Blog    Tutorials    Old Articles    About Me

How to Install an SSL Certificate on a WordPress Site
 
2019-04-08


Russian translation ~ Spanish translation

First of all, what exactly is an SSL Certificate? SSL stands for Secure Sockets Layer, and this digital certificate authenticates the identity of your website, and in turn encrypts all the information being sent to the server using SSL technology.

Having this certificate serves as a type of electronic passport, which in turn establishes your credentials while doing business on the Internet.

Each SSL certificate is made up of the following information:

      The name of the certificate holder.

      The serial number and expiration date of the certificate.

      A copy of the certificate holder’s public key.

      The digital signature of the authority who has issued the certificate

Having this certificate certifies that there is a secure channel between point A and point B on the Internet.

So you want to have an SSL certificate for your WordPress site. Since all of the above may be nonsensical to you, here are the reasons why you should have the certificate. If you have an eCommerce site, you will need to have this certificate before you can accept any form of payment.

If you have any password-protected pages on your website, you also want to know that this is protected by an SSL certificate.

What if you don’t buy and sell anything on your website, but you do collect sensitive information from your visitors? With an SSL certificate, all information is encrypted and secure.

How else can you secure your website?

Use a VPN

VPN stands for Virtual Private Network. This isn’t something that is WordPress specific, it’s a service that can, and some say should, be used by anyone on the Internet today. The purpose of this network is to help you to remain anonymous while online and secure or encrypt your data. For a WordPress user, especially one that may run some sort of business, they could definitely use the protection of the VPN. Depending on your system, there may be some features you need to look for, for example, check out this review of PureVPN.

Choose A Secure Host

Before you install your new WordPress site, you have to have a server to host it on. You may be tempted to choose the cheapest hosting service You can find, but this isn’t necessarily the wisest course of action. Your website will only be as secure as the server upon which it sets. So take the time and do the research to ensure that the host you ultimately pick is reputable.

This doesn’t mean you have to take the most expensive host available. There are some remarkably good hosting providers to choose from that are relatively inexpensive.

Secure Passwords

There are a variety of ways to secure your WordPress site, but for the sake of this article, let’s deal with the most basic, and the easiest to implement.

When installing a new WordPress site, you are given the option to change the default username, and you are also required to choose a password. Make sure that password is a long, complicated password, ideally consisting of letters, numbers, and symbols. Letters should be a mixture of both upper and lower case. Brute force attacks look for the username admin as well as weak passwords. Don’t make it easy for hackers to access your site.

Protect the WordPress Login Page

This is a step that many WordPress security plugins will offer to do for you, but it is also something that can be done manually with relative ease. One of the steps in which you can do this is to rename your login URL. By default, the WordPress login page is accessed by either using wp-login.php or wp-admin.php after the site’s URL. This means that anybody who knows your site’s URL also knows the URL to access your site’s admin if you have been changed it.

What you want to do is something like this:

      Change wp-login.php to something like  cool_new_login

      Change wp-admin.php to something like  cool_new_admin

Install Your SSL Certificate

You thought I’d forgotten about this, didn’t you? No. Here are the steps to obtain and install your SSL certificate.

Depending on where your website is hosted, you may be able to obtain an SSL certificate at no charge through your hosting provider. If not, there are a variety of third-party providers through which you can purchase a certificate. Annual costs can range from anywhere from $5 to $200.

If your host provides the certificate at no charge, they will have a method for it to be installed on your site. If you have purchased your certificate, you can either contact your host and ask them to install it for you, or choose a WordPress plugin that will install it.



Older blog postings....


About This Blog...

I've been writing about computers, software, Internet and the rest of technology since 1992, including a 17 year (1995-2012) stint as 'High Tech Office' columnist for Business in Vancouver. This blog includes thoughts on technology, society, and anything else that might interest me. Comments, emailed to alan@zisman.ca are welcome - and may be published in whole or part. You can follow me on Twitter or Google + for notice of new blog postings.