Free SSL Certificate: Wordpress Guide to Going Secure
SSL certificates create an encrypted connection between browsers and website servers adding an extra layer of security.
Acquiring an SSL certificate has never been more important. Not only does it help your SEO, but after Google’s latest Chrome update, any non https websites will now be marked as ‘Not Secure’ in the browser.
Setting up a Free SSL Certificate
While many hosting providers charge for SSL certificates, it is possible to get a free SSL Certificate, an option that's supported by most and can take under 30 minutes to set up. If you’re a WordPress user there are some great plugins that will help to take care of the technical changes required for a smooth transition, including adding redirects and updating internal links.
Let’s Encrypt is an open certificate authority (CA) service provided by the Internet Security Research Group (ISRG) offering free SSL certificates as part of a public benefit initiative, with the aim to “create a more secure and privacy-respecting Web”.
A number of hosting providers offer Let’s Encrypt support, meaning that they will request a free certificate and install it on your behalf, while keeping it up-to-date. Some hosting providers will need you to update the settings in your WordPress account, but they should provide instructions to help you with this.
Here’s a list of hosting providers that offer Let’s Encrypt support. If your provider is not on the list, try contacting them anyway, as they could be using another free SSL certificate provider or may be planning to make the move to Let’s Encrypt. You can also switch hosting providers if necessary.
If you’re having trouble convincing your provider to help, you can find the answer to lots of questions in the Let’s Encrypt Getting Started Guide.
Updating references to HTTPS
Once your hosting provider has successfully made the switch, you’ll need to take care of the redirects and update any internal links, canonical tags, hreflang tags and xml sitemaps to point to the new URLs.
Luckily, there’s a plugin for that - ‘Really Simple SSL’: As the name suggests, it’s very easy to set up. Once installed and enabled, everything will be taken care of.
To install the plugin
- Make a backup of your wordpress installation
- Download the Really Simple SSL plugin
- Go to “plugins” in your WordPress admin, then click activate. You will now see a notice asking you to enable SSL. Click it and log in again.
Update Google Search Console & Bing Webmaster Tools
You will need to update your Google Search Console account (if you don’t have one, you can find out why you should here) and Bing Webmaster Tools. Simply add a new property with your new https domain. Keep your old accounts to retain your history so you can refer back to them is needed.
Next, make sure that all of your assets (images, videos, etc.) are also using secure URLs. You can use the WooRank Site Crawl tool to identify http files that appear on https pages, then update them accordingly.
Updating links from other sites
Finally, go through any links that you have control over and update them to the new https domain/URL. This includes links from social profiles (Twitter, Facebook, LinkedIn, etc.) and Google My Business / Bing Places (if you have these set up).
Checklist - update:
- Hreflang tags
- Canonical tags
- XML Sitemaps
- CSS and JS files
- Asset locations
- Social media links
Rather have someone do this for you?
We’ve teamed with SecureMyWebsite.net to help set all of this up and manage future SSL certificate updates for a small fee. Click Here to find out more.