What Are SSL Certificates and How Do They Work?
Secure Sockets Layer (SSL) is a protocol that enables your browser to establish a safe connection between itself and a particular website or server. When people talk about SSL, the word ‘certificate’ is usually never far away. If a website has an SSL certificate, it means it has been validated by a Certificate Authority. Many managed WordPress Hosting providers (including WP Engine) offer SSL Certificates as part of the service.
HTTPS vs. HTTP
The Hypertext Transfer Protocol (HTTP) is the foundation upon which the modern internet is built. It represents a set of rules for transferring data and multimedia files, and every website uses it, including this one. Hypertext Transfer Protocol Secure (HTTPS) is a more secure version of HTTP.
If a website address begins with HTTPS instead of HTTP, it indicates that all the data you send to and receive from that website is encrypted. In that case, even if it the data were to be intercepted by an unauthenticated third party, they wouldn’t be able to decipher it.
To put it simply, if you’re concerned about data security, it’s always good news when the website you’re visiting uses HTTPS instead of HTTP.
What Does HTTPS mean? What Does SSL mean?
As we mentioned earlier, HTTPS stands for Hypertext Transfer Protocol Secure, whereas SSL is the acronym for Secure Sockets Layer. These two protocols go hand in hand, since the latter is what makes the former ‘secure’. Let’s take a few minutes to discuss how that process works.
How SSL (HTTPS) Works
A lot of you may be considering enabling HTTPS for your websites, but you might not be sure how the entire process works. Let’s start from the beginning.
The first step is to find a Certificate Authority (CA), which is a body that awards an SSL certificate after verifying the identity of a website. Depending on which type of SSL certificate you opt for, the CA may verify the ownership for the domain that is requesting it. For other, more advanced SSL certificates, the CA may go as far as to verify that the business requesting it is actually registered.
Once you’ve been issued an SSL certificate, you’ll need to install it through your web hosting provider. Then, you will need to enable the HTTPS protocol for either your entire site (which is often the simplest approach) or just those pages that deal with sensitive information.
Should you enable HTTPS before installing a certificate, your visitors will receive a warning when they attempt to access your website. The warning itself varies depending on the browser they use, but generally, it will inform them they’re trying to access a website that doesn’t hold a valid certificate. This can also occur once your certificate expires – how long each one lasts will depend on the CA you use to process it, but as a rule of thumb, SSL certificates last around three years at the most.
The process may sound complex if you’re not familiar with online security practices, but rest assured, it’s quite easy to implement. In fact, we’ll discuss how to install SSL for WordPress shortly, but for now, let’s go over the benefits of using the protocol in case you’re still on the fence.
The benefits of using SSL include the following:
- It secures the data of your users, giving them and you peace of mind.
- It enables you to meet Payment Card Industry compliances and accept online payments.
- It encourages more trust compared to unsecured website, which may lead to more conversions.
- It is relatively easy to set up, regardless of your platform or web hosting provider.
That is a pretty compelling list, but we’re not quite done yet!
SSL for SEO
The benefits of obtaining an SSL certificate don’t stop with the reasons we provided above. In fact, some search engines such as Google have made it their mission to incentivize website owners to enable the protocol whenever possible. To that end, they’ve made it public that sites with HTTPS connections will receive a boost in rankings in Search Engine Results Pages (SERPs). Here at WP Engine, we’re particularly mindful about user security, which is one of the reasons we make obtaining SSL certificates simple.
SSL for WordPress
Using SSL with WordPress is similar to with any other platform. However, this particular Content Management System (CMS) is making a concentrated push in 2017 to encourage site owners to make the switch. As part of this initiative, they are looking to require all web hosts to offer HTTPS.
Moreover, WordPress powers everything from blogs to e-commerce sites, which means it’s a perfect example of a platform that could benefit from additional security. In short, if you’re a WordPress user, you should certainly consider getting an SSL certificate. Not only will you benefit in all the ways we mentioned earlier (including SEO and security), it won’t take you that long to configure the platform to work through HTTPS.
How to Install SSL on a WordPress site
Depending on your hosting provider, setting up an SSL certificate could take minutes or hours. Most reputable web hosts provide you with the option to obtain a certificate through cPanel, but even then, they still require you to enable HTTPS for WordPress manually. This can take some time depending on your level of comfort with the platform.
Here at WP Engine, we provide you with two certificate options right out of the gate: one free, and one premium. Furthermore, we handle all the technical stuff for you. That means, once your certificate is ready to go, we’ll enable HTTPS throughout your entire WordPress website without you having to lift a finger.
All you need to do is log into the WP Engine User Portal, choose the WordPress installation you want to certify, select the SSL option, and click on Add Certificates. Then, you’ll be able to choose from our existing options. Once you’ve picked the certificate you want (and paid for it, if it’s a premium option), we’ll take care of the rest for you.
Depending on your choice, SSL certificates can be quite expensive. Here at WP Engine, however, we provide you with two accessible choices. All our users have access to free Let’s Encrypt certificates – which are recommended for most sites – along with premium alternatives from RapidSSL (starting at $49 per year).
Furthermore, our excellent support team can guide you through the process. All you need to do is find the right plan for your needs, and sign up to get a secure site today!