As of summer 2018 Google Chrome started to show websites as “Not Secure” if they do not provide a HTTPS connection.
In the past few years the price for an SSL certificate has dropped significantly and so has the ease in which they can be deployed. For those of you who don’t know what this is or where to get one, we can help. We’re going to define what an SSL/TLS certification is, how it can help your site, and where you can get one for free.
What is an SSL/TLS Certification?
SSL is an abbreviation for Secure Socket Layer, and TLS stands for Transport Layer Security. You’ve most likely seen the end product of these encryption tools. When you go to a website, you may have noticed that the website started with http:// or https:// with a little green padlock, and these are the end products of a SSL/TLS layer we mentioned earlier.
This layer helps to make an encrypted link that connects your customer’s web browser and your website. It streams any data that may exchange between the two in a secure manner, and it blocks out any third-parties from looking at or stealing the information.
If your website doesn’t have a SSL/TLS layer and has an unsecured http:// layer, any third parties can view and take the information that passes between the two sites. This can lead to data breaches if information like usernames, passwords, or credit card numbers pass from your customer’s browser to your site.
The Difference Between SSL and TLS
SSL is the predecessor to today’s TLS certification. Netscape debuted SSL in 1995, and it was originally called SSL 2.0 (SSLv2). This encryption software was upgraded and replaced in 1996 by SSL 3.0 (SSLv3) when Netscape found several large vulnerabilities and holes.
SSL 3.0 was the main encryption tool until 1999 when TLS was debuted. It was marketed as the newest version of SSL, and the TLS encryption tool was heavily based on SSL 3.0’s encryption tool. Today, TLS is currently on TLS version 1.2 and 1.3. It is important to note that you don’t have to dump your SSL certification for a new TLS certification. They’re both valid and accepted, and most people tend to use the term SSL certification as an umbrella term to cover both TLS and SSL certifications because it’s more familiar.
Why You Need a SSL/TLS Certification
In the past, you may not have needed to worry about have an SSL certification with your website. However, as more people started exploiting loopholes to weak encryption, Google started to take it seriously. In 2014, they informed webmasters that SSL was going to be incorporated in as one of their ranking factors. Trying to give your websites a boost to get them high rankings with Google is an insanely competitive market, and having an SSL certificate for your website is a quick and easy way to accomplish this.
In 2017, Google went a step further to ensure that more webmasters complied with having a securely encrypted security layer. They released a statement announcing that that would mark “any sites that begin with http:// that collect passwords or credit card numbers as not secure.”
As you depend on a healthy website traffic flow to keep your page ranking higher on Google and bringing you income, this is the last thing you want people to see when they click on your website. It’s enough to drive your potential customers away for fear of identity theft or a data breach.
Different Types of SSL/TLS Certificates
There are three common types of this encryption certification available, and each one does something slightly different for the website it protects.
Domain-Validated SSL (DV)
A domain-validated SSL certificate is the most common type available. They’re also commonly referred to as a low assurance certificate, and they’re known as being the standard type of SSL certification vendors issue. This type of certification comes with automated validation, and it only makes sure that the specific domain name is registered and that the administrator approves the SSL certification request.
The webmaster can confirm this type of validation by configuring a DNS record for the specific site or by email. It takes anywhere from a few minutes to a few hours from start to finish, and it’s better suited for internal systems.
Organization-Validated SSL (OV)
An organization-validated SSL certificate is another common type you’ll see a lot. This type of certification is commonly called a high assurance certificate. The validation process is more involved, and actual agents are required to validate the domain’s owner along with information about the particular organization. This includes the organization’s name and address including the state, country, and city.
This certification has a slightly longer processing time because the agents will require proof of all of this information, and it can take anywhere from a few hours to a few days to complete from start to finish. Business and companies are the entities that use this type of encryption certification the most.
Extended Validation SSL (EV)
This is the newer type of SSL certification, and it has one of the most in-depth validation processes available. When you get this type of certification, agents will check that the business is a working, legal entity. You’ll also have to provide them with proof that you own the particular domain.
However, if you do all of this and get this certification, your website will display the green padlock that represents security. It can boost your customer’s confidence that everything is encrypted and secure. This can take a few days to a few weeks to complete, and it is recommended for all e-commerce businesses.
SSL/TLS Certifications for Multiple Properties
If you get a single-name SSL certification, but you have multiple domains to protect, it’ll only work on one. For example, if you got a single-name SSL for cookietime.com, it wouldn’t secure baking.cookietime.com.
Multi-Domain SSL Certificates
This type of certification can simultaneously protect upwards of 210 different domains under a single SSL certification.
Wildcard SSL Certifications
This type of certification lets you secure an unlimited number of subdomains that all come from the same root domain under one SSL certification. For example, you want to secure wwww.cookietime.com and any subdomains you may have. You can use the Wildcard SSL certification with the request of *.cookietime.com listed as the site’s common name. This Wildcard certification would then protect www.cookietime.com, baking.cookietime.com, and so on.
What a SSL/TLS Certification can do for Your Website
There are many benefits to having a SSL/TLS certification, and we’ll talk about the most common ones.
You also get authentication in addition to security with a SSL/TLS certification. It ensures that you’re sending your information a legitimate server and not someone who is trying to steal your information. Your customers will be sending their sensitive information across the internet and through several different computers, and any one of these several computers could be an imposter that tries to trick them into giving out their sensitive information.
When you have a SSL/TLS certification in place, any sensitive information is unreadable by these other computers, and this protects their information. You won’t have to worry about your customers having a data breach when they use your site because that’s a fast way to lose business and sink in the ratings.
Payment Card Industry (PCI) Compliance
If your customers purchase things from your site or if they input their credit card information for any reason, you’re required by the Payment Card Industry to have a SSL/TLS certification to stay in compliance. This is one of the audits your site has to pass in order to take and handle sensitive credit card information.
The biggest and most obvious reason why you’d want to have a SSL/TLS certification is increased security. It encrypts any sensitive information that you or your customers send across the internet so only the person you intend to read it can. This is extremely important because any information you input travels from browser to browser until it reaches the destination server.
If your information doesn’t have this encryption, any computer that is between your starting point and the destination server can see all of your information as it travels along. This includes passwords, social security numbers, credit card numbers, and usernames. When it is encrypted, it’s unreadable to everyone except the destination server, and this can prevent things like identity theft.
Today, browsers and websites give visual cues that quickly let your site’s visitors know that it’s secure. These visual cues come in the form of the green padlock or a green address bar. If your customers trust your website, they’re more liable to purchase items or products from it.
It can also help to prevent common phishing attacks. A phishing attack occurs when someone sends your customers an email and falsely claims to be your company in an attempt to get your customer to go to their website by clicking on a link in the email. As you can’t duplicate a SSL/TLS certification, your customers will be less likely to fall into this trap.
WordPress Hosts That Offer Free SSL Certificates
Many dedicated WordPress hosts also offer a free SSL certificate. Starting up a website involves a lot of additional costs that most people don’t think about. In an effort to save some money, some owners will forgo the SSL altogether. As you can probably guess, that tends to lead to a host of security issues. Not just for yourself but also for your visitors.
Ever since Let’s Encrypt was established, free SSL certificates became more accessible to the masses. The non-profit set out to make the Internet a safer place to browse. It quickly gained support from some major tech companies.
Today, it’s not uncommon to see WordPress hosting provider offering a free Let’s Encrypt SSL certificate with their plans. It’s a nice little perk that’s often used to attract new customers. Depending on the hosting company, it may be offered during your first term or throughout the length of service. Whatever the case may be, the provider makes is much easier to take advantage of what the certificate has to offer.
Usually, installing an SSL certificate is not something that your average Internet user can do. It requires some coding knowledge. Also, you must make adjustments within the server system settings. WordPress hosting companies take care of all that for you. When you purchase a plan with a free SSL cert, it comes with your hosting account and can be set up within the provider’s control panel.
Check out the following WordPress providers that offer a free SSL certificate. They take all the hassle out of making your site secure and safe for browsing.
Bluehost offers a range of WordPress hosting plans to suit anyone’s needs. They cost only a few bucks per month. Despite the low fees, the plans come with a free SSL certificate and free domain. The SSL certificate comes with all of the plans. Because the plans are managed, Bluehost will also take care of software updates to ensure that all security features are up to date.
Currently, all of HostGator’s WordPress hosting plans also come with a free SSL certificate. It offers industry-standard protection and is recognized by most browsers. The cool thing about HostGator is that you can easily upgrade your certificate for something more robust if you need it. The premium certificates come with warranties, higher domain limits, and more.
SiteGround is another heavy-hitter in the industry. Like its competitors, SiteGround offers a free SSL certificate with every single WordPress Hosting plan. It’s a standard Let’s Encrypt certificate that offers ample protection from online threats. It can be installed and configured within cPanel for versatility.
DreamHost may be a lesser-known hosting provider. However, the company has been making a splash recently for all the great features they’re offering. A free Let’s Encrypt SSL certificate is included with every single one of the company’s plans. Currently, they offer everything from shared to dedicated hosting plans. You can upgrade to a premium SSL certificate but, it offers similar levels of protection as the free version.
WPEngine is a hosting provider that was purpose-built to work alongside the WordPress platform. The available hosting plans are completely managed for simplicity. One aspect that’s automatically installed is the free Let’s Encrypt SSL certificate. It comes with every plan and can be enabled in only a few minutes.
InMotion Hosting offers a unique alternative to the standard Let’s Encrypt certificate. The company includes a free AutoSSL certificate with every account. Basically, the AutoSSL will install a free SLL certificate on every domain that doesn’t have one. Like most providers, you do have the option to choose the SSL certificate that’s right for you. Enabling the certificate is fairly easy. It can be done on the “Manage Free SSL” menu within the AMP control panel.
LiquidWeb offers several different hosting options as well. The managed hosting plans are ideal for those who want a hassle-free hosting experience. The company will take care of all the details. Updates to the WordPress platform are done automatically. There’s also a free automatic SSL certificate thrown in for good measure.
Known for its environmentally conscious approach to web hosting, GreenGeeks is an excellent option for any site. In addition to providing some great hosting features, a free SSL certificate is added as well. You can enable the certificate within the primary account settings window. Just go to the “Security” menu, click on “SSL Certificates” and add your free product.
Using the Bluehost Free SSL Certificate
Bluehost is one of the most popular WordPress hosting companies in the world. Like most providers, Bluehost gives you the opportunity to use the SSL certificate of your choice. While they do provide one for free, it’s disabled by default just in case you have another certificate you wanted to use. So, before you can take advantage of the security benefits, you’ll need to enable the certificate for your sites.
To do this, navigate to the “My Sites” menu on the sidebar. Various horizontal tabs should pop up. Click on the one labeled, “Security.” Here, you’ll find a section called “Security Certificates.” This is where all of your available certificates will be listed. By default, the “Free SSL Certificate” option should be switched off. To enable it, just click on the switch. It will then be active. That does not mean that it’s installed on your website yet. That’s an entirely different step, which we’ll get into a bit later.
Using the HostGator Free SSL Certificate
HostGator is another hosting powerhouse that happens to offer a free SSL cert to all customers. Enabling and using your free Let’s Encrypt SSL certificate is a bit different at HostGator. The certificate is automatically installed after your domain is pointed toward the hosted data. It may take some time, but the process is automatic and virtually foolproof.
You can check on the status of the SSL certificate by visiting the “Hosting” menu on the main HostGator Portal. This window contains a list of all your SSL certificates and provides you with a simple status indicator. The list also has some information about expiration dates to help you stay on top of things.
Once the certificate is active, you can tell your sites to use it. This can be done within the “Settings” menu on the main menu portal. Click on the “General” submenu. Now, scroll down until you see your website URL. You should notice that the URLs start with “HTTP.” Change this to “HTTPS” and save. This will force the site to use the SSL protocol and secure your site.
Setting Up Your Free SSL Certificate in WordPress
Enabling the free SSL certificate you get from your host is only one step of the process. SSL certs work to reroute traffic and encrypt the connection. It’s not a simple process by any means. Installing the certificate can take several hours to complete. Even after that, you may have to perform some manual work to make things run smoothly.
The first step is to install the certificate and change your site’s settings to use the HHTPS connection. This can be done manually. However, the easier alternative is to use a WordPress plugin. Really Simple SSL is one of the most efficient SSL plugins available. Once you have your SSL enabled, you can download and install the Really Simple SSL plugin to install the certificate in one easy step.
Once the plugin is activated, it will automatically check to see if the certificate is activated. You can then get more in-depth information about your SSL connection through the “Setting” menu on the side.
Using Better Search Replace Plugin
The next thing you’ll need to do to set up your free SSL certificate is to make sure that every URL is using the HTTPS protocol. Sometimes, visitors can visit your site through an older HTTP link that they might have saved. This can prove to be problematic. While the main domain connects through the secured line, smaller subdomain URLs can still pose some problems. In most cases, browsers will still tell users that your site is unsafe. Even if you have the SSL certificate active on the main domain, a single unsecured URL can be a major vulnerability.
To ensure that your site is as safe as possible, you need to fix all of your URLs to use HTTPS. You can do this manually through your browser’s inspect tool. However, the process could take hours to complete. Plus, you have to pay attention to more than just the basic page URLs. Every piece of content in your WordPress database will need to be fixed. This includes all images, embedded content, miscellaneous data, and so much more. When you factor all of these small details in, you might want to consider using another plugin.
Better Search Replace is a handy little plugin that will take care of hours of work in just a few minutes. Basically, it searches for unsecured HTTP URLs and replaces them with the appropriate HTTPS version. To use the plugin, simply download it from the WordPress site and activate it. You can find the Better Search Replace page on the left sidebar. Just click on “Tools.” The Better Search Replace tab should pop up and display a few options.
The two main features you’ll be dealing with are the “Search For” and “Replace With” windows. In the “Search For” window, type in your old URL with HTTP. Then, implement the HTTPS link into the “Replace With” window. As the names would suggest, the plugin will find all instances of the normal HTTP link and replace them with the correct version. All this is done with a press of the “Run Search/Replace” button.
Where to Get a SSL Certificate for Free
There are several places where you can get a SSL/TLS certification for free for your website, and we’ve listed the best ones below.
The Linux Foundation collaborated with the Internet Security Research Group to create Let’s Encrypt. It gives your site a free domain-validated SSL/TLS certification, and you can set it up to automatically renew. This allows you to skip manually renewing, installing, and verifying the certificate each year.
CAcert Free Certificate Authority
CAcert has a variety of free SSL/TLS certifications available, but you do have to meet with a CAcert volunteer face-to-face to review your government-issued identity documents. Depending on which certification you get, they expire every six months, 12 months, or 24 months and you have to meet with the CAcert volunteer each time you renew it.
If you want to experiment with SSL, Comodo offers you 90 days of free SSL/TLS certification before you either drop it or purchase it from them. It sets up in minutes, and it comes with the highest-strength 256-bit encryption possible. Also, all of the main browsers like Chrome, Internet Explorer, and Firefox recognize Comodo SSL/TLS certificates.
Cloud Flare is a security and a CDN company that offers universal free SSL/TLS certification. It is very user-friendly, and it sets up in under five minutes. Currently, Cloud Flare has many popular sites that use its certification including Reddit, Mozilla, and Yelp to name a few. If you have an account with Cloud Flare, but it’s not active with SSL yet all you have to do is log in, choose which you want to SSL/TLS enabled, hit the Crypto icon, make sure you have a flexible configuration, and wait for it to go live.
SSL is another SSL/TLS certification company that offers you 90 days free SSL/TLS certification for your website. It is domain-validated and automated, and it sets up in minutes. This company’s SSL/TLS certification is accepted by 99.9 percent of browsers and websites. It also comes with unlimited server licenses, business-class validation and encryption, and more. At the end of the 90 day trial period, you can either switch to a free company or purchase one through this site.
SSL For Free
SSL For Free is another site that gives you a free SSL/TLS certification for your site. It runs on Let’s Encrypt’s ACME server, and it uses automated domain validation to give you your certification. Again, this takes just minutes to set up, and it’s good for an entire year before you have to renew it.
If you have a personal website or a blog, StartCom will give you one unlimited domain-validated SSL/TLS certificate completely free. All you need to do to get this free certification is to validate that you own the domain. This can take a few minutes or a few hours at the most, and you can validate it over email. Once you do, it’s good for an entire year before you have to renew it.
WoSign is another very user-friendly site that gives domain owners free SSL/TLS certifications. These certifications are good for two years before you have to renew them, and they use automatic authentication, so they’re up and running in a few minutes. It’s widely accepted by many reputable browsers as well, and you can request your certification through email.
SSL/TLS certifications are extremely important for anyone who runs a website. Not only can they give you a ratings boost in Google’s search rankings, but they can make your customers feel more secure as they use your site. You’ll get the peace of mind that comes with knowing that any sensitive information that is transmitted to and from your site is secure and safe from data breaches and identity theft. They’re completely free, and you have nothing to lose by having them.
Latest posts by Jamie (see all)
- The Best Dropbox Alternatives for 2020 Guide - April 3, 2020
- 13 Best Blog Name Generators - March 30, 2020
- The Best Standing Desks 2020 – Detailed Buyers Guides and Reviews - March 25, 2020