How and Why to add an SSL Certificate to your Website
You may have heard the terms SSL Certificate or HTTPS. If you haven’t, you’ve probably seen a closed/locked padlock (green in Chrome and Firefox, gray in Safari) or an open/unlocked padlock (gray in all browsers). If you haven’t noticed these padlocks, look up above in your browser, in the address bar. If you see a gray and unlocked padlock, you’re on an insecure website. If it’s green or gray and locked, you’re on a secure website.
What does all this mean for you as a website visitor and/or a website owner?
When you see the locked padlock, that means the website is using a secure connection. You will see HTTPS (which stands for HyperText Transfer Protocol Secure) in front of the URL instead of HTTP. When you see an unlocked padlock, that means the website is using an insecure connection. The unlocked padlock doesn’t always mean the entire website’s connection is insecure, because only some areas may not have configured just yet. We’ll explain a bit more about this below.
If you Google “SSL Certificate,” you’re going to be bombarded with information about what it is, how to install and configure it, and why it’s important. In this post, we are giving you a general overview on the topic and how to get and configure an SSL certificate on your site. Plus, we’ll provide a plethora of links if you want to read even more.
If the whole topic seems scary and overwhelming and/or you simply don’t want to worry with it, we can take care of it for you. Let us know if you’d like us to assist you by contacting us here.
Why is an SSL Certificate (a.k.a. secure connection) important?
It used to be that you only needed an SSL certificate on your website if you collected sensitive personal or financial information. But now, all websites should have one whether you collect sensitive data or not.
- This post sums it up perfectly by stating that, “SSL (Secure Socket Layer) is used to keep sensitive information sent across the internet encrypted so that only the intended recipient can understand it. This is important because the information you send on the internet is passed from computer to computer to get to the destination server. Any computer in between you and the server can see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted with an SSL certificate. When an SSL certificate is used, the information becomes unreadable to everyone except for the server you are sending the information to. This protects it from hackers and identity thieves.”
- Having an SSL certificate shows your visitors that you are a safe and trustworthy website and business.
- It complies with Google’s rules. If Google thinks your site is not secure, it will alert (and usually scare off) visitors. The result? They click away from your site, which is the exact opposite of what you want them to do.
Read why Google is requiring HTTPS, how SSL certificates impact search engine optimization rankings and what Google is doing to those websites that are unencrypted (a.k.a. not using a secure connection).
Where to get your SSL certificate and how to install it and configure your website
- Check with your web host. SiteGround, Websavers, and Bluehost offer free SSL certificates and very easy, one-click installations. Unfortunately, most other hosts don’t offer a free certificate or make it as easy. Contact them to get all of the details on how to purchase and install the certificate. If you’d like any assistance checking with your host or taking care of the installation and configuration, contact us here to let us know you’d like us to help.Whether your host offers the certificate and/or installation for free, there will be a few different certificate options to choose from (single domain, multi-domain, wildcard). For your reference, here’s a “Beginner’s Guide to SSL Certificates” by cyber security experts, Semantec, and a very helpful list of the different types of SSL certificates by Search Engine® Journal.
- If you have a brand new website (as in, there is no content yet), install the SSL before you start building your site. That will make this process a lot easier. We know, however, that most of you reading this post likely already have your website up and running, so you’ll need to know what to do once the certificate is installed.
- If you have a live website, you’ll need to configure it (migrate it to HTTPS) once the certificate is installed. Simply installing the certificate doesn’t make your website secure.Your website is filled with URLs – pages, posts, categories, images, PDFs, fonts, and more. All of those need to change from HTTP to HTTPS. Even if you have ONE URL that’s still HTTP, your site will show as insecure (gray unlocked padlock).
To configure your website, we recommend installing the Really Simple SSL plugin. The plugin will recognize when the certificate is installed, and it will guide you to click a button to configure your site. Once the process is complete, there may be a few areas you will need to manually update. Some WordPress themes allow you to create text boxes, and almost all WordPress sites utilize widgets (i.e. in sidebars and footers). Check all these areas for any image or PDF URLs or links to pages or posts. Check your CSS editor, too. The types of URLs that are usually in your CSS editor are background images, social media icon images, and custom fonts. Make sure these are all updated to show HTTPS.
TIP: Be careful to do the migration/configuration at a time when you know tons of people aren’t visiting your site (so, not when you just launched a Facebook ad or started promoting a new product or service to your email list). Give your site some time to be cached in all browsers, and give yourself time to make sure everything has been configured properly.
For further reading and additional instructions on configuration/migration, check out “HTTP to HTTPS Migration: The Ultimate Stress-Free Guide”
That just about covers the what, why and how about SSL certificates. Let us know if you have any questions below in the comments, or feel free to contact us at [email protected].
