Using an SSL certificate you can improve your search engine ranking, protect your visitors' browsing, and increase the trust in your website. In this post, we are going to see some of the best sites that offer free SSL certificates for WordPress and that can really give you all the benefits that I have mentioned above.
SSL stands for Secure Sockets Layer. It certainly sounds Chinese so let's dig a little deeper. Here we are going to give you a quick explanation of SSL.
Have you ever noticed how some websites start with “HTTP://” and some websites start with “HTTPS://”? Well, SSL certificates are what get you to these coveted "s".
They used to be the almost exclusive domain of banks, e-commerce, and other sites that processed sensitive data. But now, they are seen everywhere.
There are different levels of SSL certificates. With a range of prices that go from free (as in this post) to hundreds of euros or dollars per year. The two main types that we will find are the following:
If you have a regular WordPress site, a domain-validated certificate is more than enough.
First of all, the use of SSL is simply respectful of your readers. It enables an encrypted connection between your website and your visitors' browsers, helping to keep their data secure.
But keeping your visitor data secure isn't the only reason to make the switch to SSL. There are also some selfish reasons for making the switch.
If you use Google Chrome, you may have noticed that Google has made a change to the way it displays SSL certificates.
Not too long ago, sites with SSL had an inconspicuous green padlock, along with a green "HTTPS://".
And sites that haven't made the switch get this rather boring black info markup:
That doesn't inspire much confidence, does it?
But Google is not going to stop there. Right now, they are giving a benefit to site owners who make the switch to SSL. Soon, they'll shift gears and start doling out punishment to those who don't make the shift.
Eventually, Google plans to mark all pages without SSL as insecure.
For this it will force your visitors to look at a red flag that denotes that insecurity is not enough motivation for you, Google has also announced that using SSL is a positive ranking factor in its search engine.
Now you know that you need to add an SSL certificate to your WordPress site, and even more so if you exchange sensitive user and customer data. But how is it obtained? Do I need to buy one of those extended validation certificates that sell for hundreds of euros a year?
No. If you're a regular WordPress site owner, you're perfectly eligible to have a free domain-validated SSL certificate. Here are the best options currently available:
Let's Encrypt is not new to many of us. It's been making a lot of noise since it first came out, and it's definitely the biggest name when it comes to free SSL certificates.
It is sponsored by big names like Google, Facebook, Mozilla, and Automattic. Although the certificates are 100% free, they are as secure as any other SSL certificate.
The only drawback that we can find with Let's Encrypt is the hosting support. If you are with shared hosting, you will need the support of the hosting to install an SSL certificate. At this point, a number of hosts make it easy to install Let's Encrypt certificates through cPanel.
But not all web hosts support Let's Encrypt. Some of the more well-known hosts that haven't fully jumped on the Let's Encrypt bandwagon include:
You may know CloudFlare for its CDN and DDoS protection services, but did you know they also offer a free shared SSL certificate?
Because Cloudflare works as a proxy, your SSL certificate might work a little differently than something like Let's Encrypt.
If you use Cloudflare Free Flexible SSL, traffic will be encrypted from your visits to CloudFlare's servers, but not from CloudFlare's servers to your origin server. While this still improves security, it is not as secure as full SSL.
Cloudflare supports full SSL, but you'll need an SSL certificate installed on your origin server to take advantage of it.
As long as you're not processing sensitive information, CloudFlare's flexible SSL should be enough security.
Once you get your free SSL certificate and have it installed, you need to go one step further to set up your WordPress site and work with SSL.
This mainly implies:
Conclusion
I think that SSL is not something that can be ignored nowadays. Even if you don't give importance to general security benefits, you can still gain the following:
So don't wait. Google is pushing SSL harder and harder. You need to join SSL sooner or later.