HTTPS on WordPress – Why Your Website Needs an SSL

HTTPS on WordPress Illustration

This page may contain affiliate links. These links may result in us receiving compensation from the website we've linked. When sharing this type of content, we provide our accurate opinions about the product or service - not a prepared statement from the company providing the compensation.

Cyber-attacks are becoming more common and sophisticated every day. Protecting your website from hackers is vital to keeping customers safe, as well as safeguarding any data they enter while on the site.

One way that we can secure a website is by installing an SSL certificate on the webserver, protecting data sent between the website visitor and the webserver.   Installing an SSL certificate does not need to be a costly or timely process if you’re willing to get your hands a little dirty.

Let’s start with the basics, what is an SSL certificate and why do websites need SSL certificates?

To put it in simple terms, SSL certificates are how web browsers can verify that websites are indeed who they say they are. 

When you go to an https secured website, the URL will change from just plain “HTTP to” “https” and the address bar will turn green, showing a lock icon. When you do this, it means that any data you submit to that site is encrypted between your web browser and the website. This data includes all of your contact information like name, street address, email etc… If someone were able to intercept this data along the way, or simply watch you type your password for a site it would be almost impossible for them to read it. 

What type of website should have SSL certificate?

Any website that deals with user-submitted information should have an SSL certificate. This usually includes e-commerce sites, businesses, and any other site which requires users to submit credit card info, etc…

In reality, every website should have an SSL certificate, there is really no reason not to.  

SSLs improve site security, customer trust, and search rankings.

Can an SSL help me rank better on Google?

Google made it very clear how much they value HTTPS in search rankings when they announced that “HTTPS as a ranking signal” on Google search. 

We won’t go into a lengthy post about how much of an impact SSLs have on search rankings, but there is no doubt that having an SSL certificate has a positive impact on your page’s ability to rank. If SEO matters to you, get an SSL setup for your website as soon as possible. 

Is an SSL required for web stores?

If you’re running a web store or other e-commerce website, it’s very important that you have the SSL certificate in place. 

Since your site involves a checkout that collects personal information and payment details, a secure, HTTPS connection is necessary.

If your website doesn’t have an SSL certificate you could lose a lot of business. People do not want to submit their information and credit card numbers on sites that do not take security seriously, especially since the browser will say Not Secure next to your web address.

HTTPS Security for Web Servers

How do I know if my website has an SSL certificate?

If you want to double-check if your website’s SSL certificate is set up, you can do an “HTTP://” instead of an HTTPS:// and see how the address bar changes. 

Instead of the regular internet connection page how it is when not on an HTTPS site, it will have a padlock icon in front of the URL. If your website does not have an SSL certificate, now is the time to look into how to get one.

How can I tell if my SSL certificates going to expire too?

SSLs can expire within a few months to upward of a year and require some type of renewal process. If you’ve purchased an SSL from your web host or domain registrar, they will most likely email you in advance, to let you know it’s time to renew.  Don’t rely on your hosting provider to remind you of an upcoming SSL renewal, or you might end up with an expiration certificate.

To keep track of how much time is left how your SSL certificate and how to renew it, you can use a service like StatusCake or Uptime Robot to monitor your SSL certificate and get notified before it expires.

Don’t ignore warning signs or errors messages that say your encryption credentials have expired or that the certificate for this server is invalid!  Renewing your certificate and fixing encryption credentials will prevent a drop in search traffic and loss of sales.  Resolving the warning message for “the certificate for this server is invalid” is usually as simple as removing and re-applying your SSL certificate. 

If you don’t have an SSL certificate available, you can use Let’s Encrypt to get an SSL certificate for free.

After installing an SSL certificate on my web hosting, what changes do I need to make to my website?

Depending on your website configuration, the following steps will vary. If your site uses a CMS, like WordPress, you likely need to update global settings, telling the website to redirect non-secure (http://) traffic to the secure URL (https://). This will make sure every user visiting the website does so with a secure connection. 

You may have to do more than this to allow your website to have a no-conflict, SSL-secured connection. For instance, in WordPress, you may need to run a plugin like Go Live URL updates, to change all instances of http://yourdomain.com to https://yourdomain.com 

How do you add an SSL certificate to WordPress websites?

Securing your WordPress website takes a few steps. First, you need to install an SSL certificate on your web host. If your hosting has cPanel, you can use Let’s Encrypt to get a free SSL certificate. 

There are WordPress plugins that can help you connect Let’s Encrypt to install a certificate. Alternatively, you can buy an SSL from your web host, but you’ll still have to install the certificate yourself.

Once you have the SSL certificate, the next step is how to set up WordPress HTTPS.

You can do this by logging into WordPress and then go to Settings.  For the site URL and home URL, change http:// to https://.  When you save the settings, there’s a good chance you’ll get logged out of WordPress. This is normal. Go ahead and log back into WordPress.

Install Go Live URL, and activate it.  On the sidebar in WordPress admin, go to Tools and look for Go Live URL updater.  On the settings page for Go Live, scroll to the bottom and you’ll see two input boxes:  one for your old URL and one for the new URL.  Enter them as followed (swapping in your domain of course):

Old URL:  http://mydomain.com
New URL: https://mydomain.com 

Click update. If your website has a caching plugin, clear your cache.

Visit the website in a new browser, or incognito tab. If you see a padlock, your SSL is working and the next step is to visit the frontend of your website and click around. View a few pages, and if the padlock is present on each page, you’re done!  

You should deactivate Go Live URL and remove the plugin as well.

What is Let’s Encrypt?

Let’s Encrypt is a service that provides free SSL certificates for website owners who want to increase their website security by forcing a secured connection via https://. 

By doing this, HTTPS will secure your webpage so data being passed between the client (website visitor) and server (your website hosting location) are encrypted. 

Do I need Positive SSL or a paid SSL?

Someone might tell you that you need to buy your SSL certificate. The truth is, for most websites, you do not need Positive SSL certificate or a similiar overpriced SSL certificate from companies like GoDaddy. Let’s Encrypt will provide your site the secure, https connection you’re looking for.

My SSL padlock is missing what should I do?

If your website doesn’t have a padlock when you look next to the web address in your browser, then you most likely do not have an SSL certificate, it’s not installed correctly, or you may have a mixed-content error (some HTTP and some HTTPS). 

The easiest way to troubleshoot an SSL error, for non-developers, is to use a tool like WhyNoPadNock. This tool is easy to use and the results don’t require a technical degree to understand!  Here’s another good web tool for checking your SSL certificate status.

Do I need a WordPress Plugin for HTTPS WordPress?

When you do it correctly, you do not need a plugin to get HTTPS on WordPress, or to keep HTTPS active on a WordPress website.  Plugins like Really Simple SSL are not used by experienced developers and if you can help it, you shouldn’t use it either.

Hire a Professional to Install Your SSL Certificates On Your WordPress Website

We have years of experience securing WordPress websites and adding SSL certificates to web servers. Let us install and set up your SSL certificate for you.

Contact Bocain Designs to see how we can help you get an SSL certificate setup (https) on your WordPress website.

Website Content Optimization Graphic

Offer Your Website Visitors the Best User Experience Possible!

Boost your conversions with our guide to creating a successful sales or landing page!

This field is for validation purposes and should be left unchanged.