SSL for WordPress

The Need for Better Security with WordPress
It’s no secret that WordPress websites are vulnerable to attacks by hackers. It’s been reported that of the million-plus websites hacked every year, 75% of those were WordPress websites. This is in large due to themes & plugins which, when not updated, become access points for hackers. It’s becoming increasingly important that anyone using a WordPress website to collect payments from selling products or to manage users and account information should be doing so with an SSL certificate.

Vendors Require Security
Payment vendors like PayPal, Authorize.net, & Stripe require secure connections when performing payment transactions. Google announced in 2014 their plan to use SSL & HTTPS as indicators for ranking websites in search results. Basically, websites with HTTP & SSL are ranked higher in Google search engines improving search engine optimization (SEO) for the site. Websites without SSL technology are ranked lower.

WordPress announced plans in December 2016 to push for greater security by limiting access to critical features such as API authentication used by WordPress developers only to websites using SSL technology. In addition, WordPress has ceased promoting hosting partners who don’t issue SSL certificates to hosted websites by default.

More Reasons for SSL Security on WordPress

  • Search engine optimization (SEO) improvement
  • Collecting & storing personal information
  • Running memberships sites and providing login accounts
  • Running e-commerce stores & selling products
  • Allowing file uploads & downloads

Purchasing an SSL Certificate
The WordPress SSL installation process begins with purchasing the SSL certificate. This starts with selecting a known Certificate Authority (CA). The first & obvious place to look is with the company hosting your website domain as they’re likely to offer a range of in-house or third-party SSL purchasing options. Some hosting plans include an SSL certificate so you may want to verify this before making the mistake of purchasing something you may already own.

SSL Requirements
There are no requirements for obtaining and installing SSL certificates on WordPress websites. The only requirement is having someone to install it for you.

The WordPress & SSL Installation Process
The first step in the installation process is determining the type of SSL certificate is needed for your domain. So it helps to become familiar with these as their prices vary according to use & business need.

Types of SSL Certificates
The first steps are determining which certificate is needed for the environment.

  • Single Domain Certificate: allows you to secure a single web domain name.
  • Multi-Domain Certificate: allows you to secure multiple domains on a certificate. Examples include:
    mydomain.com, mydomain.net, mydomain.us
  • Wildcard Certificate: allows you to secure a single domain with unlimited subdomains of that same domain. Examples include mydomain.com, help.mydomain.com, shop.mydomain.com.
  • Extended Validation Certificate: allows you to secure a single domain except it provides a higher degree of authentication and SSL protection. In addition, it turns the address bar green for visitors.

Once you have an idea of the type of SSL certificate you need, you need to have it installed. This is done within the hosting account in which you have your domain. If you find that the company hosting your domain doesn’t provide SSL certificates you’re able to purchase one from a third party vendor, also known as a Certificate Authority (CA). Examples of certificate authorities include GoDaddy, SSL.com, etc.
If you have no experience in this area then you’ll want to reach out to your website administrator. If you don’t have a website administrator you can usually pay to have it installed by the company providing the certificate. The one thing to note is that you don’t have to purchase your certificate from the company hosting your web domain. You’re more than welcomed to purchase from any certificate authority whose price matches your budget.

In most, if not all, cases SSL certificates are the same. Aside from the type of certificate, there’s nothing special that can be added to an SSL certificate so regardless of who you purchase it from you get pretty much the same features.

WordPress SSL Certificate Installation
When it comes to installing the SSL certificate on the WordPress website you have the choice of doing this manually or using a plugin to assist in the process. There are a number of plugins residing within the WordPress Plugin Repository for you to choose from. What you need to know is that the purpose of an SSL plugin is to help set up the website without any manual effort from the website owner. This should include modifying the .htaccess file and adding the new re-direct URL. If not this is something which will need to be done manually.

The final test in the SSL certificate installation process is verifying a successful installation and configuration. This is easily done by navigating to your website and verifying it’s URL prefix to have changed from HTTP to HTTPS. In addition, you want to check images for broken links as the URL prefix change is likely to change for any images on your website.

Back to top