Having a secure connection to your website is important especially if your are running an eCommerce website where you want to prevent your customers’ sensitive data such as Credit Card numbers and passwords from being intercepted by a Third Party. You can know that you are running on secure connection if your website address starts with https instead of http. Besides that, you will also notice the secure label at your browser bar.
If you are running a standard WordPress type website, having a secure connection will also benefit you because since 2014, Google has officially acknowledge HTTPS as one of its ranking signal.
How to Secure Your Website
Without having to go into too much technical details, a secure connection is established when you have SSL (Secure Socket Layer) install in your web hosting. SSL is a standard security protocol for establishing encrypted links between a web server and a browser in online communication.
While SSL certificate comes with price from RM70/month, most of the web hosting company now offered free SSL. However, it didn’t come out-of-the-box therefore you have to manually generate SSL certificate by filling in necessary details yourself. If you need assistance in installing your SSL certificate, please get in touch with us.
This content originally is written to guide you on how to install SSL sockets using Cloudflare. However, there are another much simpler steps to get your WordPress site secured if you are using cPanel Hosting.
Steps To Install Free HTTPS Connection Using Really Simple SSL plugin
Most of the well-known web hosting provider had a cPanel hosting that comes with free SSL although there are some that don’t have this offer. You can quickly determine this by installing a free plugin called “Really Simple SSL”. Just go to your WordPress Dashboard > Plugin and search for this plugin.
As the name implies, the steps are really simple because you really don’t have to configure anything once you activate it. Just log out from your WordPress Dashboard and login back to see the effect.
Steps To Install Free HTTPS Connection Using Cloudflare
In case your web hosting did not provide SSL for free, we have good news for you whereby you can secure your website by using free Cloudflare SSL. Here are the steps to install Cloudflare SSL to your WordPress website.
1. Go to cloudflare.com and signup for free account
2. Once you are logged in, click +Add Site link at the top right corner and enter your website address.
3. You will go through a guided step-by-step process. First step, click to select and confirm FREE PLAN. Second step, you will see the configuration of your DNS which basically show where the domain name is pointing before and after adding Cloudflare SSL. Here you can leave it to default setting and click at the Continue button below the page.
4. Next step is changing your domain name nameserver. By default your nameserver is pointing to your web hosting. You can ask your domain name provider like Exabyte or Namecheap to change the value of your nameserver as we will not cover that details here. After changing the nameserver value, click the Continue button.
You will need to wait for up to 24 hours before the changes to Cloudflare nameserver take effect. Recheck nameserver and once its fully resolve, open WordPress website as it also need to be configured to work with Cloudflare SSL.
5. Once you are in WordPress admin dashboard, go to Plugin and search for Cloudflare. Install and activate.
6. Go to Setting > Cloudflare to login to your account in order for the link to be established to your website. You need to provide your email address that you use when signing up with cloudflare and API key which you can obtain from Cloudflare site.
7. Once you’ve activate it, you will see the Cloudflare user interface. Click Apply to optimise Cloudflare for your website.
8. Now is the time to change your link from http to https. Go to Setting > General and change the value of WordPress Address (URL) and Site Address (URL)
At this point, has already go through Cloudflare secure connection accept that in your browser URL bar, it did not display the green lock yet as its not 100% comply to https standard. This is because of mixed content.
Mixed content occurs when your webpages is loaded over a secure HTTPS connection, but other resources (such as images, videos, stylesheets, scripts) are loaded over an insecure HTTP connection. This is called mixed content because both HTTP and HTTPS content are being loaded to display the same page, and the initial request was secure over HTTPS.
To solve this issue, you need to change all the resources url to HTTPS and this means getting your hand dirty with changing values in the database. Fortunately, we found a plugin that make it easy for you to change the url value right within your WordPress Dashboard!
9. Search and install the plugin Better Search Replace by Delicious Brain. After activating it, go to Tools > Better Search Replace. Search for: http and replace with https. At this point, we want add a disclaimer that we are not to be held responsible on the possibility of something goes wrong when changing database value which may renders your website unusable. Therefore please backup your database before running this program.
10. Once its finish running, please logout and navigate to your homepage to check your URL bar. If you notice the sweet little green lock, Voila! You have successfully secured your website!
Having a secured website is one part of improving your website. Besides watching your rank in search engine goes up, a secure website also give your visitors a sense of security and confidence in dealing through your website.
In the next article, we will talk about how to make your website blazingly fast. This again give a good user experience to your visitors especially if they are browsing your site from a mobile network.