Let’s Encrypt: the quick, free way to securing your WordPress site
I had my doubts about Let’s Encrypt when I first heard about it. I thought, “Free as in lunch? How strong is the encryption? Will most browsers trust it?”
But then I had a few hours on my hand one weekend and decided to give it a try on my personal portfolio site. I like to mess with things on this site for the lulz, like trying PHP7, or version control for WordPress etc. So I didn’t mind breaking things. I could roll anything back.
Step 1. Have a good host
I host all of my sites at Siteground. They are great and well worth the price. I’ve never had a site go down due to server issues. I’ve been with them several years.
They recently rolled out a one click option to install Let’s Encrypt on their shared hosting. This, as it turned out, made the process much simpler, and is what makes this host so good. They make everything so easy and make available the newest features of the web to shared hosting customers. When you’re researching hosts, make sure they offer Let’s Encrypt. Or reach out to your current host for advice on how to add it to your site if they don’t have a one-click install option yet.
Step 2. Run the Let’s Encrypt certificate install
First, I clicked the install button for Let’s Encrypt in cPanel. Good to go there. I read in my cPanel that the certificate will continually renew every three months without bothering me to do it. I like automation. I won’t have to deal with the dreaded browser warning because I forgot to renew my certificate.
After that, it was installed. An easy way to check was to type https:// before your site’s URL in the address bar. If it shows a valid lock icon or something similar, you’re on the right path. Check out Google’s write up about their SSL icons. You have to manually type https in the address bar because at this point, your site will still be using the http version.
Step 3. Install the plugin
I used “Really Simple SSL” plugin to quickly prep my site for SSL. It changes all the zillions of http instances in the database to https. Though it has a nice roll-back feature, you should still backup your database before you run it.
I followed the steps it told me to do after I installed it and ran the setup process. I had a few hard-coded links in my theme. I changed them to relative links or to https versions. Bam, done.
My site showed the secure pad-lock icon in all browsers. I was impressed to learn it used a high grade encryption and trusted certificate authority. I spent like 45 minutes doing this. https://jackmathis.com