Can I Use SSL For Free on Godaddy Managed WordPress Hosting?
I get this question a lot: “Can I use SSL for free on a Godaddy Managed WordPress Hosting plan?” Most people are under the impression that you have to purchase an SSL certificate from Godaddy (or another similar company) to use SSL for free on your website. But that’s not true! You can use a free, self-issued SSL certificate from LetsEncrypt to protect your website’s email, login pages, and more at no cost to yourself.
It’s true that you have to verify the ownership of a free, self-issued SSL certificate by adding a small text file to your website. But that’s it! You can do all the verifying you need and add the security of SSL without paying a penny.
Why Use Self-Issued SSL?
When you use a Godaddy Managed WordPress Hosting plan, the company handles all the technical details for you. They handle all the installing of WordPress, the configuring of an SMTP email server, etc. So the responsibility of securing your site is completely on you.
Let’s say you have a basic WordPress installation on your site. You probably don’t even have a password set for the admin user account. Once you add a small text file with the verification of your ownership, the site is ready to use SSL.
Why would you use this method? Because it prevents the issue of trust. When someone visits your site, they don’t know if you’re really in charge of the domain or not. With a Godaddy Managed WordPress Hosting plan, they don’t need to guess whether or not they can trust you. Once you’ve added the proper files and verified ownership of the domain, the site will always display a security indicator next to the website address in the browser.
How Do I Verify Domain Ownership?
The first thing you need to do is add a small text file to the root directory of your website. This is called a “Html Header” and contains just a few words, typically used to identify the website. For example, you might want to use “Verified” or “Secure” for your file’s content.
Once you’ve added this file, navigate to your site’s homepage in your browser. You should see a small security indicator in the form of a lock icon or a green padlock with the words “Secure” or “Verified” in front of your website address.
This is because your website now has a trusted digital certificate from LetsEncrypt. When someone visits your site, the browser will ask the server to verify that you are, in fact, the owner of the domain. In most cases, the server will verify your ownership and allow the site to display the security indicator. But if the server gets any questions about the validity of the certificate, it will display a warning symbol in place of the trust mark.
What About Performance?
From my own experience, I can tell you that using a self-issued SSL certificate with a WordPress site is about on par with using unauthenticated connections. So other than the fact that your site’s visitors will have to verify your authenticity before they can access your content, the performance difference is minimal. In some cases, using self-issued SSL can even improve performance due to the fact that browsers will cache the contents of HTTPS pages for faster loading times.
There are also some security advantages to using self-issued SSL. For example, without having to trust a third party (like a certificate authority) to vouch for you, your site’s visitors will have no reason to fear that you are, in fact, an impostor. They will know exactly what they’re dealing with. And as a result, they may be more inclined to trust you than they would if they didn’t know who you were.
More Information
If you have any more questions about using self-issued SSL or want to read more about it, head over to the LetsEncrypt website. They have great tutorials that explain everything you need to know in simple terms. Plus, their forums are a great place to get support if you need it.
And if you decide that self-issued SSL is right for you, be sure to read my guide to adding a Let’s Encrypt signed certificate to your site.