A couple years back Google announced secure sites would soon receive a boost in search engine rankings, and that time has arrived. This site has been secure for years, since it processes payments and handles customer’s account information, but my demo sites were not. I took the time this weekend to secure all of our demo sites, as well as our support and TADA sites. And then, just this morning, Sabrina asked a question on facebook..
Given how timely Sabrina’s comment was, I decided to write a quick blog post explaining how to secure your WordPress website.
The process of securing your WordPress site can be daunting for someone not familiar with all the tech lingo. Heck, it can even be foreign to those of us who are familiar, as it’s not a task you repeat regularly enough to become comfortable. I’m going to share the process while it’s fresh in my mind, as well as basic descriptions of the terminology you may encounter.
SSL: How to Secure Your WordPress Website
1. Purchase your SSL Certificate. ( I used GoDaddy )
I host my sites through Synthesis, so the process is a bit different from those whose domain and hosting are all in one place. Additionally, I needed my SSL to work for subdomains, on top of my main site. There are different types of SSL certificates for you to choose from, your needs will determine which to go with. Click here to check out the various SSL options available via GoDaddy.
2. Once your certificate has been purchased, you’ll fill out some information and a CSR will be generated.
A CSR is your certificate signing request. This is an encrypted file generated on the server your site is hosted and where your SSL will be installed. The information you fill out to generate your CSR will include things like your business name, email address, and so on.
3. Once your CSR has been generated, you’ll pass it along to your domain provider.
For GoDaddy, it’s as simple as pasting the CSR in the box they provide. You can open the CSR file using a text or code editor, then copy and paste. Depending on the type of certificate you purchased, the time between submitting your information and receiving your certificate will vary from hours to days.
4. When you receive your SSL Certificate, simply send it to your hosting company to install on your server.
If your domain and hosting are all in one place, you’ll skip this step.
5. Change your URL from http to https.
Before doing so, verify the https version of your site is up and running. This site is pretty handy. Next, in your WordPress dashboard, click on the settings menu and then “General”. Here, you’ll change your website and admin urls to https://yourwebsite.com. Once this is done, you’ll be prompted to log back into your site. If you have any issues at all, you can change your url back to the http version by placing the script below at the top of your functions.php file just under the initial php line.
(replace the site urls with yours)
6. Now that your certificate is live, it’s time to do a little housekeeping on the WordPress end of things.
Download, install and activate the SSL Insecure Content plugin. Configure the settings to your liking. Then, visit your site at the https url and make sure you’re seeing that the site is secure. If you purchased the SSL with padlock, you’ll see the green bar up top.
If you do not see the padlock, check out WhyNoPadlock.com. You simply enter your URL on that page, and it will tell you exactly why your site is not showing as secure.
Still thinking about SSL, but not quite sure yet? Use the Pinterest button below to save it for later.