SSL tools and guides
Blue Host - Our Free WordPress SSL will be added immediately for new installations of WordPress or if you already have WordPress, you can select to add the SSL in the SSL section of Addons.
8/25/17 - tested it by installing on paulkatzeff.com. Was a seamless, painless process!
Hostgator - $39.99/year for two base plans. Free with Biz plan.
GoDaddy - $55.99/year (first year), then $69.99/year
DotEasy -
ixwebhosting - $49.95/year, free installation. Moshe Gordon is the webhost affiliate for OCH's plan with ixWebhosting
1 and 1 - Symantec SSL. Google Chrome plans to distrust Symantec SSLs, according to GoDaddy.
- IT News: "Symantec transport layer security (TLS) certificates issued before June 1 2016 will not be trusted by Google's Chrome web browser from next year."
- Zamir's 1&1 contract includes a free SSL certificate, that you can use to improve the security for your visitors and customers.
- The SSL certificates at 1&1 are domain based, which means they are quick to validate and secure. In just a few clicks, you can enjoy the peace-of-mind of having ironclad certification for your online transactions. We offer QuickSSL certificates from the certification institute GeoTrust – the second largest provider of SSL certificates in the world. Your certificate from 1&1 is enhanced with powerful 256-bit SSL encryption, providing your domain with the highest level of security available. Thanks to our world-class SSL certificates, you can conduct your online business with ease and confidence knowing that sensitive information entered into your website is secure. Displaying the GeoTrust seal on your site sends a clear signal to your customers that their security is your priority – just as it is with us at 1&1.
Siteground - Free Let's Encrypt SSLs. Easy to use plug-in to make the change.
https://developers.google.com/web/fundamentals/security/encrypt-in-transit/why-https
Why HTTPS Matters | Web | Google Developers
You should always protect all of your websites with HTTPS, even if they don’t handle sensitive communications. HTTPS provides critical security and data integrity both for your websites and for the people that entrust your websites with their personal information.
Aside from providing critical security and data integrity for both your websites and your users' personal information, HTTPS is a requirement for many new browser features, particularly those required for progressive web apps.
The details of our http to https service
Here’s what’s included in a typical http to https WordPress conversion from WP Site Care:
Installation and setup of SSL/TLS Certificate – We setup your certificate using your web host’s product, Lets Encrypt, or another third party certificate from an authority like Digicert.
Google Search Console Registration – We create a new entry for your website within Google Search Console to indicate to Google that an https version of your website will soon be available
Update WordPress URLs – We update all of your domain URLs to use the new https protocol using a search and replace tool like WP-CLI
Implement 301 Redirects – We ensure all old non HTTP URLs auto-redirect to the new corresponding HTTPS URL. We handle this for non-www and www subdomains to ensure all traffic is landing on the proper page without more than one redirect
Regenerate Sitemap and Submit to Google Search Console – Google will need to know where to find your new sitemap, so we generate your new sitemap and submit it to them to crawl and review.
Mixed Content Error Validation – We make sure that none of your site assets are being served over HTTP URLs and causing display or other types of issues
SSL/TLS Validation Through SSL Labs – We verify the quality of the SSL/TLS implementation with SSL Labs server test.
Google Analytics Property Update – We update your property in Google Analytics to track https traffic so you have the most accurate traffic data.
https://www.wp-bff.com/ultimate-guide-ssl-wordpress/
Activate your SSL in WordPress
Regardless of what type of SSL you choose, there are a few things you need to do after you install your SSL:
1. Change your URL in WordPress Settings
2. Install this plugin to redirect all old http:// links to new https:// – https://wordpress.org/plugins/https-redirection/
3. Update Google Analytics Settings to change http:// to https://
4. Update Google Search Console accounts – Add a Property with your new https:// URL
5. Upload a new sitemap. You’ve essentially changed your domain name, and because of that you can expect SEO rankings to fluctuate until your site has been reindexing – not a huge deal, but sometimes it freaks people out if they enjoy a high ranking and then they drop for a few days.
Depends on what SSL certificate you are using but most hosts utilise Lets Encrypt these days to make it super easy.
If they do, you simply ask them to add it to your server and then go into the WP dashboard and get to work:
1. Change the 2 boxes in the general settings tab to be https instead of http.
2. You will get logged out so log back in.
3. Install a plugin called Velvet Blues update URLS.
4. Run the URL changer and you will be done.
I've never had any issues doing it this way and it takes about 10 minutes each time
Like · Reply · 1 · 10 hrs
Karl Peschel - That gets the basics of the site done, but that link I gave also details all the other things to change. 301 redirects, updating Google products, etc.
Marcy Diaz - The plugin Really Simple SSL works great for redirecting all urls to https, if for some reason you can't redirect in .htaccess. It even works on multisite.
https://wordpress.org/plugins/https-redirection/
Use SFTP not FTP
If you're still using regular ’ol FTP, you should switch to SFTP as soon as possible. In a nutshell, FTP sends your credentials and data in clear text, which means your password and connection information is not encrypted2. If you are transferring your files via FTP, anyone listening on the network can grab your data and use it to exploit your site. Using SFTP is just like using FTP, but with SFTP all of your credentials and data are encrypted, which protects them from would-be attackers.
Ask your web host if you are unsure about SFTP support — they should be more than happy to help. Likewise with your current FTP setup, check the documentation to see how to change things over to use SFTP as your file-transfer protocol.
Use SSL/HTTPS
This is the same basic idea as using SFTP instead of FTP. If your site is using the HTTP protocol, all transmitted information is sent without encryption. So all comments, logins, purchases, and other transactions are sent and received unencrypted over the network.
This means that an attacker could intercept passwords and other sensitive data in order to exploit your site and its users. This is one reason why Google and other big players are pushing hard for everyone to switch over to HTTPS. With HTTPS, all transmitted data is encrypted, which helps to protect against interception and exploitation.
Of course, switching from HTTP to HTTPS requires more effort than switching from FTP to SFTP. To set up HTTPS for your site, you need an SSL certificate, which must be implemented properly on your server (which can be easier said than done). If you do decide to upgrade to SSL/HTTPS, make sure to do so for all pages on your site, otherwise known as "always-on" SSL.
For help making the transition, check out Chris Coyier's write up over at CSS-Tricks. After implementing SSL, test your pages for proper functionality and security using an online SSL checker.
Moving to HTTPS (my gist) - https://css-tricks.com/moving-to-https-on-wordpress/
SSL checker - https://www.ssllabs.com/ssltest/
https://www.whynopadlock.com/
https://www.wp-bff.com/ultimate-guide-ssl-wordpress/
https://movingtohttps.com/
Karl Peschel - I stumbled across movingtohttps.com a few months ago and it's the most complete one I've seen. Check with your host too as each will have slightly different things you need to do.
Chris Coyier - https://css-tricks.com/moving-to-https-on-wordpress/