On today’s internet, we share more and more sensitive data such as bank and credit card details or login credentials, all several times a day.
As a site owner, especially if you have an online shop and/or handle banking or other sensitive information, you have a responsibility to keep it safe.
One of the most important steps in achieving this is to use HTTPS and SSL (Secure Sockets Layer) encryption on your site. So that’s what we’re going to talk about in this article.
In case you haven’t made the switch to HTTPS yet, you should really think about it, because Google is going to penalise non-HTTPS sites very soon.
It’s really recommended that every WordPress site or blog uses HTTPS. If you’re still wondering why, here are some good reasons:
- All data is secure (for example, information submitted via a contact form).
- Builds trust with visitors to your WordPress site.
- Improves your natural referencing.
- Optimises website speed.
Backing up your website
We recommend that whenever you make major changes to your site, you always back it up first. That way, if anything goes wrong, you can go back to a previous version without losing all your work.
This case is no different, so this is your first task.
How to set up a SSL certificat step by step ?
Buying an SSL certificate
There are a number of sites offering SSL certificates for purchase: Media Temple, GoDaddy, SSLs.com, OVH, Comodo and Namecheap.
I chose Namecheap for its excellent value for money and its simplified procedure, starting at €7/year for their PositiveSSL certificate.
Which certificate should I choose?
There are different types of SSL certificate:
- Validation Domain: this is the standard certificate and generally the cheapest. These certificates provide basic encryption, are delivered very quickly and require a simple verification of domain ownership.
- Company Validation: These certificates include authentication of the company and/or organisation that owns the domain.
- Extended Validation: With this type of validation, the Certification Authority carries out an in-depth examination of your company before issuing the certificate. This SSL certificate offers the highest level of security.
Free SSL certificate
Most web hosts now offer Let’s Encrypt SSL certificates free of charge. Just as effective as paid certificates, Let’s Encrypt is a not-for-profit certification authority supplying their TLS certificates to 180 million websites.
Activating your SSL certificate
There are as many possibilities as there are hostings, and the procedure differs depending on your provider (dedicated, VPS, shared, etc.), so I won’t go into detail about the installation on my Apache dedicated server, but if you’re interested, go to https://support.comodo.com/installation-apache-mod_ssl.
For shared hosting, check with your hosts, some offer SSL certificates in their packages.
Activating your SSL certificate
There are as many possibilities as there are hostings, and the procedure differs depending on your provider (dedicated, VPS, shared, etc.), so I won’t go into detail about the installation on my Apache dedicated server. However, for those who are interested, go to https://support.comodo.com/installation-apache-mod_ssl.
For shared hosting, check with your hosts, some offer SSL certificates in their packages.
Reminder : The checklist after switching to HTTPS
To make sure you don’t forget anything, make sure you :
- Redirect to HTTPS (301) via htaccess
- Change all the URLs in your database to HTTPS
- Update your robots.txt Declare your site as HTTPS to Google Search and return a sitemaps
- Modify your Google Analytics code and check it Test your site in HTTPS: www.ssllabs.com/ssltest/