How To Deploy SSL On Your Blog With SiteGround

I decided a few weeks ago that I’d jump on the bandwagon and deploy SSL on my blog.

In all honesty, I’d read a few horror stories about it being a difficult process.

And I wondered whether doing it myself might result in a botched job that I would regret.

Whereas in reality, I found it wasn’t as bad as I’d thought it might be.

Now I know there are much more glamorous and expensive ways to do it.

And there are bound to be better levels of security than I’m using.

I wanted to keep the costs down though but still be able to provide a secure connection on my site.

I figured as I’m not selling anything via my site I didn’t need any of the fancier options at this stage.

SiteGround

Without SiteGround hosting my site, I don’t think I would have found it so easy to deploy SSL.

They now automatically issue and install a free certificate for the majority of domains that point to their shared servers.

But if you set up your account prior to them doing that, it’s easy to get things up and running through your cPanel.

And it’s the free certificate which I’m currently using via Let’s Encrypt.

On your cPanel, you’ll find what you need under the Security tab.

Click on the Let’s Encrypt button and you’ll be taken to a list of installed certificates for your account.

Siteground Lets Encrypt

SiteGround may have already installed the certificate for you but if not, it’s easy to do yourself.

All you need to do is select the domain name you want to issue the certificate for and enter a valid email address.

Click on the Install button to get things moving.

SiteGround Lets Encrypt

In next to no time, you’ll have a working SSL certificate for your domain name.

SiteGround Lets Encrypt

Let’s Encrypt

Let’s Encrypt, if you haven’t heard of it, is a free Certificate Authority, run for the public’s benefit.

They issue digital certificates to enable you to use HTTPS on your site for free.

Setting up your certificate through SiteGround, means you won’t have the hassle of having to renew it every few months.

Because when you deploy SSL on your site, SiteGround do this automatically for you when each certificate is cancelled.

You won’t need to do anything manually.

WordPress

Once you’ve installed your digital certificate, that’s not quite the end of setting things up.

You now need to tell WordPress that you want to deploy SSL on your site.

That really is as simple as changing your WordPress Address and Site Address to the HTTPS version of your site.

WordPress SSL

You can find the required entries under Settings –> General on your WordPress dashboard.

The other thing you need to do is force traffic to go through the HTTPS version of your site.

That avoids duplicate content as well as ensuring that your visitors won’t see a mixed content warning in their browser.

It also means that your site will also automatically take advantage of the HTTP/2 protocol.

I use the SG Optimizer plugin provided by SiteGround to do this under the HTTPS config option.

SiteGround Force HTTPS

By turning the Force HTTPS option on, the plugin will ensure your traffic is redirected through HTTPS.

And that’s your site fully set up with a secure connection.

CloudFlare

If you use Cloudflare like me then you’ll also need to make an amendment on your account to deploy SSL properly.

I use the managed Cloudflare addon through my SiteGround cPanel.

Previously you had to upgrade to Cloudflare Plus to use SSL via this route.

However, SiteGround now support adding SSL through their managed addon even on the free Cloudflare plan.

The update you need to make is to change the SSL option under the Crypto menu to Full (strict).

Using the free plan means that Cloudflare will apply a Universal (shared) SSL certificate to your account.

When a visitor checks out your site information that they will see a Cloudflare shared certificate instead of your Let’s Encrypt one.

If you want to add your own certificate you’ll need to upgrade your Cloudflare account or you can order a dedicated Cloudflare SSL certificate instead.

Finally, I’ve also set Automatic HTTPS Rewrites to on under the Crypto menu.

CloudFlare HTTPS

Things To Watch Out For

Mixed Content Warnings

Even though I have redirects in place, some of my blog posts were still showing as having mixed content.

In other words there were links with both HTTP and HTTPS within the post.

Because I don’t have too many posts on my blog, I decided to check each of them individually.

Where I was getting the mixed content error, I used Google Chrome to discover what the issues were.

You can also use the SSL Check provided by JitBit to find non-secure images, scripts and CSS files.

The Better Search Replace plugin may also be an option if you’re happy to mess about with your WordPress database.

Don’t Forget To Update Google And Bing

Once you’ve got HTTPS working on your site, don’t forget to add the HTTPS versions of your site to Google Search Console and to update Bing Webmaster Tools.

With Google Search Console, I have the www and non-www versions of my site set up using both HTTP and HTTPS.

You’ll also need to update your site to HTTPS on Google Analytics to make sure it’s now pointing to your secure site.

Are You Ready To Deploy SSL On Your Website?

Have you taken the plunge and moved your site to HTTPS yet? How was the experience for you?

Does your web host make it as easy to deploy SSL as SiteGround does?

Please let me know in the comments section below.

You may also like

Follow Me!