Would you like to know how to use SSL and HTTPS with WordPress?
Every day, we distribute our personal information on the internet. In the last hour I got a credit card, bought some software (Themes), saved a copy of my friends' addresses, sent emails and made various shopping.
Sharing our information is so common now that we do not think twice before doing anything.
This is where SSL comes in. SSL protects the details we share online, preventing it from falling into the wrong hands.
Using SSL - and in turn HTTPS - to protect your WordPress website and your visitors doesn't have to be difficult and complicated.
In this post, we'll take a look at what SSL is and how to use it.
But if you have never installed WordPress, discover How to Install a WordPress Blog in 7 Steps et How to search, install and activate a WordPress theme on your blog
Then back to why we are here.
What is SSL?
SSL (Secure Socket Layer) started as a method to increase security between a website and its end user in 1994 by Netscape Communications as they saw the need for this increase in technology.
SSL was then revised and released for the first time in version 3.0 in 1996, but contained vulnerabilities. It was officially supported by Internet Engineering Task Force (IETF) in 1999 and has been greatly improved.
At this point, SSL has been renamed TLS (Transport Layer Security), but it is still widely referred to as SSL or TLS / SSL. Its purpose remains the same today and technology has become the standard for website security.
When should you use SSL?
Last year, Google announced that it had given improvements to the search rankings for websites using SSL. Over time, the search engine plans to increase this improvement, but in the meantime you will only see a 1% increase, giving everyone the chance to switch.
Also read our guide on: Your images do not display with SSL? Here's the solution
Other than that, if your website requires users to log in or provide personal information such as name, address, credit card details and the like, you need SSL protection.
Click on this link to find out How to use SSL and HTTPS with WordPress
Without it, your user's information can be easily compromised.
How does SSL work?
SSL works by encrypting information passed between a website's server to the browser rather than leaving it to appear in plain text, meaning that the text would be organized into a seemingly random string of unreadable letters and numbers rather than in human readable words.
To create a secure SSL connection on a website, the website owner must obtain an SSL certificate from an issuing company, called certification authority. Once the service is purchased, the website and company details are given to the authority, such as their name, address, and phone number.
In turn, the website owner receives a public and private key. The private key shouldn't be shared with just anyone - just like a password - but the public key shouldn't be perfectly hidden.
It's a string of random letters and numbers (apparently) that match distinctly and mathematically - like a key to a lock! They are created by a secure Hash algorithm.
The public key is then submitted with your previously entered information to the authority in a file called Certificate signing request.
The authority checks the information to make sure it is correct - and that you are not a con artist or hacker - and if everything is correct, the SSL certificate is signed with an SHA.
The current SSL certificate is then issued. This is the stage where a website can now use an SSL encrypted connection.
Discover also our 10 WordPress Themes to Create a Movie Director Website
When a user visits a protected website, the website's server matches his SSL certificate with the private key and, when adapted, an encrypted link between the website and its server, as well as the user and his browser, is created.
When SSL stops working
If an SSL certificate has expired, is self-signed, or becomes invalid, the padlock turns red and also has a slash on it.
When the certificate has expired, the website owner simply needs to renew their SSL through their authority and the encryption will be renewed. It's best not to let them breathe at all to keep your website safe.
You are using a self-signed certificate if you have requested your SSL certificate and issued your own SSL certificate and have not examined a certificate authority for them to validate your certificate.
Discover How to migrate from HTTP to HTTPS?
Most browsers only trust SSL certificates issued by trusted certification authorities and will display a warning for all websites using a self-signed certificate. If you purchased an SSL certificate from a company that is not a high-level certificate authority, your website may still be recognized as using a self-signed certificate.
An SSL certificate may become invalid for many other reasons, for example, if SHA encryption is out of date.
Hashing is the conversion of a quantity of information written into characters in a more common size often called a key and it is done through a set of applied mathematical rules. As technology advances, a stronger hash is required to maintain security.
SHA0 is no longer in use, and SHA1 is being phased out by many browsers, including Internet Explorer. Chrome started issuing warnings on January 1, 2016 for websites that still use SHA1. The current standard for encryption is SHA2 which will eventually be phased out in favor of SHA3.
Read also: Should your WordPress blog have sidebars?
An SSL certificate can also be invalid if the browser cannot verify the authority. This can happen if the domain name of the certificate does not match the actual website that uses it.
The best way to solve these problems is to update your SSL certificate with your authority and follow their instructions.
If a yellow padlock appears with a minimum yield sign, the likely cause is that the links in your site are still referring to an insecure page. Make sure all your images, menu items, and links use https in the URL.
Go further by consulting our guide on: Your images do not display with SSL? Here's the solution
To easily find the source of an invalid certificate, you can use the free tool " Why No Padlock ". It instantly informs you of the specific problem, including invalid images and scripts.
If you want to know how to add an SSL certificate to your website, you can read our tutorial on Let Encrypt.
Discover also some premium WordPress plugins additional
You can use other plugins to display countdowns on your WordPress blog. In what follows, I propose some of them.
1. WP Attractive Donations System
WP Attractive Donations System is a particularly effective WordPress plugin to easily and quickly create beautiful donation collection panels on your website.
It offers you a lot of features and possibilities. Just add a shortcode to a page and start receiving donations.
The WordPress plugin will allow your visitors / readers to make a donation and to register them in a list of donors. In addition, you have several payment gateways, in this case 2 (PayPal and Stripe).
2. Elite Video Player
Elite Video Player is a WordPress video player plugin. This plugin adds powerful advertising options to all the videos you embed in WordPress. With the latter, you can add pre-roll, mid-roll, post-roll or popup ads to your videos. It also allows you to add customizable ad hours, as you see on YouTube.
You can also configure these same announcements to appear in different playlists. Best of all, you will be able to add these ads to any video type supported by Elite Video Player. Currently, it supports video sharing platforms such as YouTube, Vimeo, but also self-hosted videos and those from Google Drive.
Elite Video Player offers other features for embedding videos, but the unique selling proposition of this plugin is definitely the advertising options. So, if you regularly embed videos in your posts, this is an advertising option for you to check out.
3. APS Ads Manager
APS Ads Manager is an extension designed for the Arena Products Store e-Commerce plugin. It is not autonomous and therefore requires the installation of the latter to operate. It brings to the WordPress Arena Products Store plugin the possibility of easily monetize its products and its product pages without having to modify your WordPress theme files.
You will be able to display your ads in various locations using shortcodes and you can use some features of its template to display ad units.
It can also help you display ad units for image banners, Google Adsense ad units and more by detecting the device type of visitors, and many more.
Check out our 5 WordPress themes to monetize your website with Adsense
But I want to clarify: you will need to install the Arena Products Store e-commerce WordPress plugin to use it.
Find out about other recommended resources to help you build and manage your website.
- 9 WordPress plugins to restrict access to your content
- 10 WordPress plugins to optimize sidebars and sticky headers
- 10 WordPress plugins to manage ads on your blog
- 10 WordPress plugins to add YouTube videos to a blog
Here is ! That's it for this tutorial on how to use SSL and HTTPS with WordPress.
Feel free to share this article with your friends on your favorite social networks. But, in the meantime, tell us about your Comments and suggestions in the dedicated section.