Securing Your WP Engine Site With SSL Just Got Easier!
Securing your website’s traffic has never been more important. In August 2014 Google announced that it would use HTTPS as a ranking signal, meaning secure sites receive a slight SEO boost. Then, earlier this month, the White House announced that all federal websites and web services would be required to run on HTTPS by December 2016.
To secure your website with HTTPS, you have to acquire and set up an SSL certificate. However, SSL is frequently described as confusing and troublesome to setup and configure. At WP Engine, your site’s security is a top priority, and we want to enable everyone on our platform to secure their websites.
We’re excited to announce today that we’ve made securing your website simple and fast. We’ve streamlined the process of setting up SSL, and everything can now be done through our user portal.
SSL Dashboard Improvements
Our dashboard now exposes more details about your SSL certificates, such as domains covered, expiration dates, and the status of certificates. We’ve also simplified the settings and made them even easier to understand. No matter what kind of certificate you choose, the new dashboard makes it clear what is happening with your certificate and what action, if any, is needed from you.
1st Party SSL Certificate Purchase Improvements
In April, we made 1st party SSL purchase available to our personal plan customers. Now we’re making the purchase flow even easier to use. We’ve also put more safeguards in place to make sure you purchase the right kind of SSL certificate.
3rd Party SSL Configuration Tool
Previously, if you needed to configure a 3rd party SSL certificate you would have opened a support ticket, which was time consuming and painful. Starting today, we have a 3rd party SSL configuration tool in the user portal. This tool makes generating a CSR (certificate signing request) easy. It also helps you upload your certificate files to WP Engine to be installed by one of our knowledgeable Support Team members. Throughout the process you can track your certificate with the new dashboard. Please note 3rd Party SSL certificates are only supported on Professional plans or higher.
These improvements will help anyone, regardless of technical knowledge, easily and successfully secure your WP Engine site with SSL. As always, if you need help you can contact Support to get help setting up your SSL certificate.
Taylor McCaslin works as a Technical Product Manager at WP Engine. WordPress has been Taylor’s platform of choice for over 5 years, he even paid his way through college by freelancing as a WordPress developer! When not creating products that captivate and delight, you’ll find Taylor geeking out with the latest tech gadget or experiencing the rich Austin art scene.
Follow Taylor on Twitter @Taylor4484.
Nice work, WP Engine team!
Thanks Toby, we hope you enjoy using this new feature!
Hi there, this is good news. My only feedback is that while it’s true Google does consider HTTPS as a ranking signal, that’s somewhat depending on the setting in WP Engine, “Allow non-SSL configured pages to use “https://” which has to be checked or the site will redirect from https -> http for non configured pages.
In my opinion, with the increases in computer speed and tools like SPDY it makes sense for any SSL enabled site to just force SSL for the entire site (even though I think WP Engine has recommended against that.). The only downside that I’ve ever heard is speed, which again is negligible now. In addition I do see some conflicting advice on this on WP Engine documentation.
Would love to hear feedback on that.
Hi Thomas. You are correct, to get the SEO benefits of having SSL you do have to configure your site to allow pages to be secured. This is true of any host’s SSL settings, not just WP Engine.
Thanks for your feedback on our best practices article, we are actually in the process of updating that article, and will be recommending this setting going forward.
I hope you enjoy using the new SSL page.
Hi Thomas, I believe wpengine doesn’t support SPDY, do they?
Thanks,
Shashi
Awesome! Can’t wait to use this!
Thanks Will, I hope you enjoy using the new SSL page.
Many of my sites are full SSL, how are we supposed to achieve this with the new interface, the Regex options seem to have been removed?
I also note that my sites with existing third party SSL installed no longer have any portal access to update their settings. Again, the Regex options are no longer present.
Hoping for a swift fix…
Howdy Sandi,
Apologies for the issues, we have identified a small number of customers who are experiencing an issue viewing these settings, we’re working to get a fix ASAP. I’ll post an update here once we have a solution. In the interm, you can contact support and they can make changes to your regex options.
Hi Sandi,
Yesterday our engineers were able to deploy a fix that should resolve this for you. However, if you are still experiencing issues, please contact our support team and they will be able to assist you.
Great that’s brought back the WordPress admin page options (for wp-login and wp-admin), and the option to force unconfigured pages. We still don’t have the Regex option back so don’t appear to have a method to force custom sections of the site or the whole site (which we had before).
I would also like to see some tooltips confirming exactly what the WordPress admin pages options do, as when forcing full site https:// via your previous Regex options, I received various advice as to whether using those options would conflict or not. Since we don’t know precisely what actions you take behind the scenes for those checkboxes, it makes it difficult to know which of your customer reps was correct.
Given there is plenty of reason to consider taking sites full https perhaps we could have a checkbox for that to avoid the confusion.
If you can’t find the Regex options, you have to click the little down arrow to the far right of the domain name, and that drops down a section with most of my wish list from the comment above!
Hi Sandi,
Sorry for the confusion, yes those settings are exposed when you click the SSL certificate row.
Yes, we are now recommending customers choose the option to “secure all urls”, though we do support securing only select urls.
Choosing to secure all urls, and choosing to secure your WordPress Admin and Login page do not conflict, you can set all of those options and our system will ensure there are no issues.
I hope this answers all your questions. Thanks for choosing WP Engine! We hope you enjoy the new SSL settings!
Can you guys make a list of common mistakes, tips for switching a site to SSL. For example, will using the CDN cause problems (e.g. broken lock in IE) if I make my entire site SSL?
Hi Chris,
We are currently in the process of updating our best practice article. I’ve passed your feedback for inclusion in this update. WordPress Best Practice: Using SSL
I’ll post an update when this article has been updated.
I am super excited to see this. We are moving all of our real estate customers to WPEngine and we are looking forward to getting them setup with SSL certificates!
Thanks again WPEngine for making our job easier.
-James
RealtyCandy.com
WordPress for real estate
Hi James!
We’re excited you choose WP Engine. I hope you enjoy using the new SSL page.
Remember, our awesome support team is here to help if you have any issues along the way!
What is the warranty level (dollar amount) that the client receives?
We partner with RapidSSL for our SSL certificates, RapidSSL provides a $10,000 warranty for their single domain certificates and a $5,000 warranty for their wildcard certificates. This warranty protects against mis-issuance.
Because we have partnered with RapidSSL, certificates purchased through our user portal are securely and automatically generated, installed, and configured directly on our servers, removing most risk from a malicious party intercepting your certificate and misusing it on the Internet.
Also, we are a developer who has many sites in our account. If we buy INDIVIDUAL SSL’s for each site, will the SSL be in my (my company name) or the clients name and client company?
When you go through the purchase flow on each of these installs, you will provide information for the certificate to be issued with, it is up to you as to what information you provide, we do not have any restrictions around if it is your information or the company the certificate is being issues for.
We generally recommend using information that ties the certificate back to the site it is being created for and the entity or person who is responsible for maintaining the site’s security.
This is great news! Back in February I was looking to leave WP Engine and go to a competitor because of the lack of SSL support in the personal plan. Now it looks as though I don’t have to make that move. Keep up the good work!
We’re glad you’re staying with us, Jake! We are always listening to our customer’s needs and using your feedback to drive improvements and new features. Thanks for being a customer!
Thanks for adding this. Not being able to remove certificates and having to use your (excellent) support is a bit of an annoyance and adds delays unnecessarily in my opinion.
Please can you add this as a feature in the future to speed up management of this process?
Also, could expires SSL certs be automatically removed?
Hi there, I’d love to see a Let’s Encrypt option like SiteGround’s.
Best wishes,
Chuck B
Hi Guys,
its really great to see these options, However as you can imagine its very important that customers can see an actual Trust Seal.
Can you best advise which or how we could get hold of imagery or banners to reflect this to our customers?
Thanks in Advance!
Cormac McCann
http://visitcarlingford.com