Google has been working diligently to make the web safer and has now begun to mark websites as “Non-Secure” which do not have an SSL certificate installed but still exchange user data. Therefore, it has now become a must to serve your website over HTTPS/SSL to secure your visitors’ data and also to show that your brand cares about security. Coming to Chrome Push Notifications, although not a requirement, SSL is recommended for your main domain. There are a lot more benefits to adding an SSL certificate to your website including improving your search rankings. In this post lets dive deep into SSL certificates and how you can setup a free SSL certificate (Cloudflare) on your website.
If you are a beginner and want to learn about blogging, read my article about how to start a blog. I have also written an article about the best WordPress plugins for SEO to rank your website faster and start making money.
What is SSL?
“SSL (Secure Socket Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This secure link ensures that all data transferred remains private. It’s also called TLS (Transport Layer Security). Millions of websites use SSL encryption every day to secure connections and keep their customer’s data safe from monitoring and tampering.”– Cloudflare
On most websites today, you will see that they begin with “https://” in the URL with a green/gray padlock saying secure, that’s due to the use of an SSL certificate. But that’s not just for indication, there is a lot going on behind the scene.
SSL or Secure Sockets Layer helps establish an encrypted link between your web server and the website visitor. This makes sure that all data passed between the two is private and no-one in the middle has access to it. Even if someone manages to tap the connection, the data will be of no use to them, as it is encrypted end-to-end.
Coming back to the SSL certificate, it is a small file that combines a cryptographic key with your organization and domain’s details. It is placed on the server to enable HTTPS protocol and based on the type of SSL certificate used, the Certificate Authority makes several checks on the organization’s information. Browser and Operating system vendors work with these Certificate Authorities to embed the Root Certificates (from which the SSL certificate is derived) within their software so that the certificate can be authenticated and a secure connection is established between the web server and the end-user.
With an insecure HTTP connection, third parties can snoop at the traffic passing between a web server and the browser to collect private data including email addresses, passwords as well as usernames. That is the reason why Google, security experts are pushing for the use of SSL on websites so that you get peace of mind that even the most basic data is secure from being intercepted.
Why do you need an SSL certificate on your website?
Every website on the Internet should be served over HTTPS. Here’s why:
- Performance: Modern SSL can actually improve page load times.
- Search Ranking Boost: Search engines love HTTPS websites.
- Security: Encrypting traffic with SSL ensures nobody can snoop on your users’ data.
- Trust: By displaying a padlock in the browser’s address bar, SSL increases the visitor’s trust.
- Regulatory Compliance: SSL is a key component in PCI compliance.
While eCommerce websites, banking institutions have been using SSL for a very long time – small and medium enterprises, personal websites, blogs are starting to get behind the idea now. Apart from the main benefit of securing user information and prevention of data leak, one of the major driving factors has been Google’s webmaster guideline. It states that SSL will be considered as a ranking factor in their search algorithm. This was announced back in 2014 and since then many websites have begun transitioning to HTTPS.
So websites with an SSL certificate are bound to get a boost in SERPs. Although it may not be a huge ranking factor, it is surely a positive signal. Moreover, recently Google Chrome, the most widely used browser on both desktop and mobile also started showing HTTP pages that collect passwords or credit cards as “Non-Secure”.
This would certainly have an impact on your visitors who would think twice before entering any data on a website which the browser calls non-secure.
You would definitely not want this in your URL bar.
How to secure your website with a free SSL certificate from Cloudflare?
I will walk you through the process to get a FREE SSL certificate to your website from world’s best web performance and security company – Cloudflare.
To get free SSL certificate for your website, you will need to have an account on Cloudflare. Go to Sign Up.
Step 1: Create a free account on Cloudflare
Step 2: Add your website/domain
Add your website URL and click on ‘Add site’.
Now, you will land up on plans page. Here you can select a plan as per your need.
In this case, we will choose ‘Free plan’ to get a free SSL certificate and click on the confirm button.
Step 3: Configure your website DNS Records
Once the scan is done, you will see a table containing many different records and an orange cloud next to your main domain. That means the configuration is correct.
Now, click on ‘Continue’ button.
Step 4: Update your website DNS Records
Now, go to your domain’s control panel from which you have purchased your domain. For example, GoDaddy, Hostinger, Siteground etc.
Here, my domain is with Hostinger.
So, login to your domain area and go to Update nameservers section.
Now, go to Cloudflare. Copy nameservers and replace the Cloudflare nameservers with your domain nameservers.
Step 5: Setup SSL/TLS
Now, you need to setup SSL for your website. For that, go to ‘SSL/TLS’ button on the top.
Choose ‘Flexible’ option.
Next step is, go to ‘Edge Certificates’ tab. Scroll down to the page and configure few settings as given below.
Enable ‘Always Use HTTPS’ option.
Also, scroll down and make sure that ‘Automatic HTTPS Rewrites’ is enabled.
Step 6: Activate SSL in WordPress
We are now in the final stage where we will need to configure the SSL in our WordPress dashboard.
For that, go to ‘Plugins’> ‘Add New’, and search for ‘Cloudflare Flexible SSL‘. Then, install and activate the plugin.
Now, again search for ‘Really Simple SSL‘ plugin. Then, install and activate the plugin.
Here, we have a twist!
After activating ‘Really Simple SSL‘ plugin, your website will occur security certificate error and will stop working. You will not be able to access the dashboard or any web pages. But, do not panic! Do not worry! Your website is totally safe. It usually takes 4 to 6 hours to update the nameservers and SSL certificate to work properly. So, sit back and relax!
Try to load your website after few hours and you will see that website is working fine and SSL is also activated. You will able to see the padlock in the URL field. Now, you can login to your WordPress dashboard and check the settings.
Cloudflare provides this free SSL certificate for 1-year validity. You don’t need to worry about the renewal because it will be renewed automatically after 1 year. You can add as many websites in your Cloudflare account and activate free SSL for your websites.
So, are you currently using any paid SSL certificate for your website? How much money you spend on this? Did you find this article helpful? If you’ve any questions, let me know in the comments and I will answer your questions.