Starting a blog? There seems a never-ending list of things you need to understand. One of them is SSL certificates. What are they? Do you need one and can you get a free SSL certificate for your WordPress site?
So here’s the up-to-date lowdown on everything you need to know about SSL certificates and HTTPS when you start a blog...
This post contains affiliate links, I’m an affiliate for Bluehost, Hostgator, and WP Engine. This means I receive a commission if you make a purchase through my links, but this is no additional cost to you. Please read my disclaimer for more information.
What’s An SSL Certificate?
Take a look at the top of this post. Can you see a padlock sign in your browser? I hope so! That’s the sign this website is secure and you can safely browse my site.
SSL stands for Secure Socket Layer. It’s an protocol for protecting and encrypting information sent across the internet.
Whenever you interact with a website you’re leaving information. On some sites this could be sensitive information such as personal details, credit card or payment information.
If it’s a HTTP, (Hypertext Transfer Protocol), site there’s a risk of hackers stealing your details. With an SSL certificate installed exchanges of data are encrypted and your site becomes HTTPS, (Hypertext Transfer Protocol Secure).
Information transferred between your viewers’ browsers and your HTTPS site is securely encrypted keeping your customers’ data safe. This is verified with an SSL certificate and confirmed with the browser padlock sign.
Does My Site Need An SSL Certificate?
These days, I would say the answer is yes even if you’re not asking your customers for sensitive data.
You can start a WordPress blog, write some posts and have passive followers who just read your articles without interacting with your content.
With this type of site you could get away without an SSL certificate. BUT most people visiting your site will be warned it’s insecure. That’s enough for me to back away and close my browser!
Not having an SSL certificate is a huge turnoff to visitors. Fortunately the best hosting providers supply these certificates for free. It’s also becoming essential if you want to be ranked on Google.
These are my recommended hosting providers supplying free SSL certificates with their hosting plans:
Installing Your Free SSL Certificate With Bluehost
Bluehost are terrific for beginners and will normally install your SSL certificate automatically when they build your site.
If, for some reason, your SSL certificate hasn’t been installed you can check in your Bluehost portal.
For a new site, or a site without any traffic yet, go to My Sites > Manage Site and click on the Security Tab. Switch the Free SSL Certificate On. If you have any questions you can contact Bluehost’s 24/7 support.
Ready to start your WordPress site?
Installing Your Free SSL Certificate With HostGator
Every HostGator hosting plan comes with a free SSL certificate. For a new blog, all you have to do is enable it and change your WordPress settings to HTTPS.
In your HostGator cPanel make sure your free Let’s Encrypt certificate is enabled.
For an existing blog, Hostgator recommends you install and activate the Really Simple SSL plugin on your site. There’s a free version!
If you have any questions, contact HostGator’s 24/7 support! If you’re ready to start your site today, take advantage of my special HostGator offer…
Installing Your Free SSL Certificate With WPEngine
WPEngine have an in-depth support article to assist you with setting up your free SSL certificate.
Better still they have amazing support. Just hop on their live chat and let the WPEngine team walk you through the set up process.
Switching To HTTPS For An Existing Site
With an existing site, you need to take a few precautions before switching to HTTPS. The main issue is to make sure all HTTP urls are redirected to the same new HTTPS version. Speak to your hosting provider.
Sometimes when you switch an existing site from HTTP to HTTPS you’ll end up with a warning about mixed content issues. Usually the cause is images and you may end up reloading quite a few. (This happened to me once). Check out this guide for moving to HTTPS.
Do I Need A Paid SSL Certificate?
Free SSL certificates and paid SSL certificates provide exactly the same level of encryption. The difference between paid and free is the level of authentication.
All a free SSL certificate is saying is you’re at this domain and it’s an encrypted site. That’s it.
To get a paid certificate you have to provide details about your company. You have to prove it’s a legitimate business. Visitors to your site need to be reassured it’s a safe place to input their credit card details.
That’s why if you’re setting up an eCommerce store and taking credit card payments directly on your site, you need a paid SSL certificate.
If you’re starting a blog or a brochure style website, that’s not taking credit card payments, a free SSL certificate is perfectly adequate.
Conclusion – Free SSL Certificate
You definitely need an SSL certificate for your site. If you don’t install an SSL certificate and switch your site to HTTPS, it will affect your Google rankings and be a big deterrent to your visitors.
There’s no need to pay for an SSL certificate unless you’re starting an eCommerce store and taking credit card payments directly on your site. Make use of the free SSL certificates provided by good hosting providers. Bluehost will manage your free certificate for you and keep it up-to-date.
Frequently Asked Questions
Some of the best hosting companies for WordPress provide SSL certificates for free. Bluehost will even install your SSL certificate automatically when they build your site. Unless you’re setting up an eCommerce store, a free SSL certificate is all you need. Bluehost, HostGator, SiteGround and WPEngine are all good choices if you want a free SSL certificate.
These days, if you want to rank on Google, all WordPress sites should have an SSL certificate. Otherwise visitors will be deterred from visiting your site by an insecure content warning. A free SSL certificate is perfectly adequate for most sites. Only eCommerce sites taking credit card payments need a paid certificate.
All free SSL certificates do the same thing, protect and encrypt information sent across the internet. These free certificates only last for 90 days then need to be updated. The best hosting companies such as Bluehost, HostGator, SiteGround and WPEngine will manage the updates for you so you’re never without an installed SSL certificate.
In my earlier days of development, since 1999 or so, a certificate was not common or very important in most peoples radar. These days it seems expected. Any site that occupies my personal server requires one now. A strong reason for my choosing my web host (InMotion) is because they provide free certificates. I do however seem to have to renew them pretty often. I do it via WHM and its pretty easy. Although I do sometimes forget, I then get nasty browser errors from Chrome indicating an insecure site.
A good host will update your free SSL automatically.