How to setup SSL for WordPress site

wordpress setup sslIf you’re selling goods or services via your site, it’s mandatory to have the SSL certificate so you can safely process the credit cards. SSL adds an layer of encryption to HTTP request that determines is the recipient authorized to decrypt / read all the data that is being transferred back and forth. In other word, the SSL is preventing unauthorized access to all the site data and communication between point A and B.

The point A could be your site, while B could be the online payment service that is processing the credit cards. A to B without a possibility for a “third party” interference. (For instance a “third party” could be the hacker trying to intercept the communication and grab the c. cards info) When you install and activate the SSL, your site URL will change from HTTP:// to HTTPS:// ,so the proper redirections are required, but I’ll talk about it later on.

Why do I need SSL?

  • Security – as mentioned above, the security is a #1 concern. Imagine that one of your clients was using the unprotected public WI-FI to buy something on your NON-SSL site, and things went bad… CC info hijacked, a few grand missing from his bank account… guess who’ll be the first person he’ll blame! You! Who else! Because the only transaction he made that day was the one in your online store. Not to mention what may happen with your business if the client leaves a negative review online..
  • Credibility – People are getting more and more aware about the online security and they expect to see the SSL green padlock in the address bar, especially if the site is an online store. SSL can make them feel more safe & secure, which may result in more sales, leads etc… You can also increase your conversion ratio by putting the SSL verification badge on some visible spot, the shopping cart for instance.
  • SEO – Google officially announced that SSL is now important for the SEO. Many site owners noticed a traffic increase since they switched to HTTPS. From my personal experience, don’t expect some dramatic change, but, still you can never know, it all depends in what field you are, what you’re selling etc… but, anyway, it’s worth it and affordable, so why not to try it out.

What SSL certificate to buy?

There are many ssl certificate issuers online and the pricing is pretty much similar unless there’s some discount available, coupons etc… Some of the popular providers are GeoTrust, Comodo, Digicert, Thawte, GoDaddy and others. If you need a basic SSL protection, I recommend the Comodo Positive SSL, it’s around $9 per year. If you’re looking for something more serious and noticeable, you could go with a EV (Extended Validation) certificate that adds the green bar in the browser.

Just to clarify, the cheap certificates have only the green padlock with a word “Secured”, while the more expensive ones, like EV have a completely green bar. See the EV cert. example below.

ssl ev certificate

The EV cert. pricing is usually over $100 a year, but a few days ago I noticed a huge discount on Comodo EV was only $88/year. If you ask me which one to choose, the cheap one or EV, I would say that it all depends on your budget and your businesses goals. The cheap certificates are issued right away, while for the EV you would have to wait a little bit till the all paperwork is done.

Forgot to mention the flexible SSL, everyone are talking about it. That’s a free SSL cert. you can use via Cloudflare caching service, but believe me, it’s not worth the hassle. Some people even saying that it does not provide a full encryption, which may lead to security breach… Why to risk, just get the Positive SSL for 10 bucks and you’re all set.

How to setup the SSL and add it to my WordPress site?

If you have a little bit of tech knowledge, then this is something you can do on your own. In this tutorial I’ll explain the entire process, the purchase of an affordable SSL, activation and a WordPress configuration. I recommend the Namecheap provider for domains and SSL, they’re ok, easy to use interface, decent pricing, good support etc… (just don’t use their hosting!) In order to buy the SSL cert., go here: Namecheap SSL certificates , add the PositiveSSL to cart, go through the purchase process and create an account if you don’t have one already.

After the purchase, go to the Dashboard >> Product list and activate the SSL. In order to fully activate it, you’ll need to enter your site URL and add the CSR code. The CSR code can be generated by your host. If you’re using the Cpanel hosting dashboard, find the SSL options and generate the code for your domain. After you generate it, paste it inside the SSL settings on the Namecheap.

If you’re not sure how to do all of this, just contact your hosting support and they’ll get everything sorted out, free of charge. There’s one more step you have to do. Inside the SSL settings in the NC panel, find the domain verification option, download the text file and upload it to your website root directory.
Example: , so the NC can verify the domain ownership.

namecheap comodo

After you’re done with the verification and a CSR code, wait till you receive an email with the SSL cert. code. After you receive it, go back to Cpanel and install the SSL by using the .CRT file you received in the email. Sometimes, you’ll also have to install the bundle file.

When the HTTPS is activated, log in to your WordPress dashboard, go to Settings >> General and change both URL’s to HTTPS so they look like this or if you’re already using the WWW prefix.

After you hit the save button, the WP will force you log in again. Now go to the plugins section, Add new, search for Better Search and Replace plugin. Install it, activate and go Tools >> Search/Replace. Type in the words you want to replace on an entire site. In this case, we want to replace all nonSSL links with SSL. In the first field type in your old URL and in the second one type in the new one, with HTTPS. Select all tables from the list by holding the CTRL keyboard button, uncheck the “Dry run” checkbox on the bottom and replace all the links.

Only a few more things to go… browse your pages and see does the green padlock is showing some errors. If it does, that means that some of the URL’s on your page are not encrypted. There could be some photo linked from an external site, for instance. Replace such file URL’s and all errors will disappear.

Sometimes you may experience some odd redirection issues, so in order to be sure that everything is configured properly, simply install and activate this plugin, no need to change any plugin settings etc…

If you’re using Google Analytics and the Webmaster Tools, don’t forget to update the links. What is worth mentioning is that 301 redirects you already configured are able to preserve all the SEO value and backlinks you have.
In the past, people had issues after switching the site to new URL’s, now that’s a completely safe thing to do if everything is configured properly.