Plugins > Add New option.
In the search bar in the top-right corner, type in Really Simple SSL, and click on the Install Now button:
Once the Really Simple SSL plugin is installed, click on the Activate button to activate it:
Head to Settings > SSL section and click on Go ahead, activate SSL! button:
If you see any issues with mixed content on your website (showing both HTTP and HTTPS URLs), go to the Settings tab of the plugin configuration screen, and enable the Use alternative method to fix mixed content option:
If you use a caching plugin on your website, purge all cache before testing your site again.
Step 3: Verify WordPress HTTPS success on the front-end
Ensure that the redirects between http:// and https:// automatically work. The browser bar should now say “HTTPS” if you have successfully configured the site with HTTPS.
Next, ensure you see the “green padlock” on all of your site’s pages.
Step 4: Update Google Search Console
Sadly, you cannot simply modify your site’s URL if you’re using Google Search Console. You’ll need to create a new HTTPS version to create a new property. Navigate to the Google Search Console website and click the Add Property button.
Add your site by following the instructions Google provides. Additionally, you should include a sitemap for your site’s HTTPS version.
Once you’ve enabled the HTTPS version of the website, Search Console will continue to work normally.
Step 5: Update your CDN
If you’re using a CDN (content delivery network), you’ll almost certainly need to adjust your URL in the CDN’s configuration settings as well.
Because the actual procedure may vary depending on the CDN you’re using, make sure to check for up-to-date instructions from your CDN provider.
It would be best to contact your CDN or consult their help documentation to decide whether or not you may update your URL to HTTPS.
If you have no clue what a CDN is, you can skip this step entirely!
Step 6: Update social media links
If any of your social media accounts or other external websites connect to your WordPress site, you should alter all of these links to refer to the HTTPS variant of your website.
This isn’t required, as the Really Simple SSL plugin includes 301 redirects automatically transferring HTTP traffic to HTTPS. However, this is a best practice that avoids the need for redirects.
If you want to make your WordPress dashboard SSL and HTTPS-only, you may add the following line to the wp-config.php file:
define('FORCE_SSL_ADMIN', true);
Google and moving your website to HTTPS
Google has made it quite clear that SSL is a ranking factor. However, others are concerned that migrating to WordPress HTTPS would result in a short ranking decrease.
The general agreement is that no significant temporary ranking decrease will occur. This is a relatively simple one that Google will accept regarding URL modifications.
Nexym's editorial team handpicks all of the products and services it recommends, regardless of external influences. Affiliate links appear in some of our stories. We may receive an affiliate commission if you purchase something through one of these links, which helps us stay independent and support our great team.