SSL: What is it and why do I need it?

An SSL certificate is a small data file. It binds a so-called cryptographic key in digital form to the details of an organization. Once the file is installed on a web server, the https protocol is activated, allowing a secure connection between the web server and the browser.

As mentioned at the beginning, such a SSL certificate is useful in several ways. So that you are really convinced, here are the advantages at a glance:

 

1) Legal protection

Since the introduction of the DSGVO an SSL certificate is mandatory. It protects the data of your users and you from warnings.

 

2) Security for visitors

Because the connection to the website is secure, your users' login or form data, for example, are protected.

 

3) Performance optimization

The prerequisite for the new and faster web standard HTTP/2 is SSL. This of course has an excellent effect on the Performance from your side.

 

4) Trust

Most browsers warn users of unsafe content if a web page is not yet SSL encrypted. With a certificate, the green lock in the address bar indicates security. This creates trust.

 

5) Ranking factor

Of course, Google prefers to play secure pages. So if you are serious about search engine optimization, you will not be able to avoid an SSL certificate.

 

Switch WordPress to HTTPS in 5 steps

 

Step 1: Install SSL Certificate

The first step is to install an SSL certificate on your server. Hosting providers like Raidboxes* support the free Let's Encrypt There you can install the certificate with just one click and don't have to pay anything extra. The SSL certificates are also free at STRATO and webgo.

 

If your host does not support Let's Encrypt, you will need to install a paid certificate - for example the one from RapidSSL. The costs here are about 15 to 40 Euro per year. The best thing to do is to contact the support of your host; they will set up the certificate for you.

 

If you have your WordPress site hosted on a vServer or Dedicated Server, you will probably have to install the certificate yourself. Since the procedure is not consistent, it is best to contact the support team.

 

Step 2: Change website address & update permalink

Once the SSL certificate is installed on the server, you should change the WordPress URL and website address. To do so, log in to the dashboard and navigate to the Settings section → General. In the two fields WordPress address and website address, simply add the "s" behind the "http". Now save the permalink under settings → Permalinks. This way they will be updated and no 404-errors will be displayed while browsing through your posts and pages.

 

Step 3: Prevent mixed content

After the permalink update, your page will be accessible again, but internal links and co. still point to the HTTP URL. Also, the URLs are not yet updated in all plugins. The result is a so-called mixed content warning, because parts of your WordPress page are still loaded over the insecure HTTP connection.

 

Because manually replacing URLs in the database is not a snap, we recommend that you use a plugin like Better Search Replace to fall back. Super fast is the problem also with the extension SSL Insecure Content Fixer solved.

 

Step 4: Set up redirects

To prevent your site from being accessible via both the secure HTTPS and the insecure HTTP protocol, you need to set up a 301 redirect. Access your FTP server and put the following code in the .htaccess file (located in the WordPress directory):

 

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

 

It's even easier with an SSL plugin

You want to save steps 2 to 4? Then the plugin "Really simple SSL" is about to switch your WordPress page to HTTPS in no time at all. Just install a SSL certificate and then the plugin. Once you activate it, the extension will do the rest. It couldn't be easier.

 

Further actions after SSL conversion

Search Console: Unfortunately, the changeover to HTTPS is not quite done yet. Because the URL cannot be easily changed in Google's Search Console, you have to submit the property completely new. This also applies to the sitemap.


You want to know how to create a sitemap? This wayPlease.

How to connect your WordPress page with the Webmaster Tools, you can find out here.


Analytics: You also have to enter the new URL at Google Analytics. This can be done easily via Administration > Property Settings. There you can change the default URL.

social media & co: Do not forget to change the URLs stored on your social media profiles. If you are listed in business directories, you should also enter the new HTTPS URL there.


By the way: After switching your site to HTTPS all your Facebook shares are gone. To get them back, we recommend the plugin Social Warfare*.

*Affiliate link

About Christian

My name is Christian and I am co-founder of the platform fastWP. Here in the magazine I am responsible for the more "technical" topics but I like to write about SEO, which has been my passion for over 10 years now.

Leave a Comment

Your email address will not be published. Required fields are marked *

en_GB