Want to learn how you can improve your search engine rankings, secure your visitors’ browsing, and boost your website’s trust...all for free? I know - that's a bold statement. But I promise you that these free SSL certificates really can give you all of those benefits.
What are SSL Certificates?
Before I dig any deeper, here’s a quick primer on SSL. SSL stands for Secure Sockets Layer. That...probably doesn’t help you understand, does it?
So here’s a better way to look at it. Have you ever noticed how some websites start with “http://” and some websites start with “https://”? Well, SSL certificates are what get you that coveted “s”.
They used to be the almost exclusive domain of banks, eCommerce, and other sites processing sensitive data. But now, they’re going mainstream.
There are different levels of SSL certificates. They range in price from free (this post) to hundreds of dollars per year. The two main types you’ll come across are:
- Domain-validated - validated by the owner proving they have control over their domain.
- Extended validation - certificate owner’s identity is authenticated by the issuing authority. Essentially, it requires more work to prove who owns the site/certificate.
If you’re just a regular WordPress site, you’ll be totally fine with a domain-validated certificate.
Why Should You Use SSL for WordPress?
Ok, first off, using SSL is just plain respectful to your readers. It enables an encrypted connection between your website and your visitors’ browsers, which helps keep their data safe.
But keeping your visitors’ data safe isn’t the only reason to make the switch to SSL. There are also some selfish reasons to make the switch.
If you using Google Chrome, you may have noticed that Google made a change in how they display SSL certificates.
Not too long ago, sites with SSL got a discrete green padlock, along with a green “https://”. Now, sites with SSL get a much bolder Secure designation:
And sites which haven’t made the switch get this rather dull black information mark:
That doesn’t inspire a lot of confidence, right?
But Google isn’t going to stop there. Right now, they’re giving a benefit to site owners who make the switch to SSL. Soon, they’ll switch gears and start doling out punishment to those who don’t make the switch.
Eventually, Google plans to mark all pages with SSL as Non Secure:
If forcing your visitors to stare at a red mark denoting insecurity isn’t enough motivation for you, Google has also announced that they’re using SSL as a positive search engine ranking factor. Personally, I experienced a noticeable bump in my search engine rankings after making the jump to SSL.
Where Can You Get Free SSL Certificates?
Ok, so now you know that you need to add an SSL certificate to your WordPress site. But how? Do you need to purchase one of those fancy Extended Validation certificates sold for hundreds of dollars per year?
No. If you’re a normal WordPress site owner, you’re absolutely fine to go with a free domain-validated SSL certificate. Here are the best options currently available:
Let’s Encrypt - Easy-to-Install SSL Certificate
It’s sponsored by major names like Google, Facebook, Mozilla, and...Automattic! While the certificates are 100% free, they’re just as secure as any other SSL certificate. Read Ahmad’s post if you’re interested in how Let’s Encrypt works.
The only potential hiccup with Let’s Encrypt is hosting support. If you’re on shared hosting, you’ll need your host’s support to install an SSL certificate. At this point, a number of hosts make it easy to install Let’s Encrypt certificates via cPanel.
But...not all hosts support Let’s Encrypt. Some notable hosts who haven’t fully jumped on the built-in Let’s Encrypt bandwagon are:
- Host Gator
On the other end of the spectrum, our recommended WordPress host, SiteGround, automatically issues Let’s Encrypt certificates to all domains on their shared hosting. And they also offer a one-click SSL plugin to help you with the implementation.
If you’re not sure whether your host offers Let’s Encrypt, the Let’s Encrypt community maintains a full list of hosts with built-in support for Let’s Encrypt.
CloudFlare - CDN, Security, and Free SSL
You may know CloudFlare for its CDN and DDoS protection services, but did you know it also offers a free shared SSL certificate?
Because CloudFlare functions as a proxy, its SSL certificate might function a bit differently to something like Let’s Encrypt.
If you use CloudFlare’s free Flexible SSL, traffic will be encrypted from your visitor to CloudFlare’s servers, but not from CloudFlare’s servers to your origin server. While this absolutely still improves security, it’s not as secure as full SSL.
CloudFlare does support full SSL, but you’ll need an SSL certificate installed on your origin server to take advantage of it.
As long as you’re not processing secure information, CloudFlare’s flexible SSL should be enough security.
If you need help setting up CloudFlare, check out my guide for adding CloudFlare to WordPress.
Free SSL - Free Certificates from Symantec
Free SSL is a new initiative from Symantec to offer free domain-validated SSL certificates similar to those offered by Let’s Encrypt.
It looks promising, but here’s the catch:
Free SSL isn’t publicly available yet. It’s currently only available to non-profits and startups - everyone else is directed to sign up for a waiting list.
While I’m not sure Free SSL will offer anything to make it worth choosing over Let’s Encrypt, it’s nice to see the market for free SSL certificates growing. More choice is always a good thing.
How to Configure SSL on WordPress
Once you get your free SSL certificate installed, you need to go one step further and actually configure your WordPress site to work with SSL.
This primarily involves:
- Creating 301 redirects to send everyone to the https version of your site.
- Updating your permalinks
- Updating all your old image/media links to avoid Google thinking you have unsecured content.
It’s not that difficult to handle this manually. But, there’s really no need to thanks to a plugin called Really Simple SSL.
I’ve moved two sites to SSL at this point - once manually and once with Really Simple SSL. I didn’t notice any difference in the end result.
All you need to do is activate the plugin, run the conversion to SSL, and enjoy your new site.
One quick note - when you run the plugin, you will get signed out of WordPress. Don’t panic when this happens. It’s a 100% normal consequence of switching your site’s URLs from http to https. Just log in again with your normal credentials.
I 100% believe that SSL is not something you can afford to ignore. Even if you throw out the general security benefits, you’re still looking at:
- Improved search engine rankings
- More trust by avoiding the world’s most popular browser (Chrome) telling your visitors that your site isn’t secure.
So don’t wait! Google is pushing SSL harder and harder. You need to join team SSL today.
Know another source for free SSL certificates? Let me know in the comments so that I can add it to the post.