How To S-S-L Like A P-R-O
Jun 25, 2018
Here at TechArk, we don’t have the answers to the purpose of life, the depth of the universe, or the meaning of everything. What we do have is some solid technical knowledge, which we’re happy to share with anyone of a curious and entrepreneurial nature.
If you’re interested in extending the security of your website to provide the most comprehensive protection possible to your customers, or simply trying to keep up with Google’s rigorous and ever-changing rules, then you’ve come to the right place.
How To SSL
If you’re not sure what we’re talking about, Click Here to view our Blog Post on the subject from last year. Now that you’re all caught up, let’s get ssslerious (for realz this time).
Step One: Host
Host with a dedicated (not shared) IP address. This means that your site will be the only one on the internet using that IP, making it secure to you.
Step Two: Buy
Purchase an SSL certificate. Rather than a framed paper document you hang in your office, this is invisible to humans and lives on the back of your site. Like a social security number for your website, this long string of code is cross-referenced when users visit your site.
When the code on the back of your site matches the reference database check, your site is authenticated and deemed “secure,” and your data is automatically encrypted in transfer:
Step Three: Activate
If you’re using a web host service they will likely do this for you.
If you’re the DIY type …
- Generate a CSR within your web hosting panel
- Navigate to section titled SSL/TLS Admin and select “Generate an SSL certificate & signing request”
- Fill in the required fields
Note: Some light Googling may be necessary.
Step Four: Install
Once again, if using a web host they may take care of this for you. If not, paste the certificate code into the web host control panel.
Step Five: Update
Refresh your website from the front, user-facing, end, and you should see “HTTPS” at the beginning of the url, along with a cute lil green padlock and the word “Secure.” Doesn’t that feel nice? But you’re not quite done yet.
You don’t need security encryption on every page of your website, only the ones sending or receiving data. Select a few key target pages to encrypt, and set redirects up so that users don’t somehow end up on an unsecure page, or a 404.
There are 3 levels of SSL Certification:
- Domain Validation (DV): Simplest security
- Organization Validation (OV): Low-level transactions
- Extended Validation (EV): Highest level security
A Few Plugins to Help:
- Really Simple SSL (after purchasing SSL)
- Insecure Content Fixer (after installing SSL)
- WP Force SSL (after purchasing, installing, & fixing SSL)
Why Does My Website Need an SSL?
- Secure your site (when it’s not secure it says “NOT SECURE” at the top in red letters.
- Legitimize your business online—demonstrate that it’s safe for customers to browse.
- Search engines are checking. You may not experience a huge boost in rankings for getting an SSL, but you’ll definitely notice a huge drop if you don’t.
How Much Does an SSL Cost?
- Typically $50—$100 for 1-2 years.
Congratulations! You're SSL Certified.
Does your insecure website need a makeover, or just a lesson in Secure Socket Layers?