Do you have a non-secure site or blog? Want to get a free SSL certificate for your WordPress Blog? Here in this article, we will show how to get a free SSL certificate for WordPress Site or Blog.
Google after July 1, confirmed that all sites with HTTP extension will be marked as non-secure in Chrome browser.
Does it matter anything to your site? Off course, your site or blog will lose rank in Google, the visitors of your site may leave your site if they see a page like this
Google also published a document on July 2 to inform the Web Developers to update their sites to HTTPS to avoid the warning as shown above.
If you run an eCommerce site or shopping site, you must need an SSL certificate, because an https sign before the address of the website creates a trust factor for the website’s visitors.
Check here your SSL certificate correctly installed or not by this tool.
What is SSL?
SSL means Secure Socket Layer, it a Standard Security Technology or internet protocol that provides a secure encrypted link between Web Server and a browser.
When we visit a website, our web browser transfers some Data to the web server of the website. These Data may include our Credit Card information, Bank Account details or any login credentials. The SSL helps to secure all the private data transferred between the browser and the websites you are visiting. Sometimes, it also called Transport Layer Security or TLS.
If your Blog or Website does not have any encryption method or SSL certificate installed, then hacker may decode the Private data transmitted by the users of your Website.
Why Use SSL for Website or Blog?
- Security: A SSL certificate provides an encrypted transfer or Private Data between the Web Browser and End-users of your blog or websites.
- Page Speed: It was found that an SSL can improve the page loading speed of your Blog.
- SEO: Boost your search ranking in Google or Bing.
- Trust: Enhance the trust factor if your visitors will notice an https sign before the URL of your blog. It makes a positive impression in the mind of your Blog visitors.
- Regulatory Compliance: If you run an E-commerce website or blog, then you must have to install an SSL certificate for PCI compliance.
Apart from the above factors, Google also starts showing insecure to all the HTTP sites after July 1.
All the major trusted websites have their own SSL CA certificate to protect their own and clients identity from hackers. Google Chrome browser will show a warning message if you visit a non-https site.
How SSL Works?
An SSL creates a secure socket between the browser and server of the websites. The web browser, for example, say Google Chrome will make a secure connection with the IP address which it obtains from DNS Server. The Chrome browser then requests the SSL certificate Key from the server.
After receiving the Copy of the certificate, Chrome analyzes the SSL certificate, ie if the certificate expires or not, issued by any trusted Certificate issuing Authority or if it matches your Domain Name or Not, Certificate Key Strength or security standard of the certificate.
Once the Chrome browser confirms everything it makes a secure encrypted connection with the web server, this method of encryption is called session key or symmetric keys.
A session key is a randomly generated encryption and decryption keys which ensures secured communication session between the browser and server. The session keys are used for both encryption and decryption.
The session key encrypts the session by the numerical values of the Public key which provides the Certificate Issuing Authority.
The server decrypts the session key sent by the browser and confirms the encryption.
Now the communication session between the Chrome browser and the web server is encrypted and your Data is secured.
How much SSL Certificate costs?
The cost of an SSL certificate varies with several factors. There are two types of SSL certificate, one is free and the other is paid. The validity period of free SSL is between 60 to 90 days with a renewal option. Whereas the paid certificate is issued for 1 to 3 years.
The cost of your SSL certificate depends on your SSL certificate Providers, the Validity period of the SSL and Type of SSL certificate.
The Certificate Authority issues three types of Validation of any SSL certificate
- Domain validated SSL certificates or DV SSL: Cheapest SSL certificate only provides the basic validity and you can generate the certificate for only $4 or Rs. 2800 per year. The DV SSL provides the basic validity certificate and green padlock before the site URL. You can easily secure your blog by installing a DV SSL on your web server.
- Organization Validation or OV SSL: OV SSL requires more validation process than DV SSL and more trustable than DV SSL. It is ideal small business or organization or other entities for creating an extra layer of security than DV SSL. The CA will verify the business and listed on the SSL certificate and creates an added trust for the company. The OV SSL cost you around $25 year.
- Extended validation or EV SSL: Extended validation or EV is the highest level of SSL certificate provides by the CA and offers the most trust to your client or visitors. The CA thoroughly check your business entity and provides you an SSL. You need to provide some extra documents in order to obtain an EV SSL certificate and it is the most costly SSL Certificate. The EV SSL will show your business name or company name in the address bar of the web browser along with the green Padlocks so that the visitor automatically identify your site. This certificate is most suitable for the Financial institutions or Banks or Credit Card company. The EV SSL Price starts from $70 per year.
You can purchase cheapest SSL certificate from authorized CA issuer like Comodo, Symantec, RapidSSL, Thawte, TheSSLstore etc.
There is also another type of SSL which is called Wildcard SSL. If you want to secure your primary domain with multiple subdomains, then is an ideal type of SSL for you. The Price of a Wildcard SSL starts from around $40 and you can purchase it from any DV or OV CA issuers.
If you are a blogger, then you do not have to purchase an SSL certificate for your blog. You can easily get free SSL certificate for WordPress Blog if you chose a right hosting company. Most of the reputed hosting company provides you free SSL certificate for WordPress hostings. The name of such a hosting company are as under:
These three are all most trusted and best-managed WordPress Hosting providers and Officially recommended by WordPress.
If your host does not provide you the free SSL certificate with your hosting package, then you must transfer your blog to another hosting.
How to get Free SSL certificate for WordPress Sites with LetsEncrypt
Let’s Encrypt is a non-profit and open Certificate Authority (CA) issuer started in 2016. Anyone can ask for free SSL Certificates from LetsEncrypt (including Wildcard SSL). If you are a blogger or web developer, then you can easily get free SSL certificate for WordPress Blog or Websites.
The most important features of LetsEncrypt is that will auto-renew by itself, you do not have to worry about SSL certificate expiry.
Let’s see How to get free SSL certificate with LetsEncrypt using SiteGround CPanel.
How to get Free SSL certificate with LetsEncrypt in SiteGround
Log on to your SiteGround Cpanel Area. Scroll down to the page you will find the LetsEncrypt option in Security Section. Click on Lets Encrypt icon.
There you will see the list of active domains which have already LetsEncrypt certificate.
If you want to add new domain then select the domain and what type of certificate you wish to add
A successful installation message will appear after proper installation and you will get your Free SSL Certificate for WordPress Blog.
Don’t make any https Rewrite rule in .htaccess file for forced redirection in HTTP to https, otherwise, it will create Redirect Loop in your browser.
If you use Cloudflare CDN service, then change the SSL option to Full (Strict).
You also can install LetsEncrypt certificate by WordPress Plugin WP Encrypt but it is not recommended. It may crack your blog’s coding and increases the chances of hacking.
How to get Free SSL with Cloudflare CDN
You can also get free SSL to WordPress site by manually configuring the Cloudflare SSL.
Cloudflare offers three types of SSL service
Flexible SSL: Encrypt data between Cloudflare to Host or end users, but not between Cloudflare to Web Server. This is the easiest way to get a green padlock in your address bar, you do not have to install an SSL certificate. Flexible SSL does not provide full protection to your users.
Full SSL: Full SSL provides encryption from the origin server to end users. For full SSL, you need a CA certificate, which you can obtain from LetsEncrypt for Free. This type of SSL gives you full protection from threat.
Origin CA: Origin CA is Cloudflare self-issued SSL certificate. For details please visit Cloudflare Official site here.
If your host does not provide you the free SSL, then you can also create free SSL from ZeroSSL. They issued SSL certificate for 60 days after that again you will have to renew the SSL certificate.
You can also manually install SSL certificate in your web server, for that you require to have the permission of root access of the server. Most of the shared hostings do not provide root access and technically it is very difficult too.
By following the above process, you can get free SSL certificate for WordPress Blog or Website.
You may also like to read…