Let’s Encrypt SSL – Secure Your WordPress Website The Easy Way

What is SSL and why is it important?

SSL (Secure Socket Layers) is a web security standard which establishes a secure link via HTTPS between a users browser and the web server. HTTPS is an protocol method that encrypts the data sent and received over the internet. HTTPS makes it harder for nefarious individuals such as hackers to eavesdrop on your connection and steal private information such as passwords or banking details.

Unique SLL certificates are issued to each site upon request to SSL certificate vendors. If a server’s claim to be using SSL is bogus or the certificate doesn’t match the domain name then most modern browsers will warn users before establishing connection to the site.

SLL certificates has been mandatory for Ecommerce sites for many years and more recently Google has started using SSL as a ranking signal. As of the end of 2017, with the release of Chrome 64, Google has promised to flag any sites that don’t use a HTTPS connection to capture users data, such as contact from submissions, as untrusted.

What is a Let’s Encrypt SSL Certificate

You can buy SSL certificates from all reputable hosting providers or 3rd party vendors, ranging in price from £25 to £200 a year but the type of certificate we are going be looking at today is a Let’s Encrypt SSL certificate. Let’s Encrypt is an open certificate authority focused on eliminating the complex and lengthy process of manually acquiring, installing and renewing traditional domain-validated SSL certificates. Another big plus for Let’s Encrypt is that it’s FREE.

What you will need to get started

  1. Hosting that supports Let’s Encrypt certificate installation right from the hosting control panel or
  2. Root access to your hosting server on Apache (this tutorial doesn’t work for Windows servers) to install the Let’s Encrypt server module.

If your hosting supports Let’s Encrypt then refer to your hosts’s support documentation on how to enable Let’s Encrypt on your website. In most cases it is a one click installation.

If Let’s Encrypt installation is not ready to go from your hosting control panel but you do have root access to your apache server then refer to Getting Started with Let’s Encrypt. Installations will vary between server operating systems.

Make sure your domain A records or nameservers are pointing to your website hosting. Then log in to your website control panel and select the Let’s Encrypt install option or for resellers, log in to your server and choose the relevant domain or account and select the Let’s Encrypt install option. Next select ‘Check My Domain’. If your domain passes the validation test then press ‘Request SSL’. Your SSL certificate will now be installed and ready to use.

 

 

Next head over to the plugins section of your WordPress dashboard and install Easy HTTPS Redirection plugin and activate it. This plugin enables you to set up redirection to HTTPS versions of all of your web pages and posts, easily. If SEO is important to you then this is a necessary step. Without redirects both HTTP and HTTPS versions of your website’s content will be accessible by Google and thus Google may penalise your site in it’s search rankings for having duplicate content. Easy HTTPS Redirection eliminates this by modifying your host’s .htaccess file, forcing all content served from your website over HTTPS only. When Easy HTTPS Redirection is active, go to the plugin setting via settings, HTTPS Redirection and enable ‘automatic redirection to the “HTTPS”‘, ‘Apply HTTPS redirection on the whole domain’ and ‘Force resources to use HTTPS URLs’.

 

 

With the Easy HTTPS Redirection plugin active you may have mixed content on your site, meaning some content is now on HTTPS but some may still be on HTTP. This is most commonly caused by hard coded URLs. Hard coded URLs are full URLs in your websites source files that link to resources such as images or scripts. Hard coded URLs include the full domain name along with the HTTP:// at the beginning. in my experience, the most common cause of mixed content is hard coded URLs in the website’s stylesheets.

To find out for sure, open your browser’s web inspector panel and select the console section. The console will let display links to any and all insecure content.

 

 

Using your favourite FTP client, update all of the problem URLs from HTTP to HTTPS. Refresh the page and open web inspector again. Rinse and repeat until you have the green padlock icon on all your web pages and posts. A Green padlock in your URL bar means your site is secure and working perfectly with your Let’s Encrypt SSL certificate, congratulations, you did it!

 

 

We hope this tutorial helped. Did you find this article useful? Please leave a comment below and let us know.

👇 Like what you read? Share what we said! 👇