How to get an SSL certificate for your WordPress site (and why you should)
You will probably have noticed that some website addresses begin http:// while others begin https:// and have a green lock icon in the browser address bar. The “s” in https signifies that the website is protected with Secure Sockets Layer encryption (SSL). SSL keeps the data passed between your web server and your website visitor’s browser safe from hackers looking to steal credit card details and other sensitive information.
Up until recently it was only banks and e-commerce sites that would use SSL, but now Google is encouraging everybody to change from http to https. They’re doing this by offering a small boost in search rankings to sites that have an SSL certificate.
On top of that, Google has promised to start regarding your WordPress login page (which collects sensitive password information) as insecure unless it’s protected by SSL.
All this means that it’s a really good idea to switch over to https as soon as you can.
What does SSL cost?
SSL certificates are offered in free and premium versions. If your site doesn’t handle any financial processing directly, then it’s OK to go with a freeĀ or low cost version. E-commerce shops that use a third-party payment gateway to process their payments will fall into this category. In other words, if you’ve got WooCommerce or other shopping cart solution and it’s hooked up to a payment gateway like PayFast or Payu, then you can stick with the free or lower cost versions. Customers are directed away from your site to the highly secure environment of the payment gateway to enter their card details and then are returned to your site when they’ve finished making their purchase.
However, if you’re actually collecting and processing card or bank details directly through your site you should go for a premium version, with costs starting in the region of R200/year (though you’d probably need something higher than that for absolute security).
There’s a very helpful article on Elegant Themes which explains all of this and shows how to go about getting your SSL certificate.
If your website is hosted with Webrabbit (using Hetzner) or if you are hosting independently on Hetzner, your free SSL certificate is already available and you just have to activate it. All you need to do is install the Really Simple SSL plugin as described in the above article and it will make all the necessary changes. (Or ask us to do it for you – see bottom of this page)
All other reputable hosting companies should also be offering SSL certificates, so find out if they have free options or purchase a premium version according to your needs. Then use the Really Simple SSL plugin to set it up on your site.
Google Analytics and Search Console
If you are using Google Analytics and Search Console, you’ll need to make some changes there once you’ve installed your SSL.
In Google Analytics, go to the Admin settings for your Property and look under View – View Properties. In the ‘Website’s URL’ list box, select https://.
In Search Console, Google advises that you have a property for each version of your site – both http and https, as well as www and non-www. This means you need to add and verify two new Properties: e.g. https://yourwebsite.com and https://www.yourwebsite.com.
Altogether you will have:
- http://yourwebsite.com
- http://www.yourwebsite.com
- https://yourwebsite.com
- https://www.yourwebsite.com
Seems crazy to have all those versions, but it does at least make sure all traffic is captured.
SSL installation for WebRabbit clients
It’s fairly simple to install SSL on your own if you read the article on Elegant Themes we mentioned earlier. However, if you want us to take care of it for you we will gladly do so. Just call or send us a mail and we’ll give you a quote.