Article topics

Your WordPress website will soon need an SSL certificate

Mark Tomkins

Here’s why.

In this article, we’ll cover;

  • What an SSL certificate is
  • Why your website will need one
  • How you will benefit
  • What happens if you don’t have one
  • How to get one and what it costs


What is an SSL certificate?

An SSL certificate is an encryption tool that makes sure all the data sent between a website and a browser is secure and can’t be deciphered if intercepted. For example, it’s what eCommerce websites use to encrypt your credit card details.


Why will your website need one?

Back in September 2016 we reported that a recent update to the Google Chrome browser that meant it would start to flag websites that did not have an SSL certificate.  Google’s reasoning was simple –the level of verification required to have an SSL by the website owner indicated that the business cared for the users’ data. It had the added benefit of protecting users against the website delivering viruses and Trojans, if the website had been hacked. You can read more about it in our previous article here.

We reported that Google would also start to prefer websites that had SSL protection in its search results over those websites that did not have one. Over the last few months this has been shown to be true and that Google is indeed preferring (and therefore ranking higher) sites that are SSL protected (e.g over those that are not.

Read Google’s own blog on the subject here.

In addition to this, Matt Mullenweg, the founder and CEO of the  company that owns the WordPress website framework, announced on 1 December that new updates to WordPress due out in early 2017 will be geared towards sites having these SSL certificates, to improve website security and also new features.


How will you benefit?

For WordPress websites, the reasons are threefold:

  • WordPress is the world’s most popular CMS framework for websites and so is an obvious target for hackers – adding default SSL protection significantly reduces this risk.
  • Better API authentication – this means that when you integrate your website with other sites and services (such as pulling a feed from Twitter or a news source) there’s better protection for your website from the receiving data.
  • Most host servers are updating their core language version of PHP (the language most websites are built in) and with the latest version (7) will come with native improvements that will only work within an SSL environment.


Better experience = better conversion

For all website, as importantly (but less technical), it improves your website users’ experience. If a user visits a website that clearly shows that you care about their data and are actively maintaining the site to support their privacy and safety, they are more likely to become a customer and, better yet, stay one.

Additionally, but whilst there is no prescribed timing, you will also start to benefit from better ranking on Google against those sites that are not https.


What happens if I don’t have an SSL installed?

If you choose not to have an SSL installed on your website, aside from you not benefiting from the possible improvements in Google search results, your website will still function. However, with each incremental WordPress or plugin update, you will start to see warnings in the admin area requiring your attention and eventually the website will start to lose some functionality, although WordPress themselves aren’t clear at this stage what and when it will be.

Additionally, Google Chrome, along with other browsers, will flag your site as being unprotected.


How do I get one and how much will this cost?

If you have a WordPress website, in 2017 when the new build of WordPress is released you will need to update the site (or have your web hosts or developers do this for you). Once done, it’s recommended that you ask them install a good quality SSL certificate on your website. Typically a rapid SSL will suffice for most websites.

In some cases, some very simple coding will need to be done to tell Google that the pages it has in its index (e.g are now on but this won’t take long. We call this ‘htaccess’ coding.

Typically, it will add £99 + VAT per year to your hosting package (this is Aubergine’s pricing for all standard rapid SSLs).


How long does it take?

About 2 hours and will require that you have access to your email control panel. SSL certificates are issued against a few simple domain email addresses to assist in the proof of ownership. These are typically, webmaster@yourdomain, ssladmin@yourdomain, or admin@yourdomain


In summary…

It’s worth remembering that WordPress is a free open source CMS framework and allows developers to design and produce amazing websites to help you run your business, without the cost of creating a website management system from scratch. The investment of an SSL certificate on an annual hosting package is your commitment to making sure that your customers that visit your website are protected.


Put another way, it’s a bit like locking the office door when you leave at night rather than just pulling the door to.


If you would like to talk to one of our developers about how to get an SSL on your WordPress website, call us today on 01525 373020 or send us your details here and one of the team will get back to you the next working day.