I decided a few weeks ago that I’d jump on the bandwagon and deploy SSL on my blog.
In all honesty, I’d read a few horror stories about it being a difficult process.
And I wondered whether doing it myself might result in a botched job that I would regret.
Whereas in reality, I found it wasn’t as bad as I’d thought it might be.
Now I know there are much more glamorous and expensive ways to do it.
And there are bound to be better levels of security than I’m using.
I wanted to keep the costs down though but still be able to provide a secure connection on my site.
I figured as I’m not selling anything via my site I didn’t need any of the fancier options at this stage.
Without SiteGround hosting my site, I don’t think I would have found it so easy to deploy SSL.
They now automatically issue and install a free certificate for the majority of domains that point to their shared servers.
But if you set up your account prior to them doing that, it’s easy to get things up and running through your cPanel.
And it’s the free certificate which I’m currently using via Let’s Encrypt.
On your cPanel, you’ll find what you need under the Security tab.
Click on the Let’s Encrypt button and you’ll be taken to a list of installed certificates for your account.
SiteGround may have already installed the certificate for you but if not, it’s easy to do yourself.
All you need to do is select the domain name you want to issue the certificate for and enter a valid email address.
Click on the Install button to get things moving.
In next to no time, you’ll have a working SSL certificate for your domain name.
Let’s Encrypt, if you haven’t heard of it, is a free Certificate Authority, run for the public’s benefit.
They issue digital certificates to enable you to use HTTPS on your site for free.
Setting up your certificate through SiteGround, means you won’t have the hassle of having to renew it every few months.
Because when you deploy SSL on your site, SiteGround do this automatically for you when each certificate is cancelled.
You won’t need to do anything manually.
Once you’ve installed your digital certificate, that’s not quite the end of setting things up.
You now need to tell WordPress that you want to deploy SSL on your site.
That really is as simple as changing your WordPress Address and Site Address to the HTTPS version of your site.
You can find the required entries under Settings –> General on your WordPress dashboard.
The other thing you need to do is force traffic to go through the HTTPS version of your site.
That avoids duplicate content as well as ensuring that your visitors won’t see a mixed content warning in their browser.
It also means that your site will also automatically take advantage of the HTTP/2 protocol.
I use the SG Optimizer plugin provided by SiteGround to do this under the HTTPS config option.
By turning the Force HTTPS option on, the plugin will ensure your traffic is redirected through HTTPS.
And that’s your site fully set up with a secure connection.
If you use Cloudflare like me then you’ll also need to make an amendment on your account to deploy SSL properly.
I use the managed Cloudflare addon through my SiteGround cPanel.
Previously you had to upgrade to Cloudflare Plus to use SSL via this route.
However, SiteGround now support adding SSL through their managed addon even on the free Cloudflare plan.
The update you need to make is to change the SSL option under the Crypto menu to Full (strict).
Using the free plan means that Cloudflare will apply a Universal (shared) SSL certificate to your account.
When a visitor checks out your site information that they will see a Cloudflare shared certificate instead of your Let’s Encrypt one.
If you want to add your own certificate you’ll need to upgrade your Cloudflare account or you can order a dedicated Cloudflare SSL certificate instead.
Finally, I’ve also set Automatic HTTPS Rewrites to on under the Crypto menu.
Things To Watch Out For
Mixed Content Warnings
Even though I have redirects in place, some of my blog posts were still showing as having mixed content.
In other words there were links with both HTTP and HTTPS within the post.
Because I don’t have too many posts on my blog, I decided to check each of them individually.
Where I was getting the mixed content error, I used Google Chrome to discover what the issues were.
You can also use the SSL Check provided by JitBit to find non-secure images, scripts and CSS files.
The Better Search Replace plugin may also be an option if you’re happy to mess about with your WordPress database.
Don’t Forget To Update Google And Bing
With Google Search Console, I have the www and non-www versions of my site set up using both HTTP and HTTPS.
SiteGround Are Definitely Doing The Right Things
Webhosting Geeks put together some information showing the total domains under SiteGround management.
You can see from the graph below that they’ve gradually increased the number of domains under their management year on year.
They must be doing something right if they’re able to achieve that!
Are You Ready To Deploy SSL On Your Website?
Have you taken the plunge and moved your site to HTTPS yet? How was the experience for you?
Does your web host make it as easy to deploy SSL as SiteGround does?
Please let me know in the comments section below.