Wordpress Security Part 1 - SSL Certificates

in #security6 years ago


Source

What is SSL?

SSL stands for Secure Socket Layers and it provides a method of encryption and an authentication protocol through security certificates. It not only protects your data from unauthorised access, but that of your site visitors. A secured website will use the https protocol in the URL with a locked padlock in all browsers.

If you click on the padlock your browser of choice should provide you with information regarding the certificate. In my case, here is what Google Chrome says about my SSL certificate on my personal blog:

You not only want such a certificate, you NEED one. Google, scores websites with SSL certificates much higher than those without.

How do I get an SSL certificate?

While there are paid solutions offering liability protection in the event of a data breach, Let's Encrypt offer a totally free solution. Many hosting services provide support for installing SSL certificates from Let's Encrypt via their cPanel or domain manager of choice. Here is the page for my hosting provider, Dreamhost.

If your hosting provider does not fully support Let's Encrypt, there are ways of adding the SSL certificate via shell access, but that is beyond the scope of this post.

I have my certificate, now what?

As with most things Wordpress, plugins come to the rescue. While there are several, I use One Click SSL - available in the plugin repository. It has over 10,0000 downloads and an average score of 4.5 stars out of 5.

Once downloaded to your Wordpress installation and activated, you will be provided with a One Click SSL tab in the admin menu in the left hand column. Click on that to open the simple setup page.

As the instructions state, follow the two steps to enable SSL on your Wordpress site. Once enabled you will then have the following page open up under One Click SSL.

As you can see, the plugin correctly identifies my Let's Encrypt certificate and tells me it's valid and the expiry date.

It expires? Do I have to keep doing this?

Let's Encrypt certificates are valid for a period of three months. You need not worry though, as they automatically renew 30 days before expiration. Once a new certificate is issued One Click SSL updates its details for you in your Wordpress back-end. As part of my hosting services via Steemblogs.club - announced yesterday - I will add Let's Encrypt certificates to all new domains, ready for the user to enable on their new Wordpress blogs.

Posted from my blog with SteemPress : https://www.muxxy.co.uk/wordpress-security-part-1-ssl-certificates/

Coin Marketplace

STEEM 0.22
TRX 0.27
JST 0.041
BTC 104021.29
ETH 3869.26
SBD 3.33