What is HTTPS?
Every website URL in the various browsers displays either “HTTP” or “HTTPS” at its start. But, the HTTP is an abbreviation for HyperText Transfer Protocol, while the S in the HTTPS in an abbreviation of Secure. This abbreviation explains the protocol that is used in the transfer of data between the website you are using and your browser.
Besides that, HTTPS makes sure there is an encryption of all the communication that happens between the website you are observing and your web browser. Therefore, the transfer data information can only be seen by the sending and receiving computers.
However, other computers might have the ability to access it but reading the information is impossible. If the website you are viewing is among the secure websites, your web browser displays a padlock icon at the start of the URL as a notification.
Nonetheless, every website that collects either medical information, payments, passwords, and any other critical information should have HTTPS. But, did you know you can get a free and valid SSL certificate?
How does Web Security Function?
For you to activate HTTPS, you should install an SSL certificate. The SSL stands for Secure Socket Layer. This certificate has a public key that is required to start the session safely. Whenever a web page connection asks for an HTTPs, the website you want to access sends the SSL certificate to your browser.
After that, your website and browser start an “SSL handshake” that involves sharing “secrets” to start a safe connection between your site and browser.
Difference between Standard and Extended SSL
A padlock icon will appear in the URL section of the browser if a website uses a standard SSL certificate. On the contrary, the URL or the address bar will be green if a site uses an extended validation (EV) SSL certificate. The standards of EV SSL are beyond those of Standard SSL.
Besides this, the EV SSL offers identity guarantee of the domain owner. Also, getting an EV SSL certificate is not easy, as applicants are required to undergo a stringent examining process to verify their ownership and legality.
Reasons why you Should have a SSL Certificate?
Whether your website receives and transmit critical data or not, here are some reasons why your domain should have a free and genuine SSL certificate for a reliable website:
Assurance/ certainty: if your WordPress website is not safe and it gets the user’s credit card details, and passwords, then Chrome version 56 users will get a warning that your website is unprotected. As a result, most web visitors who are non-tech-savvy will leave your site immediately due to fear of the unknown.
However, if your website is safe(protected), visitors will be comfortable to leave a comment or fill out any registration form on your site. Also, Google owns a long-term strategy of displaying all HTTP websites as unsafe(unprotected) in Chrome.
Where can you obtain a free SSL certificate?
If you are in search of an SSL certificate, you can get it from any certified certificate authority. Here are some dependable free sources:
- GoDaddy: Provides free certificates that are valid for 1 year to open-source projects.
- StartSSL: Offers a certificate that is effective for 1 to 3 years.
- CloudFlare: This certificate is free for individual blogs and websites.
- Let’s Encrypt: Its certificates are legitimate for 90 days, but it is advisable you renew them at 60 days.
- FreeSSL: Currently, this certificate is free for startups and nonprofits. However, it cannot be a RapidSSL, GeoTrust, Thawte, or Symantec client.
Even so, the kind of certificate and the duration of validity depends on the authority. Many authorities provide the standard SSL certificates for free, but their EV SSL certificates get charged. Additionally, CloudFlare offers free and premium plans, as well as different extension choices.
Factors to consider when obtaining an SSL certificate
According to Google, you should get a 2048-bit key certificate. Besides that, if you own a 1024-bit certificate, they consider it weak and suggest you upgrade it. You should decide if you want a wildcard, multi-domain, or single certificate:
- Wildcard certificate is for a protected domain with multiple strong sub-domains, such as abc.com
- Multi-domain certificate is for many popular domains like helpbot.net ,www.example.com, example.co.uk.
- Single certificate is for a single domain, such as www.example.com
How to Install an SSL Certificate?
Your SSL certificate can be installed at a fee or for free by your website host. The cPanel dashboard of some hosts features a Let’s Encrypt installation choice that enables you to install the SSL certificate easily.
So, ensure you ask or look for a host that provides the Let’s Encrypt direct support. In case this service is not offered by your host, you can request your web developer or maintenance company if they can install the certificate on your behalf. Looking for a WordPress maintenance company? Helpbot is there for your rescue.
Also, you should be ready to renew the certificate after some duration. Ensure you have confirmed the duration with the certificate authority. For easier installation, you can partner with a completely managed hosting provider, as they will handle everything on your behalf.
Additional things that you need to do
Once you get and install your SSL certificate, you should force it on your website. Also, you can request your web developer, maintenance and host to do so on your behalf. Even so, if your website is in WordPress and you would like to do so by yourself, you can use a plugin to download and install the certificate.
In case you are using a plugin, ensure you have checked if it is compatible with your WordPress version, the installation instructions, and reviews. The most common plugins for forcing SSL are:
Really Simple SSL.
Ensure you have first backed up or clone your site and cautions when implementing this process. A single mistake can lead to many problems, such as:
- Images will not show.
- Visitors might not view your website.
- Colors and topography not displaying effectively.
- Failure of scripts to load, hence affecting the function of some of your site features.
Setting up server side 301 redirects
You are supposed to redirect search engines and users to the HTTPS pages through 301 redirects of the .htaccess file found in the root folder of your server. It is good to note that the .htaccess file is invisible, thus the need to ensure you have set your FTP program to show hidden files. For example, if you are using FileZilla, locate the server and then force display hidden files.
However, before adding your redirects, you should back up your .htaccess file. To set the server side 301 redirects, you can remove period on the server to rename the file temporarily, followed by downloading the file, and finally adding the period back to the file on the server.
Modify the analytics settings
Once you have undertaken these steps, you must change your chosen URL in your Google Analytics account to display your domain’s HTTPS version. Failure to do so will make your traffic stats to be off as the HTTP version of your URL is viewed as a different website on the HTTPS version.
Besides that, you must add the HTTPS domain in your Google Search Console account as it takes HTTPS and HTTP as different domains.
Finally, you should always remember that switching from HTTP to HTTPS resets the number of shares in your active social sharing buttons.
WordPress security is vital for any WordPress website owner and user. If you are serious about your WordPress business or website, you should get a valid SSL certificate, as this will ensue trust in your website users towards your website.
Facing any WordPress related issues? You can always get WordPress Help.