SSL for your WordPress
Quick Answer: Depending on where you get your SSL certificate and how you install it, you may need to take extra steps to fully enable https. EastTexasDesign, for example, has a free SSL certificate. But there are multiple places with hard-coded HTTP:// content. (no S, not secure)
WordPress offers some great free plugins to help with these scenarios. Please note that these are for AFTER your SSL certificate is installed, if you are having problems with your site not fully encrypting:
Really Simple SSL – This is the first plugin I would suggest you try. Back up your website (always a good practice before making changes). Install Really Simple SSL. Activate and browse your site to make sure all is good!
SSL Insecure Content Fixer – When Really Simple SSL wasn’t quite enough. The next thing to try is SSL Insecure Content Fixer.
WordPress HTTP (SSL) – I have only had to use this plugin on one site. My experience has been that Really Simple SSL usually does the trick, with the occasional need to add SSL Insecure Content Fixer. WordPress HTTP (SSL) will be harder on your website’s resources. So give the other two a chance first.
What is the purpose of https?
Correctly using an SSL certificate will let you start your webpage addresses with https:// and display a green lock icon in many browsers. This tells savvy visitors that their information is being encrypted as it goes between your server and their device. (computer, tablet, smartphone, etc…)
HTTPS does not necessarily mean that the websites you are dealing with are secure. So please, do not take this as a green light to share sensitive information such as your credit card number with companies that have not taken other steps to build a good reputation and gain your trust.
Do I need an SSL certificate if I don’t take credit card numbers on my website?
A few months ago, search engines and browsers officially started making a much bigger deal out of SSL certificates. The purpose is to help users identify which websites are keeping their information more secure.
Your website will still work without an SSL certificate. But you are still strongly encouraged to have one for the following reasons:
- If you collect ANY information on your website, I encourage you to give your visitors a little more peace of mind with the help of SSL
- Have you heard of GDPR? Several countries insist that you keep information secure, give visitors the option to avoid having their data collected, and give visitors the opportunity to have their data removed from your servers. This point is more relevant if you target visitors from the EU. Serving your content over https is one step that you can take toward this goal.
- Do you want your website to perform well in search engines? The lack of secure pages only hurts your chances of ranking well.
- Do you want visitors to trust your website? As stated before, browsers are making a bigger deal out of SSL too. Google’s Chrome, for example, writes “Not Secure” before my address on a website that I have not added https to yet.
Where to get an SSL Certificate?
Getting the SSL certificate from your webhost increases the chances that it will just work! But you may want to use a free certificate or have some hard-coded non-secure URLs. Many webhosts including EastTexasDesign) offer a free SSL with your plan! As do LetsEncrypt and Cloudflare. (More articles on those coming soon. – I wrote them months ago but forgot to hit publish! I need to recheck some facts to make sure stuff hasn’t changed before I post.)