Does the idea of improving your search engine rankings and offering your visitors better security sound like something you’re interested in? What if I upped the ante and told you it wouldn’t cost you a penny? SSL certificates secure your website’s connection and boost its rankings in Google. And now, thanks to services like Let’s Encrypt, you can actually get a free SSL certificate for your website.
Yup, all of the benefits of SSL, none of the costs!
In this post, I’m going to dig into what SSL certificates are, how they benefit your site, and how you can get your very own free SSL certificate. Then, I’ll even share a super simple plugin that makes getting set up with SSL on WordPress an absolute breeze.
What is an SSL Certificate?
Have you ever noticed how sometimes websites start with “http://” and then sometimes they start with “https://” and have a green padlock nearby? If you have, you’ve seen the end result of an SSL certificate. But what you haven’t seen is what goes on behind the scenes.
SSL stands for Secure Sockets Layer. Essentially, SSL establishes an encrypted link between your web server and your visitor’s web browser. This ensures that all data passed between the two remains private and secure.
With an unsecured HTTP connection, third-parties can snoop on any traffic passing between your reader’s browser and your web server. Obviously, this is a huge issue if you’re passing sensitive information like credit card numbers.
But nowadays, most experts are pushing to use secure HTTPS connections for all traffic, even things you might think are mundane.
Why Do You Need an SSL Certificate?
In the past, the only time an average webmaster needed to care about SSL was eCommerce. But that all changed in late 2014 when Google dropped a bomb:
SSL was going to be rolled out as a ranking factor.
That’s right, sites that use SSL certificates get a boost in the SERPs. It might not be a huge boost, but any boost in search rankings is a good one. When I moved my portfolio site to HTTPS, I experienced a notable bump in my search rankings.
But now Google is going even further. Starting in January 2017, Google marked “HTTP pages that collect passwords or credit cards as non-secure.” That means your WordPress login page is marked as non-secure if you’re not using HTTPS. Here’s what that looks like in Google Chrome, as of version 67:
You definitely do not want all of your users seeing that in their URL bar. The phrase “it should be stolen by attackers” will deter a lot of your people from logging in.
So, in addition to offering a benefit to your readers by securing their connection, you also have both a Google-provided carrot and stick to motivate you to use an SSL certificate for your WordPress site.
Premium vs Free SSL Certificates
I don’t want to dig too deeply into premium SSL certificates because it deviates too much from the goal of this post (you want the FREE ones, after all). But very briefly, there are a number of different SSL certificates you can choose from.
For example, Elegant Themes sprang for one of the premium SSL certificates. You can see that in the certificate details. You can also see that my website is running a Let’s Encrypt free certificate. Otherwise, in the browser, they appear identically.
Both connections are secure, but Elegant Themes’ certificate offers Extended Validation and higher levels of security. An SSL certificate like Elegant Themes uses typically costs somewhere around $150 per year. This expense makes sense because Elegant Themes processes a great number of payments. But if your site, like mine, doesn’t process payments like that, you’re totally fine to use a free SSL certificate. And even if you do, payment gateways through WordPress are okay with Let’s Encrypt as an issuer.
Google’s 2018 SSL Changes
In July 2018, things changed for everyone. That’s when the Chrome browser started marking every site that doesn’t have an SSL certificate as ‘Not Secure’. Additionally, throughout the year, changes to the browser move sites from a positive indicator of security to a negative indicator: secure sites will no longer appear with the green padlock we know and love. Instead, SSL-secured sites will black text and (eventually) no padlock at all, indicating SSL being the standard. Non-SSL sites, however will get a Not Secure warning appear in red in the URL bar.
How to Get a Free SSL Certificate from Let’s Encrypt
All that said, if you’re just running a regular WordPress site and aren’t handling super sensitive information, you can get a free SSL certificate from a service called Let’s Encrypt.
This service gives you all of the benefits of having an SSL certificate without costing you a single penny. And here’s the best part: Most major hosting providers are partnering up with Let’s Encrypt to make installing an SSL certificate totally painless.
Here are two ways to get your free SSL certificate from Let’s Encrypt.
1. Install Your Free SSL Certificate from Your (Supported) Host Account
As I mentioned, many hosts are partnering up with Let’s Encrypt to add free SSL certificates directly inside their customers’ cPanel dashboards or the host’s dashboard itself. For example, if you’re hosting at SiteGround (as I am), you can install an SSL certificate in about two seconds. From the main login site, go into the My Accounts tab and into Extra Services. You should see a section called let’s Encrypt Certificates, and you can manage and install them wherever you want by clicking the View All button.
Additionally, you can click on the Go to cPanel button and find the Let’s Encrypt logo under the Security heading. It takes you to the same page as View All does.
Here’s a full list of web hosts who offer direct support for Let’s Encrypt. The process for most supported hosts should be similar to SiteGround. Additionally some hosts may charge you for using Let’s Encrypt. It’s kind of a bogus charge, honestly, and many hosts who charge are nixing the fee as Google makes SSL the web standard.
2. Use “SSL For Free” to Configure Your Let’s Encrypt Certificate
If your host doesn’t support Let’s Encrypt, you may still be able to get your free SSL certificate by using a website called SSL For Free.
The site will help you configure Let’s Encrypt certificates. But, you will need access to your site’s FTP details and potentially support from your host. While this method works, it’s very manual, and you may have to manually renew your certificate when it expires. Because of that, you should try to find a host that offers direct Let’s Encrypt support because it greatly simplifies the process. If you can’t for one reason or another, SSL For Free is your best second option.
Other Free SSL Certificate Options
While Let’s Encrypt is the most popular free option, it’s no longer the only show in town. Here are some other options:
- Cloudflare – Cloudflare offers a shared SSL certificate on their free plan. If you’re already using Cloudflare, this is a great way to get your site up and running with HTTPS.
- FreeSSL – While it’s not publicly available yet, FreeSSL is a free SSL certificate project from Symantec. Nonprofits or startups can get FreeSSL right now. Otherwise, you can sign up to be notified when it goes public.
How to Configure Your Free SSL Certificate With WordPress
Once you get your SSL certificate installed, users will be able to view a secure version of your site by going to “https://yoursite.com”. But just because your HTTPS connection is active doesn’t mean you’re finished. (But you almost are.)
To properly configure WordPress to work with your SSL certificate, you need to make some changes. You can do this manually…or you could use an awesome plugin that does everything for you. It’s called Really Simple SSL, and it lives up to its name.
The plugin handles the whole process. Just install it and run the plugin and it will make all the necessary changes.
Just be aware – you will naturally get signed out of WordPress when you run the plugin. This is because the plugin changes your default URL from “http://” to “https://.” All you need to do is log in again with your normal login credentials. No need to be alarmed!
Wrapping Things Up
Because of how Google is pushing SSL, it’s not something you can ignore. Right now, you’ve got the carrot of improved search rankings and user trust. But Google is showing they’re not afraid to use Google Chrome to punish sites who don’t move to SSL. Given that you can now get a free SSL certificate from Let’s Encrypt and others, there’s no reason not to protect your visitors’ connections, information, and identities, and protect your own search engine rankings in the process.
Have you already moved your site to HTTPS? Did you notice any change in your rankings? It would be awesome if you shared in the comments.
Article thumbnail image by fatmawati achmad zaenuri / shutterstock.com