I have a couple client websites with HTTPS and a SSL certificate installed but this was quite expensive and a lot of administration involved to get it up and running with certificate installation and a dedicated IP address hosting account. These websites offer e-commerce/online payment directly on the site and it used to be that was the only time HTTPS was required.
Not so any more.
“It’s time to move ALL your WordPress websites over to HTTPS … and start creating EVERY new site with it from the start. In a few years (or hopefully much sooner), every website will be secured through SSL. If you’re not moving to HTTPS, then you’re going to get left behind. ” says iThemes Security.
Here are 4 compelling reasons to move your WordPress website to HTTPS:
- SECURITY — SSL protects your site’s data and your website visitors. It encrypts data transferred over the web, like form submissions and credit card transactions.
- SEO — Google says it’s time to move your sites over to HTTPS. They are now giving a search ranking boost to secure sites. Simply put, you’ll rank better with an HTTPS website.
- E-COMMERCE —If you’re taking any payments on your website, SSL is non-negotiable. SSL is an absolute must for e-commerce and membership websites.
- AFFORDABILITY — In the past, SSL certificates could get expensive, but the rapidly transforming web landscape has made switching to SSL practical and affordable.
But here’s the deal … most of us (me included) don’t know where to start and how to move to HTTPS without messing things up. You could potentially break your website, experience downtime or lose important analytic data if you do it incorrectly. So I’m going to record, step by step, my workflow as I go through learning the process using cpanel.
The Cost of Securing WordPress with HTTPS and SSL
The other issue I am exploring is cost. In the past, an SSL certificate would cost anywhere from $50 – $200 annually and you also need to upgrade your hosting account from shared hosting to dedicated IP which would coast an additional $100 depending on your hosting provider. Today, there is FREE security offered for WordPress called “Let Encrypt” if you server happens to have it install. Well, they probably do but continue to extort money from us by continuing to charge. Here’s a link to an article listing hosting companies offers FREE SSL certificates: http://www.wpbeginner.com/wp-tutorials/how-to-add-free-ssl-in-wordpress-with-lets-encrypt/
Also, a security certificate does no longer require dedicated IP address. “Cpanel made this possible about a year ago.” That said, if you find the right hosting company you should be able to move to HTTPS with SSL for FREE. Unfortunately, my current hosting environment does not offer the Free options so I will research the best and most affordable possible solution.
How to Secure WordPress with HTTPS and a Security Certificate with Cpanel:
- Open your sites cpanel usually at yoursitename.com/cpanel and under the SECURITY TAB select SSL/TSL.
- Select “Certificate Signing Requests (CSR)” Use this form to generate a new certificate signing request for your domain. Your SSL certificate authority (CA) will ask for a certificate signing request to complete the certificate purchase. The owner of the site will be contacted for verification. GENERATE the request and keep the request code open in your browser window.
- I’m using RapidSSL, a division of GeoTrust, because my hosting server recommended. In a new browser window go to https://www.rapidssl.com/ and select Single domain for $59. You will need to set up an account with them.
- Follow the prompts and fill in the form. Make payment with credit card.
- On the next screen Select you server: Apache, then skip step 2 (we already generated a signing request), jump back to cpanel and copy and paste the Encoded Certificate Signing Request starting at —–BEGIN CERTIFICATE REQUEST—– and ending at —–END CERTIFICATE REQUEST—–
- Now we wait until the site owner verifies ownership and we will be contacted by email. A NOTE ABOUT VERIFICATION EMAIL: You will to assign an email address to the domain owner, the choices are the email contact from the domain registrar or email@example.com so make sure one of those emails are operational. If the domain registrar info is private you will need to set up firstname.lastname@example.org.
- In the mean time install a WordPress plugin called Really Simple SSL.
- When the email arrives click the link to download the certificate. For step 1 select Apache server.
- Unzip the file jump back to cpanel and click on Install and Manage SSL.
- Use the upload feature and navigate to the .crt file you downloaded. Once upload click the install button.
- Activate the REally Simple SSL plugin and should be good to go!