- Aug 29, 2019
- by A2 Security Team
If you’re running a site that accepts credit cards, offers services, or otherwise passes personal information through the web, that data may be at risk. Malicious attacks can target your website traffic, stealing passwords and payment details. This can not only be costly for your business, but may also have a negative impact on your reputation.
One smart way to keep your website safe is to install a Secure Sockets Layer (SSL) certificate to encrypt information as it passes between the web server and each user’s browser. This will add an extra layer of protection for the sensitive and personal data that is being handled by your website.
This article with talk about what SSL certificates are and why they are important to your site’s security. Then we’ll show you how to install one for free on your WordPress website. Let’s get to work!
An Introduction to SSL Certificates
SSL is a technology for establishing a secure link between a web server and a browser. It encrypts the data before it is sent, and then decrypts it on the other end. In this way, if anything intercepts the data before it reaches its destination, it will be indecipherable and unusable.
In other words, SSL certificates work by ensuring that any information sent to or from your website is unreadable. This makes it useless to hackers who may be trying to steal people’s credit card numbers or other sensitive information.
Furthermore, an SSL certificate requires proper authentication, meaning that any data it sends can only be read by the intended receiving server. This makes it nearly impossible for anyone to decrypt the information, even if they do manage to capture it.
You can tell if a website is using an SSL certificate by looking at its URL in a browser. A standard address will begin with “HTTP”, while a site that has an SSL certificate in place will begin with “HTTPS”:
In addition, you can see more details about a website’s certificate by clicking on the padlock symbol next to the site’s domain name:
Having an SSL certificate is the industry standard for any website that handles personal information. This is especially important if you sell products or services, and accept credit cards or other payment information over the web. If that information is not protected, it can be intercepted and stolen.
How to Install an SSL Certificate on Your WordPress Site (In 4 Steps)
There are many ways to get an SSL certificate, but Let’s Encrypt is one of the easiest:
It offers a convenient way to install an SSL certificate on your WordPress website (or any other platform). Let’s Encrypt is also supported by A2 Hosting, completely free, and enabled by default on certain accounts.
If you’re interested in increased security for your website, there are some paid SSL options with additional features, as well as various security plugins you may want to consider. For now, however, let’s walk through how to set up a certificate using Let’s Encrypt.
Step 1: Log in to Your cPanel
You can begin by logging in to your hosting account through our website:
From there, click on cPanel Login. Then, scroll down until you see Security:
You’ll want to select the SSL/TLS option:
After that, look for Certificates (CRT). Underneath, the option you want will be labeled Generate, view, upload, or delete SSL certificates.
Step 2: Activate Let’s Encrypt
From here, you can manage your SSL certificates. You have the option to upload a certificate if you have one from another provider, or to generate a self-signed one (an SSL certificate your organization creates for itself).
However, for our purposes, we’re going to activate Let’s Encrypt. As we mentioned earlier, it’s a free option and offers sufficient protection for most websites:
On the screen you’re at now, you’ll see a list of your domains. Next to this list is the SSL certificate information for each one. Let’s Encrypt may already be in the Issuer column. In that case, your certificate is already set up, and you don’t need to do a thing.
Otherwise, you may need to click on Install and activate the certificate. After that, however, you won’t need to maintain it in any way. Your certificate will be renewed automatically, so that it’s always up to date.
Step 3: Install and Activate the Really Simple SSL Plugin
At this point, your SSL certificate is up and running. However, you still need to activate it on your site. There are a few ways to do this, but the simplest method is to use a plugin.
To do that, head to your WordPress dashboard and visit Plugins > Add New. Enter “Really Simple SSL” into the search bar:
This plugin lives up to its name – it’s easy to use and should work without a hitch. Install and activate the plugin, and you’re ready to move on to the last step.
Step 4: Activate SSL on Your Site
After the plugin is installed, you can head over to Settings > SSL:
The plugin automatically detects your certificate, so all you have to do is hit the Go ahead, activate SSL! button. This will enable SSL and HTTPS for your entire site. However, you’ll also find some additional configuration options under Settings if you want to tweak the way the plugin works.
Having an SSL certificate on your website is a way to show your visitors that security is important to you and your business. This extra layer of protection can guard any personal information transferred through your site, and help stop malicious attacks.
To install an SSL certificate on your WordPress website using Let’s Encrypt, simply follow these four steps:
- Log into your cPanel.
- Activate Let’s Encrypt.
- Install and activate the Really Simple SSL plugin.
- Activate SSL on your site.
Do you have any questions about SSL certificates or how to install them in WordPress? Ask our support team here!
Top 8 Security Practices for PHP
A Security Checklist for Web Developers
Installing an SSL Certificate: What are Paid SSL Benefits?
How to Choose Which SSL Certificate to Use for Your Site