Ultimate Guide to SSL Certificates for Your Blog

An SSL certificate is absolutely necessary for anyone who wants to get the most out of their blog, or website, so I’ve written an ultimate guide for you here. We will cover the basic questions like “what is an SSL certificate?”, “why do I need one?”, “how do I get it?” and (literally) every question I could think of concerning SSL certificates.

What is SSL and What is an SSL Certificate

SSL is what keeps your browser’s communication with a website private and secure and is absolutely necessary for sites that do banking or online payments of any kind. This includes blogs that have an eCommerce plugin installed.

Think of an SSL certificate as an electronic passport that ensures the webserver is who it says it is, and that the connection to that web server is secure.

Why is SSL Important

SSL is important because it builds trust. Knowing that your favorite brand has an SSL certificate on their website gives peace of mind that your personal information is safe to share with them. On the other hand, knowing that your favorite brand does not have an SSL certificate (or, worse, has one that is invalid) can cause you not to trust them with your personal information.

The reason your audience comes to you is because you have a purpose for your blog, a message to share with them. You owe it to your audience to give them a secure experience on your website.

SSLShopper.com also explains that SSL provides a form of authentication. Basically, an SSL certificate verifies that you’re connected to the right server (if you weren’t, your browser would know because the certificate would be invalid).

Browsers are starting to flag any website that does not have a certificate as unsecure.

WordPress Will Begin Requiring SSL in 2017

In December 2016, WordPress.org released a statement that they would start requiring SSL early in 2017. While they have not yet specified a date — because browsers are now treating websites as insecure without a certificate, getting an SSL certificate on your WordPress website even more important.

Having an SSL Certificate Boosts your SEO Ranking

ahrefs.com describes that using HTTPS is one of many small pieces to the SEO puzzle. An SSL certificate on your website allows you to use HTTPS on your website without error. How you implement SSL on your website is also important. Checkout ahrefs.com to learn exactly how to configure your blog for HTTPS in an easy-to-follow format that’s easy to understand.

Are There Different Types of SSL Certificates

There are 3 different types of SSL certificates, as described by globalsign.com. Each type serves a different level of security and builds on the security provided by the one in the previous level.

Domain Validation (DV)

  • Level 1: Validation of the domain name only

Domain Validation is the most basic type of SSL certificate. This is also the least expensive option. Let’s Encrypt is a popular vendor for DV certificates (and they’re also free!). A DV certificate validates that the owner of the certificate has a right to use that domain name.

Organization Validation (OV)

  • Level 2: Additional validation of the organization

Organization Validation is the “middle tier” of validation for SSL certificates. This level of validation includes vetting of the organization itself.

Extended Validation (EV)

  • Level 3: Extended Validation of the organization

Extended Validation is the most strict validation of SSL certificates. EV certificates verify the physical existence of the certificate owner (usually by involving the physical mailing address in the vetting process) as well as validating the identity of the owner against official records.

Obtaining an EV certificate also verifies that the owner has exclusive rights to the domain name. EV certificates are usually the most expensive of the 3 types of validation.

What Type of SSL Certificate Do I Need

A certificate with Domain Verification (DV) is a great way to get your feet wet with SSL and let your readers know your website is secure. A DV certificate is sufficient for a simple blog (and if your webhost supports Let’s Encrypt, your certificate will be free!).

A certificate with Organization Validation (OV) tells your customers that your website actually belongs to your business instead of some phishing scammer. This type of certificate is good for small businesses. Typically, the browser will display a padlock in the address bar.

A certificate with Extended Validation (EV) is typically used by banks, hospitals, large retailers and anyone who wants the “green address bar” for maximum visibility of your website’s security.

Source: GlobalSign

An SSL certificate is absolutely necessary for anyone who wants to get the most out of their blog, or website, so I’ve written an ultimate guide for you here. We will cover the basic questions like “what is an SSL certificate?”, “why do I need one?”, “how do I get it?” and (literally) every question I could think of concerning SSL certificates.

I’ve researched my information from a variety of reputable sources to ensure that this is, truly, the SSL Certificate Ultimate Guide. I broke the information up into small, skimmable, bits of information to help you find the exact information that you need. So let’s get started…

What is SSL and What is an SSL Certificate

SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. — SSL.com

SSL is what keeps your browser’s communication with a website private and secure and is absolutely necessary for sites that do banking or online payments of any kind. This includes blogs that have an eCommerce plugin installed.

Think of an SSL certificate as an electronic passport that ensures the webserver is who it says it is, and that the connection to that web server is secure.

Why is SSL Important

SSL is important because it builds trust. Knowing that your favorite brand has an SSL certificate on their website gives peace of mind that your personal information is safe to share with them. On the other hand, knowing that your favorite brand does not have an SSL certificate (or, worse, has one that is invalid) can cause you not to trust them with your personal information — perhaps to the point where you don’t feel safe shopping with them online.

#SSL certificates are important because they builds #trust.CLICK TO TWEET

The reason your audience comes to you is because you have a purpose for your blog, a message to share with them. And they trust what you say. You owe it to your audience to give them a secure experience on your website.

SSLShopper.com also explains that SSL provides a form of authentication. Basically, an SSL certificate verifies that you’re connected to the right server (if you weren’t, your browser would know because the certificate would be invalid).

Browsers are starting to flag any website that does not have a certificate as unsecure. Did you read that? Go back and read it again.

Browsers are starting to flag any #website that does not have an #SSL certificate as #insecure.CLICK TO TWEET

This is just as big of a reason as any why SSL is important. As Troy Hunt has pointed out, [SSL] adoption has reached the tipping point … where it’s gathering enough momentum that it will very shortly become “the norm” rather than the exception”.

Without #SSL, your #customers and #readers will start seeing your #website as #insecure.CLICK TO TWEET

WordPress Will Begin Requiring SSL in 2017

In December 2016, WordPress.org released a statement that they would start requiring SSL early in 2017. While they have not yet specified a date — because browsers are now treating websites as insecure without a certificate, getting an SSL certificate on your WordPress website even more important. CodeInWP.com recently determined that WordPress accounts for 27% of the websites hosted on the entire internet! Therefore, soon 27% of all websites will be required to have a certificate and if you’re reading this there’s a good chance your website is one of them!

Having an SSL Certificate Boosts your SEO Ranking

ahrefs.com, among many other sources online, describes that using HTTPS is one of many small pieces to the SEO puzzle. An SSL certificate on your website allows you to use HTTPS on your website without error. But ahrefs.com goes on to say, in that article, that how you implement SSL on your website is also important. Checkout ahrefs.com to learn exactly how to configure your blog for HTTPS in an easy-to-follow format that’s easy to understand.

Are There Different Types of SSL Certificates

  • Yes.

There are 3 different types of SSL certificates, as described by globalsign.com. Each type serves a different level of security and builds on the security provided by the one in the previous level.

Domain Validation (DV)

  • Level 1: Validation of the domain name only

Domain Validation is the most basic type of SSL certificate. This is also the least expensive option. Let’s Encrypt is a popular vendor for DV certificates (and they’re also free!). A DV certificate validates that the owner of the certificate has a right to use that domain name.

Organization Validation (OV)

  • Level 2: Additional validation of the organization

Organization Validation is the “middle tier” of validation for SSL certificates. This level of validation includes vetting of the organization itself.

Extended Validation (EV)

  • Level 3: Extended Validation of the organization

Extended Validation is the most strict validation of SSL certificates. EV certificates verify the physical existence of the certificate owner (usually by involving the physical mailing address in the vetting process) as well as validating the identity of the owner against official records.

Obtaining an EV certificate also verifies that the owner has exclusive rights to the domain name. EV certificates are usually the most expensive of the 3 types of validation.

What Type of SSL Certificate Do I Need

A certificate with Domain Verification (DV) is a great way to get your feet wet with SSL and let your readers know your website is secure. A DV certificate is sufficient for a simple blog (and if your webhost supports Let’s Encrypt, your certificate will be free!).

A certificate with Organization Validation (OV) tells your customers that your website actually belongs to your business instead of some phishing scammer. This type of certificate is good for small businesses. Typically, the browser will display a padlock in the address bar.

A certificate with Extended Validation (EV) is typically used by banks, hospitals, large retailers and anyone who wants the “green address bar” for maximum visibility of your website’s security.

Source: GlobalSign

Is a Free Certificate from Let’s Encrypt Good Enough

  • Technically, yes — if your platform requires SSL and you are not able to complete the Organization Validation process.
  • Otherwise, No — and neither are the DV certificates you have to pay for.

If — and this is a big “if” — you are not able to complete the Organization Validation for some reason then having a certificate with Domain Validation is better than no certificate at all. Essentially, you’re meeting the minimum requirements of Google Search SEO rules, and WordPress and you’re adding a very basic layer of security to your website.

Your website technically is not any safer than it would be without an SSL certificate.

DigiCert actually refuses to sell DV certificates because they do not consider them guaranteed secure. (Source: Domain Validation vs High Assurance). They point out that you don’t even have to get hacked for you, or your customers, to become a victim. A man-in-the-middle attack could potentially be used to gain access to your “secure” connection if you have anything less secure than an EV certificate.

The only other reason you should settle for a DV certificate is if you are not able to complete the validation process required for an OV certificate.

Where Can I Get an SSL Certificate

WP Like a Pro is a proud vendor of SSL certificates. We sell each kind of SSL certificate (yes, even DV certificates, for those who determine it truly is “good enough” for their website). We also offer “Wild Card” certificates. A Wild Card certificate is a single certificate that can be used for multiple sub-domains. If you don’t know what I’m talking about, you probably don’t need a Wild Card certificate. 🙂

Find your SSL certificate at our Client Portal that best fits your needs!

How do I Renew an SSL Certificate

Renewing your SSL Certificate is similar to renewing your hosting; You’ll receive an invoice when your next billing cycle is about to start with info to renew.

What problems could I face when I switch to HTTPS

Claire Brotherton, of A Bright Clear Web, explains some of the problems you could face when switching to HTTPS. If not done right, your blog could lose all of its social media share data, and Google Analytics referral data, because of the link change. There is also the potential for problems with 301 redirects and trying to use SSL via a Content Delivery Network (CDN).

Claire has done a great job of explaining how to work through some of those problems. Her suggestions are easy to follow and super important to us bloggers!

How to Install an SSL Certificate

No matter what environment your website is hosted on you must have bought an SSL Certificate before you can start. The only exception to that rule is if you’re settling for an SSL certificate from “Let’s Encrypt”. In that case, you must first verify that your webhost supports Let’s Encrypt.

  • Any SSL certificate that is FREE is most likely using Domain Validation (DV) only and is merely a formality to benefit SEO and minimum platform requirements and is not a good form of security.

DigiCert has put together a set of separate SSL instructions for an extensive list of web hosting environments.

How to Install an SSL Certificate on WordPress

If you choose to settle for a less secure DV certificate from Let’s Encrypt, you can use the free WordPress Plugin WP Encryptto generate a certificate. Be aware that some PHP modules are necessary, which your webhost may or may not allow, and that this plugin does not actually enable HTTPS for your blog.

The Really Simple SSL plugin gives you a way to install any certificate you’ve purchased and will even redirect all traffic to HTTPS for you.

How to Install an SSL Certificate on Blogger

If you choose to settle for a less secure DV certificate, Blogger offers free certificates to their users under their HTTPS settings. If you’re using a custom domain, you can enable HTTPS using CloudFlare CDN.

How Do I Add a Site Seal to My Website?

If you’ve purchased an SSL certificate with Organization Validation (OV) or Extended Validation (EV), your vendor most likely provided you with instructions on how to add the Site Seal to your website.

For WordPressers, you often need to paste an HTML snippet somewhere into your admin area. I would recommend using the Simple custom CSS and JSplugin, for WordPress. While my instructions for that plugin are specific to CSS, there is also an option in that plugin to add HTML snippets as well.

How Do I Know my SSL Certificate is Installed Correctly

There are tons of online tools to check that your SSL certificate is installed correctly, and is valid. Some of them even offer to remind you when your certificate is about to expire so you don’t forget to renew it.

But not all of these tools are recommended. A DV certificate is used to “secure” some of these tools (see “Is a Free Certificate from Let’s Encrypt Good Enough“) so you don’t know if you can trust them. Some of them will tell you everything is secure when, in fact, you are relying on a DV certificate.

That is why I recommend the thawte CryptoReport. It tells you if your certificate can truly be trusted and even offer information about a handful of vulnerability checks.

Can I Transfer an SSL Certificate to Another Hosting Account

  • Yes

SSL Shopper has a great guide for transferring certificates from, and to, a variety of web hosting environments.

How Will my Readers and Customers Know my Website is Secure

Websites that have an Extended Validation (EV) SSL certificate will show proof of identity right in the address bar.

While Organization Validation (OV) SSL Certificates do not turn the address bar green, they do display Organization information in the address bar to show the more thorough vetting of the OV certificate has taken place.

If your address bar only shows the word “Secured”, with no organization information, it is because the certificate only has Domain Validation (DV).

I Need Help with my SSL Certificate

There is a lot out there that we can learn about SSL certificates. That’s obvious just by scanning over this article. If you find yourself freaking out and not knowing what to do, that’s OK. I get it. This geeky stuff can be really scary, especially when words like security or hacker come up.

If you need a helping hand, I would be more than happy to assist in any way I can. Just drop me a line in the comments or contact me. Even if you just need a few questions answered to help you make the right choice about an SSL certificate for your website.

Conclusion

If you’ve found this article helpful, overwhelming, useful, or useless, I would really appreciate you telling me in the comments. All this information is too important for people like us to just glaze over and ignore — so help me make this resource the best we can by giving me your feedback in the comments!

Visit wplikeapro.com for More Tips and Guides About Blogging

Get more tips and guides about blogging and WordPress over at wplikeapro.com. Subscribe to our blog to learn about how we can help you succeed with a professional website!

Originally published on https://wplikeapro.com/ssl-certificate-ultimate-guide/.

Like what you read? Give Chris Nesbit a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.