SSL for WordPress inMotion Hosting: How to Get It Right
Do you run a WordPress site and want to serve your content securely using the SSL protocol? Wishlisting hosting providers that offer this feature may seem like an unnecessary exercise, as the answer is self-evident – it’s only available on their more expensive plans. Fortunately, there are several reputable hosting providers who value their customers’ security and provide it with native support through their customer care teams.
A Closer Look At The Price
Most web hosts will graciously offer you an SSL-enabled plan at no additional cost. You’ll simply need to select this feature during the sign-up process. A closer look at the price of some of the best dedicated hosting providers will reveal that the price difference is marginal at best, and often, you’ll be looking at a substantial discount.
Why Should You Choose A WordPress Host With SSL?
The best news is that you don’t have to choose whether or not to use SSL for your WordPress site. All you need to do is ask for it during the sign-up process and the hosting provider will take care of the rest. Now, you may wonder whether or not you need to use an SSL with WordPress. You might argue that since you’re not storing any sensitive information (such as credit card numbers or passwords), you don’t need to use it. This may be true, but it’s not advisable. The truth is that regardless of whether or not you store sensitive information, it’s always a good idea to use SSL when it comes to online security. Why?
When a web server receives a document containing private information (like credit card numbers or passwords), it typically strips the information from the document and encodes it. This makes it harder for someone to steal your financial information when they gain access to your web server.
In some cases, this encoding and decoding can be done automatically by the web server. In other cases, it’ll require you to perform these functions manually (which is a pain in the butt). Regardless of whether or not you’ll need to do this manually, it’s always a good idea to use SSL when it comes to financial information. Why?
Since your visitors will be entering sensitive information (like billing address and credit card number) into your website’s forms, using SSL helps to ensure that their information is not easily accessed by third parties. If someone gains unauthorized access to your server, they’ll be able to view potentially sensitive information such as credit card numbers and passwords. Using a VPN while browsing may also help ensure that your data is not accessed by third parties.
How To Easily Set Up An SSL-Enabled WordPress Site
If you’re new to the world of SSL and the native support offered by your preferred hosting provider isn’t enough, fear not! There is still hope. In fact, it’s extremely simple to set up an SSL-enabled WordPress site. Once you’ve signed up for the service, navigate to your dashboard and click on the Settings icon. You’ll see a screen similar to this:
If you click on the Additional Settings link, you’ll be able to choose the protocol you’d like to use and, in most cases, the domain you’ll use for your site. Since this is a static page, we’ll use Let’s Encrypt and the Cloudflare DNS servers. For the sake of this guide, we’ll use the monetish domain name (in this case, blog.monetish.com).
To begin, let’s take a quick look at the Additional Settings for SSL.
What Is Let’s Encrypt?
If you’ve been following our blog for a while now, you may have noticed that we don’t usually recommend free web hosting providers. While it’s great to have a site up and running as soon as you log in, the truth is that with free plans from popular hosts, there’s usually a lot of unnecessary, unwanted garbage lying around. So, it’s best to avoid these situations if you really want to have a secure, reliable site.
In some cases, this extra baggage can be quite a nuisance, as you’ll discover when you try to install a WordPress plugin or template. Essentially, these free plans come with a lot of features that you won’t need and may even slow down your site. All of this is worth it if you don’t want to worry about downtime or security issues.
Why Cloudflare DNS Is Important For An SSL-Enabled Site
If you plan on serving any sort of content that may be copyrighted, you’ll need to take into consideration the need for a DMCA (Digital Millennium Copyright Act) compliant policy. In most cases, this will require you to register copyright infringement claims with a service like Cloudflare’s. They will then remove notices of infringement that come from their servers. This is a lot easier said than done, which is why we’re including this step in this section.
How To Create An SSL Certificate For Your Site
When you decide to use SSL for your site, the first thing you’ll need to do is create an SSL certificate. It’s important to keep in mind that for this tutorial, we’re not going to go into the nitty-gritty of how to create a fully-fledged, 100% wildcard certificate. Instead, we’re going to simplify the process and use the most common type of certificate (which is only signed by a single certificate authority).
To create this certificate, you’ll need to visit the Certificates page of your Cloudflare dashboard. You’ll see a screen like this:
Since we’re not using a wildcard certificate, you can leave the Select a Type option at the top unchecked. Now, scroll down to the bottom and look for the green button labeled Generate SSL Certificate. Once this button is pressed, you’ll be asked to enter a name for your Certificate (this will be your domain name).
Enter a short name for your Certificate (like “blog” for blog.monetish.com) and then click on the Verify button.
Cloudflare will now install your certificate and you can take a look at the status on the right-hand side of the page. When this process is complete, you can download your certificate by clicking on the Download button.
As you can see, our certificate is now installed and active. At this point, you can click on the Settings tab next to your DNS records and see this:
If you click on the green lock icon at the top, you’ll be taken to the site’s dashboard. At this point, you’re ready to use your new, self-signed certificate when configuring your WordPress site. For the sake of this tutorial, we’ll use the Let’s Encrypt plugin to automatically generate a certificate for our site.
Installing The Let’s Encrypt Plugin
On the day we’re publishing this tutorial, Let’s Encrypt has been a free service for over a year. This plugin will install a small, encrypted sidebar into your WordPress dashboard. You’ll see a small notice that this plugin is active and ready to be used. If you click on the link, you’ll be taken to the plugin’s homepage. From here, you can click on the Install button to continue. This is the last step before using your certificate for the first time.
After clicking on the Install button, WordPress will ask you to log in to your dashboard and re-verify ownership of your site. You’ll have to do this to make sure that Let’s Encrypt hasn’t been tampered with by hackers. Once re-verified, you can click on the Enable button and your encrypted sidebar will appear in your WordPress dashboard. You can now start using your new, fully-functional SSL certificate for all your site’s traffic!
If you’re new to using certificates and aren’t sure where to start, this short tutorial will walk you through the whole process. From start to finish, it’ll take you less than five minutes to create your SSL certificate and install the Let’s Encrypt plugin. After that, all you have to do is open up your WordPress dashboard and you can begin serving secure content to your visitors!