SSL Certificates

Why Use An SSL Certificate?

As an experienced developer, you already understand that an SSL certificate changes a website’s protocol from “http://” to “https://”. The extra “s” means the web user’s connection to that website is secure and encrypted and any data you enter is safely shared with that website. The technology behind that little “s” is called SSL, which stands for “Secure Sockets Layer.”

Besides adding a layer of security to a website, SSL certificates give a website a small boost in search engine rankings, according to Google. In 2014, Google announced their use of HTTPS as a ranking signal. And who wouldn’t want to rank better on Google?

What’s more, web browsers and other security programs installed on a user’s computer may treat “https://” websites differently than “http://” sites in search results or in the browser window. Sites with “http://” (no SSL) could be marked with warning icons or labeled as “insecure,” which could impact the likelihood a user would click on a website in search engine results or enter their information into a form.

Having a secure website is becoming a bigger and bigger deal!

For example, the Chrome browser shows the words “Not Secure” with a warning sign in the browser window.

Http Not Secure Website

Who Needs an SSL?

If the website has ecommerce, you’ll need a secure connection for sure. But even with marketing websites, we highly recommend that all clients have an SSL certificate. Many web hosts are now including them for free, which makes that an even easier choice.

If you don’t have a free one available and configurable in the web hosting account, the first step might be to actually purchase an SSL certificate through your host or procure a third party SSL certificate.

You can get a free SSL certificate thanks to Let’s Encrypt – an open certificate authority (CA), run for the public’s benefit. If you choose that option, with WP Encryption or SSL Zen plugin. These plugins allow you to generate a free Let’s Encrypt certificate.

There are different types of SSL certificates, and we’re not going to get into the details of each now. The free ones are usually not as hard-core, but they are still better than no SSL, and they will still result in that “https” in the URL!

How to Install an SSL Certificate

Each website host and setup has a different process for SSL certificates, and it will depend on whether you are using the website host’s built-in SSL or a third party SSL certificate.

Some hosts will install them for you. Some just have a button like “secure site” that will run the process for you. Others you have to do some manual work.

Bookmark This icon

Bookmark these Resources:

This article from Namecheap shows you how to install an SSL certificate on various hosting setups including via cPanel.

Flywheel has a help article about installing the Simple SSL on their platform as well as installing a third party SSL.

Bluehost has articles on installing their free SSL or a third party SSL certificate.

If you are using a different host, Google it or contact your web hosting provider to get started.


At What Point of the Process to Install an SSL

When you install an SSL certificate will depend on the situation. Below are some common scenarios:

  1. New Secure Site with SSL: If you are building a brand new site, install the SSL Certificate when you do your Base Installation.
  2. Existing Secure Site with SSL: If the client already has an SSL certificate on the live website and you are working on a testing server, you won’t need to do anything special with the SSL. When you migrate the testing site to the live site, the SSL will already be installed. Just make sure you use the “https://” if you have to manually replace any URLs during the migration.
  3. Adding an SSL Certificate: If the client is adding an SSL certificate to a website as a part of the redesign process and you are working on a testing server, you will install the SSL Certificate during the Go Live process when migrating the testing site to the live domain. (Note: If you install the SSL certificate on the old site before Going Live with the redesigned site, you’ll make more work for yourself.)

In scenario C, you will need to go through the below steps after installing the SSL certificate to ensure the installation works properly and that you preserve any search engine juice the old site had with the http protocol. These steps would also be similar if you were just adding an SSL certificate to an existing website outside of a 1 Day Website.

Adding an SSL Certificate and Changing from http:// to https://

Once you’ve purchased or installed an SSL certificate in your website hosting account, you’re not done. In order to make your website work correctly with your SSL certificate, you need to make additional configurations.

Step 1: Make a backup of the website.

It’s a good idea to do this anytime you start doing any kind of “find and replace” database work.

Step 2: Force all traffic through https.

If you install the SSL certificate but you don’t force all the traffic to “https,” you could end up with the home page appearing as secure but other pages on the site showing a “Your Connection is Not Private” warning like this:

Use a plugin like Really Simple SSL, WP Encryption or SSL Zen to force all traffic through https. Plugins like this will change all the URLs in the database to https, including image paths.

To make sure the plugin worked, type in “http://example.com” into your browser to make sure that it redirects to “https://example.com” and shows the secure lock symbol.

Step 3: Fix Mixed Content Warnings

A mixed content warning appears in a user’s browser when the WordPress site they’re trying to visit is loading https and http scripts or content at the same time. When you migrate to https, everything needs to be running over that protocol, including your images, JavaScript files, and so on. Mixed content warnings most often happen when an image has been hard-coded somewhere and the path didn’t get replaced in the database.

If you don’t force all the traffic through the SSL, you might end up with a “Mixed Content Warnings” like this:

Mixed content warnings screenshot

Even if you use a plugin to force traffic on SSL, oftentimes, theme settings or CSS stylesheet files will contain hard-coded image paths that still contain the “http.” To fix that, simply do a manual find and replace of any “http” to “https” that refer to images in your Media library.

Step 4: Update URLs on Accounts and Important Backlinks

Log in to any accounts you can think of that have been set up for the client and change the URL to the “https” version. Accounts you might need to change are:

  • Google Search Console
  • Google Analytics
  • Google My Business
  • Bing Places
  • Social media accounts

Change any important backlinks that you have access to from external websites.

Properly Installed SSL Certificates

Once you’ve properly installed your SSL certificate, you should see the padlock symbol in the browser. If you click on that, you should see the “Connection is Secure” message. Each browser will look a bit different but should essentially say the same thing.

Properly installed SSL certificate with https

Congratulations! You did it!