Internet and website security is extremely important in today’s world. After all, how many times do you see a story about this website being hacked or that site reporting a breach.
And if you’re trying to start out making your website secure for yourself and your visitors, the first thing you really need to do is make sure that your website has an SSL certificate and is running on HTTPS.
But that can be a bit of a confusing topic if you’re not familiar with the technical side of your website. Those might just seem like letters in the alphabet soup of tech speak.
Don’t worry. In this post we’re going to go through what SSL and HTTPS stand for and why they matter on the internet. And then I’ll walk you through how to set it all up for your website. And the best part is that you can even do it for free!
So let’s get started on making your website a little bit more secure today.
Table of contents
What is HTTPS and SSL?
So first things first: what the heck do HTTPS and SSL stand for?
Well, regular HTTP stands for Hypertext Transfer Protocol, while HTTPS stands for hypertext transfer protocol secure (or secure hypertext transfer protocol if you prefer things in “make sense” order). Both of them are a protocol that allow a computer to fetch resources from a server, like a website or images.
SSL on the other hand is Secure Sockets Layer, and it is a certificate that sits on a website’s server and basically cryptically states the details of the site (like domain name) and the identity of the organization.
HTTPS uses the SSL certificate on your website (or any website) to verify that the website is what it says it is and it creates a secure connection between the computer and the website’s server so that no one else can tap into that connection.
So you will need an SSL certificate in order to have your website running on HTTPS. And if you’re worried about trying to figure out where to get an SSL certificate, you’ll find it’s easier than you think.
Why do they matter?
HTTPS and SSL are very important when it comes to internet security and making sure your visitors are safe on your website.
Combined together, they create a secure connection between your website and a visitor’s computer. That means that someone on the outside of that connection, like a hacker, can not tap into that “pipeline” of information being traded back and forth in that original connection.
A prime example of how this helps is when someone is trying to purchase a product from your website. They are going to have to enter in their credit card information in order to complete that purchase.
Without HTTPS, that information could be open for a bad actor to tap into that connection and steal that information. But with HTTPS, that connection is sealed off from the rest of the world and the customer’s information is safe through that transaction.
Also, if you need to collect personal Identifiable Information or PII, like mailing or email addresses, using HTTPS to secure your forms is a great way to also protect your users.
Mak Sure Your WordPress Website is Secure
Do you want to make sure your WordPress website is secure for your users? Then sign up for one of the WordPress Website Care plans. When you sign up, I’ll make sure your website is as secure as possible, including setting up an SSL certificate and getting HTTPS running if you don’t already have it. Plus you’ll get managed WordPress core, plugin and theme updates, daily backups, great web hosting and more. So sign up today!
Do you need an SSL certificate?
The short answer is yes, you need an SSL certificate and HTTPS running on your website.
If you run an online store or otherwise take credit card payments on your website, you are required to have an SSL certificate and use HTTPS on your website. The protection afforded by HTTPS keeps the transaction between the buyer and your website secure from outside actors and keeps the data safe.
But even if you’re not selling on your website, using HTTPS is beneficial. Most people are now conditioned to see the https:// or the padlock icon in the URL. And it’s just a good thing for you to do to protect your visitors. And if you even have just a simple contact form that takes in a user’s email, the secured connection can keep their PII safe and sound.
Also, Google has basically made it known that your website needs to be using HTTPS in order to rank highly in search results. So basically that makes it a requirement for your website on its own.
And as you’ll find, getting an SSL certificate and getting it set up on your website is pretty easy.
Single domain vs. wildcard domain
Now before we get to how to obtain a SSL certificate and set up HTTPS on your website, I want to discuss one more set of terms: single domains and wildcard domains. You will likely see these when you’re trying to get an SSL certificate, and they do two different things.
Single domain certificates are for only one domain. This does not include subdomains. So for my website, a single domain certificate wouldn’t work for me since it wouldn’t also cover my client dashboard, which is clients.jacobmartella.com.
Wildcard domains, on the other hand, will cover that scenario. For a while, they were more expensive than a single domain certificate, but the good news is that, as you’ll see, the price isn’t much of an issue anymore.
The only thing with wildcard domains is that they won’t cover something like example.clients.jacobmartella.com. But that’s something the vast majority of website owners won’t even need.
So which one should you choose?
Most businesses and websites really only need a single domain certificate. If you don’t have any subdomains for your website, this is the one for you. And if you do have subdomains (like if you run a WordPress multisite installation), then you should get a wildcard domain certificate.
What is Let’s Encrypt?
So where are you going to get an SSL certificate?
Well the chances are pretty high that you’ll end up using a service called Let’s Encrypt.
Let’s Encrypt is a free certificate authority from the non-profit Internet Security Research Group. And they’ve made it extremely easy to get an SSL certificate for your website. They offer both single and wildcard domain certificates, and the best part is that you can get them for free.
If you’re worried about that “free” price tag, don’t worry. It’s very well supported with a goal to help protect as many websites as possible, especially with Google’s HTTPS “requirement”. And despite what you might find online, experts do trust it and it is safe to use.
And it does work with a number of different web hosts (potentially even yours) to make the process of installing the certificate even easier.
How to get an SSL certificate and install HTTPS
Finally, let’s figure out just how you can get an SSL certificate and start using HTTPS for your website.
First off, you’ll want to get your certificate from Let’s Encrypt. As I mentioned before, it’s pretty easy to secure your SSL certificate for your website, whether you need a single or wildcard domain.
Where this gets particularly tricky is getting that certificate on your website.
If your web host is able to do all of this for you, and more and more hosts are offering this, that is going to be your preferred option. In fact, Let’s Encrypt even recommends using this option.
If your web host doesn’t, you are probably going to need some help from a developer to get it on your website. If you have shell access, you can use the Certbot ACME client to upload the certificate. But after that, the options get a bit trickier.
And if all else fails, you might just be better off moving to a different web host that offers a Let’s Encrypt certificate. Chances are your website will be better off in the long run as well.
Then once the SSL certificate is purchased and installed on your website and server, you can change all of the URLs to your website over from “http://” to “https://”.
To learn more about how to get and install an SSL certificate from Let’s Encrypt, you’ll want to check out their “Getting Started” page.
Don’t worry about SSL and HTTPS for your WordPress website
Do you have a WordPress website and are only running on HTTP? Worried about how you can update to HTTPS? Don’t worry about that.
Sign up for one of the WordPress Website Care plans, and your website will be converted to HTTPS for no additional cost. Plus, you’ll get your website on WP Engine hosting, managed updates for WordPress core, plugins and themes, security checks and a lot more.
So get your website running on HTTPS and give it the care that it deserves today.