SSL Certificates and WordPress

SSL certificate on your WordPress website increases security, improves performance, google ranking and your site's credibility - and it takes 5 minutes.

Why SSL encrypt?

You should enable SSL encryption of your website for several reasons. First, because Chrome visibly warns you if your site is insecure, and an insecure site seems dodgy even if you’re not submitting sensitive information on it. Several of the other browsers have announced that they are going to do the same.

Secondly, the newer and faster HTTP/2 protocol requires SSL encryption. 

Both speed and secure encryption affect your ranking in Google search results

Since 2018 when this article was written, the green colour is gone from the padlock, but the functionality and techniques are the same here in 2022

Bjarne

Get a free certificate in 5 minutes

If your web host offers cPanel, you will probably have a Let’s Encrypt SSL certificate generated automatically overnight. If you can’t wait, log in to cPanel, select SSL-TLS status, and then Run AutoSSL. Your certificates will be generated immediately. It takes a few minutes.

Check the quality of your certificates

You should check that you have a relatively modern certificate, and make sure it works in different environments. As of June 2018, it is recommended to use a TLS 1.2 certificate, but older browsers and operating systems may have trouble understanding it, so consider offering a TLS 1.1 certificate as well. If it is missing, you can contact your web hosting provider.

Qualsys’ SSL Server Test is one of the best online SSL audits and gives you a clear report on the quality of your SSL certificate, including which systems may not be working with your certificate.

Qualsys SSL certificate checker tells you which browsers your certificates work with.
Qualsys SSL certificate check tells you which browsers your certificates work with.

Automatic redirect to https://

When your site works via https://, you should make sure that visitors to the unencrypted http:// address are forwarded to the encrypted URL automatically. You can do this with a few lines of code in your website’s htaccess file, or, you can install and enable Really Simple SSL 

Fix “mixed content” errors and obtain the green padlock

If you still don’t have that green padlock, it’s almost always caused by referencing resources (images, css, javascript) via http.

Cut out the website address and paste it into whynopadlock.com. The page is tested, and WhyNoPadlock tells you exactly which files are causing trouble. 

WhyNoPadlock tells why the green padlock is missing
WhyNoPadlock tells you why the green padlock is missing

It’ s typically logo files or backgrounds. Most of the time it is sufficient to choose the media again, now that the site is configured to use https://. If this is not enough, the last resort is to search and replace http references to media with the Better Search Replace plugin. It’s rarely required, but should you want the process explained, please let me know in a comments below.

Summary

In short, your web host probably already offers SSL certificates for free. You can make sure the certificate is applied in a matter of minutes, even without writing a single line of code. That increases the security of your site, improves performance, google ranking and your site’s credibility in general.

Share this article

Leave a Reply

Your email address will not be published. Required fields are marked *