An SSL certificate is absolutely necessary for anyone who wants to get the most out of their blog, or website, so I’ve written an ultimate guide for you here. We will cover the basic questions like “what is an SSL certificate?”, “why do I need one?”, “how do I get it?” and (literally) every question I could think of concerning SSL certificates.

SSL Certificate and HTTPS

I’ve researched my information from a variety of reputable sources to ensure that this is, truly, the SSL Certificate Ultimate Guide. I broke the information up into small, skimmable, bits of information to help you find the exact information that you need. So let’s get started…

SSL Certificate Giveaway
Enter to win 75% an SSL Certificate with Organization Validation (OV).

What is SSL and What is an SSL Certificate

SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. – SSL.com

SSL is what keeps your browser’s communication with a website private and secure and is absolutely necessary for sites that do banking or online payments of any kind. This includes blogs that have an eCommerce plugin installed.

Think of an SSL certificate as an electronic passport that ensures the webserver is who it says it is, and that the connection to that web server is secure.

Why is SSL Important

SSL is important because it builds trust. Knowing that your favorite brand has an SSL certificate on their website gives peace of mind that your personal information is safe to share with them. On the other hand, knowing that your favorite brand does not have an SSL certificate (or, worse, has one that is invalid) can cause you not to trust them with your personal information – perhaps to the point where you don’t feel safe shopping with them online.

#SSL certificates are important because they builds #trust. Click To Tweet

The reason your audience comes to you is because you have a purpose for your blog, a message to share with them. And they trust what you say. You owe it to your audience to give them a secure experience on your website.

SSLShopper.com also explains that SSL provides a form of authentication. Basically, an SSL certificate verifies that you’re connected to the right server (if you weren’t, your browser would know because the certificate would be invalid).

Browsers are starting to flag any website that does not have a certificate as unsecure. Did you read that? Go back and read it again.

Browsers are starting to flag any #website that does not have an #SSL certificate as #insecure. Click To Tweet

 This is just as big of a reason as any why SSL is important. As Troy Hunt has pointed out, [SSL] adoption has reached the tipping point … where it’s gathering enough momentum that it will very shortly become “the norm” rather than the exception”.

Without #SSL, your #customers and #readers will start seeing your #website as #insecure. Click To Tweet

WordPress Will Begin Requiring SSL in 2017

In December 2016, WordPress.org released a statement that they would start requiring SSL early in 2017. While they have not yet specified a date – because browsers are now treating websites as insecure without a certificate, getting an SSL certificate on your WordPress website even more important. CodeInWP.com recently determined that WordPress accounts for 27% of the websites hosted on the entire internet! Therefore, soon 27% of all websites will be required to have a certificate and if you’re reading this there’s a good chance your website is one of them!

Having an SSL Certificate Boosts your SEO Ranking

ahrefs.com, among many other sources online, describes that using HTTPS is one of many small pieces to the SEO puzzle. An SSL certificate on your website allows you to use HTTPS on your website without error. But ahrefs.com goes on to say, in that article, that how you implement SSL on your website is also important. Checkout ahrefs.com to learn exactly how to configure your blog for HTTPS in an easy-to-follow format that’s easy to understand.

Are There Different Types of SSL Certificates

  • Yes.

There are 3 different types of SSL certificates, as described by globalsign.com. Each type serves a different level of security and builds on the security provided by the one in the previous level.

Domain Validation (DV)

  • Level 1: Validation of the domain name only

Domain Validation is the most basic type of SSL certificate. This is also the least expensive option. Let’s Encrypt is a popular vendor for DV certificates (and they’re also free!). A DV certificate validates that the owner of the certificate has a right to use that domain name.

Organization Validation (OV)

  • Level 2: Additional validation of the organization

Organization Validation is the “middle tier” of validation for SSL certificates. This level of validation includes vetting of the organization itself.

Extended Validation (EV)

  • Level 3: Extended Validation of the organization

Extended Validation is the most strict validation of SSL certificates. EV certificates verify the physical existence of the certificate owner (usually by involving the physical mailing address in the vetting process) as well as validating the identity of the owner against official records.

Obtaining an EV certificate also verifies that the owner has exclusive rights to the domain name. EV certificates are usually the most expensive of the 3 types of validation.

What Type of SSL Certificate Do I Need

A certificate with Domain Verification (DV) is a great way to get your feet wet with SSL and let your readers know your website is secure. A DV certificate is sufficient for a simple blog (and if your webhost supports Let’s Encrypt, your certificate will be free!).

A certificate with Organization Validation (OV) tells your customers that your website actually belongs to your business instead of some phishing scammer. This type of certificate is good for small businesses. Typically, the browser will display a padlock in the address bar.

A certificate with Extended Validation (EV) is typically used by banks, hospitals, large retailers and anyone who wants the “green address bar” for maximum visibility of your website’s security.

Source: GlobalSign

Is a Free Certificate from Let’s Encrypt Good Enough

  • Technically, yes – if your platform requires SSL and you are not able to complete the Organization Validation process.
  • Otherwise, No – and neither are the DV certificates you have to pay for.

If – and this is a big “if” – you are not able to complete the Organization Validation for some reason then having a certificate with Domain Validation is better than no certificate at all. Essentially, you’re meeting the minimum requirements of Google Search SEO rules, and WordPress and you’re adding a very basic layer of security to your website.

But your website technically is not any safer than it would be without an SSL certificate. Allow me to explain…

Let’s Encrypt issues Domain Validation (DV) SSL certificates so the connection between your browser and the web server is secure. However, since only the domain is verified – and not ownership of that domain – your customers and readers have no way of knowings it’s actually your server they are talking to. The validation process of OV or EV certificates requires a third party to get involved – increasing the legitimacy of your certificate.

Using an OV or EV #SSL certificate requires getting a third-party involved in the #validation… Click To Tweet

Hackers could use the “secure” connection provided by a DV certificate to be a “wolf in sheep’s clothing”. They can do this because they don’t have to validate that they are you.

Your customers would think they are secure when they really aren’t. This false sense of security is more dangerous than not having a certificate on your website.

Hackers can use an #SSL certificate with Domain Validation be a wolf in sheep's clothing #Security… Click To Tweet

SSL Certificate with DV
Photo by debspoons

There’s only 1 scenario that makes a DV certificate “good enough”. If you can guarantee 100% success on these 3 points. all. the. time.:

  • The domain in your own address bar is always correct.
  • You will never ask your customers, or readers, for anything on your website or blog; including their email address (yeah subscribers!).
  • Your web hosting account and the server it’s hosted on will never get hacked (remember, server admins are human too).

If you cannot guarantee all 3 of those statements will always be true about your website, or blog, then you need to seriously reconsider using a DV certificate.

It boils down to your customers being able to trust you. I am not alone in this assessment of DV certificates: DigiCert actually refuses to sell DV certificates because they do not consider them guaranteed secure. (Source: Domain Validation vs High Assurance). They point out that you don’t even have to get hacked for you, or your customers, to become a victim. A man-in-the-middle attack could potentially be used to gain access to your “secure” connection if you have anything less secure than an EV certificate.

The only other reason you should settle for a DV certificate is if you are not able to complete the validation process required for an OV certificate.

Where Can I Get an SSL Certificate

WP Like a Pro is a proud vendor of SSL certificates. We sell each kind of SSL certificate (yes, even DV certificates, for those who determine it truly is “good enough” for their website). We also offer “Wild Card” certificates. A Wild Card certificate is a single certificate that can be used for multiple sub-domains. If you don’t know what I’m talking about, you probably don’t need a Wild Card certificate. 🙂

Find your SSL certificate at our Client Portal that best fits your needs!

How do I Renew an SSL Certificate

Renewing your SSL Certificate is similar to renewing your hosting; You’ll receive an invoice when your next billing cycle is about to start with info to renew.

What problems could I face when I switch to HTTPS

Claire Brotherton, of A Bright Clear Web, explains some of the problems you could face when switching to HTTPS. If not done right, your blog could lose all of its social media share data, and Google Analytics referral data, because of the link change. There is also the potential for problems with 301 redirects and trying to use SSL via a Content Delivery Network (CDN).

Claire has done a great job of explaining how to work through some of those problems. Her suggestions are easy to follow and super important to us bloggers!

How to Install an SSL Certificate

No matter what environment your website is hosted on you must have bought an SSL Certificate before you can start. The only exception to that rule is if you’re settling for an SSL certificate from “Let’s Encrypt”. In that case, you must first verify that your webhost supports Let’s Encrypt.

  • Any SSL certificate that is FREE is most likely using Domain Validation (DV) only and is merely a formality to benefit SEO and minimum platform requirements and is not a good form of security.

DigiCert has put together a set of separate SSL instructions for an extensive list of web hosting environments.

How to Install an SSL Certificate on WordPress

If you choose to settle for a less secure DV certificate from Let’s Encrypt, you can use the free WordPress Plugin WP Encrypt to generate a certificate. Be aware that some PHP modules are necessary, which your webhost may or may not allow, and that this plugin does not actually enable HTTPS for your blog.

The Really Simple SSL plugin gives you a way to install any certificate you’ve purchased and will even redirect all traffic to HTTPS for you.

How to Install an SSL Certificate on Blogger

If you choose to settle for a less secure DV certificate, Blogger offers free certificates to their users under their HTTPS settings. If you’re using a custom domain, you can enable HTTPS using CloudFlare CDN.

 

 

How Do I Add a Site Seal to My Website?

If you’ve purchased an SSL certificate with Organization Validation (OV) or Extended Validation (EV), your vendor most likely provided you with instructions on how to add the Site Seal to your website.

For WordPressers, you often need to paste an HTML snippet somewhere into your admin area. I would recommend using the  Simple custom CSS and JS plugin, for WordPress. While my instructions for that plugin are specific to CSS, there is also an option in that plugin to add HTML snippets as well.

How Do I Know my SSL Certificate is Installed Correctly

There are tons of online tools to check that your SSL certificate is installed correctly, and is valid. Some of them even offer to remind you when your certificate is about to expire so you don’t forget to renew it.

But not all of these tools are recommended. A DV certificate is used to “secure” some of these tools (see “Is a Free Certificate from Let’s Encrypt Good Enough“) so you don’t know if you can trust them. Some of them will tell you everything is secure when, in fact, you are relying on a DV certificate.

That is why I recommend the thawte CryptoReport. It tells you if your certificate can truly be trusted and even offer information about a handful of vulnerability checks.

If you’re testing a DV certificate, thawte will warn you:

This server uses a Domain Validated (DV) certificate. No information about the site owner has been validated. Data is protected, but exchanging personal or financial information is not recommended. – thawte CryptoReport

Can I Transfer an SSL Certificate to Another Hosting Account

  • Yes

SSL Shopper has a great guide for transferring certificates from, and to, a variety of web hosting environments.

How Will my Readers and Customers Know my Website is Secure

Websites that have an Extended Validation (EV) SSL certificate will show proof of identity right in the address bar.

SSL Certificate with Extended Validation (EV)

While Organization Validation (OV) SSL Certificates do not turn the address bar green, they do display Organization information in the address bar to show the more thorough vetting of the OV certificate has taken place.

If your address bar only shows the word “Secured”, with no organization information, it is because the certificate only has Domain Validation (DV).

I Need Help with my SSL Certificate

There is a lot out there that we can learn about SSL certificates. That’s obvious just by scanning over this article. If you find yourself freaking out and not knowing what to do, that’s OK. I get it. This geeky stuff can be really scary, especially when words like security or hacker come up.

If you need a helping hand, I would be more than happy to assist in any way I can. Just drop me a line in the comments or contact me. Even if you just need a few questions answered to help you make the right choice about an SSL certificate for your website.

Conclusion

If you’ve found this article helpful, overwhelming, useful, or useless, I would really appreciate you telling me in the comments. All this information is too important for people like us to just glaze over and ignore – so help me make this resource the best we can by giving me your feedback in the comments!


a Rafflecopter giveaway

Come back every day to earn more points and become the giveaway winner!

SSL Certificate Ultimate Guide to Secure Your Blog or Website
Tagged on:                     

27 thoughts on “SSL Certificate Ultimate Guide to Secure Your Blog or Website

  • February 10, 2017 at 9:55 am
    Permalink

    This is such a great post. I’ve been meaning to update to https:// and just haven’t bitten the bullet yet. Bookmarking for later. Thank-you so much!

    Reply
    • February 10, 2017 at 6:24 pm
      Permalink

      Glad you found this resource worth bookmarking! I would encourage you to subscribe to my blog so you will be notified of upcoming sales on SSL certificates!

      ~Chris

      Reply
  • February 10, 2017 at 9:56 am
    Permalink

    As a brand new WP user (just switched from Blogger to WP a month ago) who is struggling to figure things out, this is probably a helpful post. I’ll bookmark it for reading later.

    Reply
    • February 10, 2017 at 6:27 pm
      Permalink

      Hi Kim,

      If you’re, literally, just starting out with WordPress, checkout my blog post about how to choose your WordPress theme. you may find that one helpful as well! Also, I will be writing more WordPress-related posts in the near future so feel free to subscribe so you don’t miss them!

      https://wplikeapro.com/how-to-choose-your-theme-for-wordpress/

      Best of luck!
      ~Chris

      Reply
  • February 10, 2017 at 10:07 am
    Permalink

    So informative, in all honesty other than hearing the name I didn’t know anything about the SSL certificate x

    Reply
    • February 10, 2017 at 6:28 pm
      Permalink

      And now you have someplace you can go to get all your SSL Certificate questions answered. If you think of any that I didn’t address in this post, let me know! I’d be happy to help!

      Thanks for stopping by!
      Chris

      Reply
  • February 10, 2017 at 12:48 pm
    Permalink

    Awesome post, Chris.

    Well detailed enough! As someone who would love to give my blog SSL certificate in order to boost rankings and give my readers a sense of security, I found this post really helpful!

    No wonder you were featured on the Blogging Newbs group. You rock, man!

    Reply
    • February 10, 2017 at 6:34 pm
      Permalink

      Hey Emmanuel!

      Thank you for the compliment, it means a lot! The drawing at the bottom of this post would be perfect for your blog ($116 value, for only $29!!). Don’t forget to enter the drawing! Or you can subscribe to my blog so you won’t miss upcoming sales on SSL certificates.

      ~Chris

      Reply
  • February 10, 2017 at 9:50 pm
    Permalink

    I’ve never exactly paid much attention to SSL until now. Thanks for the very educational post about it. I had no idea that it was vital when you’re maintaining a website. It’s definitely a must to learn about this.

    Reply
  • February 10, 2017 at 10:05 pm
    Permalink

    Hi Elizabeth! Yes, it is so important. I’m glad you learned something!

    Thanks for stopping by!
    ~Chris

    Reply
  • February 11, 2017 at 7:43 am
    Permalink

    I wonder if the specific sign on the address of a website is a sign of how secure or not a website is? Thank you for good detailed information you’ve shared on this post. It’s indeed enlightening me.

    Reply
    • February 12, 2017 at 4:54 pm
      Permalink

      Rose, that is exactly right! Website’s with Extended Validation (EV) certificate have the green address bar with their organization name in the green bar (I have a picture of what that looks like in this post).

      Glad you learned something!
      ~Chris

      Reply
  • February 11, 2017 at 6:08 pm
    Permalink

    I never really given this much thought to be honest…thanks for the info x

    Reply
    • February 12, 2017 at 4:55 pm
      Permalink

      Glad I could bring awareness of this to you! Thanks for stopping by!

      ~Chris

      Reply
  • February 13, 2017 at 1:39 am
    Permalink

    I had no idea about this! I will be looking into this for my blog. Thank you for the very informative post!

    Reply
    • February 13, 2017 at 7:51 am
      Permalink

      Glad you could become informed. I would encourage you to participate in the giveaway at the bottom of this article – 75% off is a HUGE savings on an SSL certificate!

      ~Chris

      Reply
  • February 13, 2017 at 6:35 pm
    Permalink

    Interesting read, Chris. I’ve just installed Let’s Encrypt SSL on my site.

    Now I realise there’s a hierarchy of SSL. Will definitely bookmark this post for future reference.

    Do you know if you can install more than one certificate on a site?

    Reply
  • February 13, 2017 at 8:37 pm
    Permalink

    Hey Claire! Glad you learned something, I had no idea either until I started researching it.

    No, you cannot have multiple certificates on a single URL.

    But you can use a single SSL certificate for all the subdomains if you get one that supports Subject Area Name (SAN) or Wildcard.

    Let me know if you have any other questions. Thanks for dropping by!

    ~Chris

    Reply
  • February 14, 2017 at 2:45 pm
    Permalink

    Thanks for sharing the free complete tutorial guide. I’ve bookmarked your post for my reference!

    Reply
    • February 14, 2017 at 3:45 pm
      Permalink

      Glad you found this resource useful! If you have a question this post did not answer, feel free to ask. I’d be happy to find the answer for you!

      ~Chris

      Reply
  • February 14, 2017 at 9:57 pm
    Permalink

    This is a good resource, thanks for sharing it. Fortunately, my platform provides ssl

    Reply
    • February 15, 2017 at 3:09 pm
      Permalink

      Glad to hear, Sara. If you find that the SSL certificate they provide is not secure enough, let me know! I’d be happy to point you in the right direction.

      ~Chris

      Reply
  • February 15, 2017 at 2:08 am
    Permalink

    GOOD POINT OF SECURITY YOU KNOW, I HAVE NEVER REALLY THOUGHT OF THIS, WILL MAKE SURE TO GO AHEAD AND ACTIVATE MINE ASAP. THANKS FOR THE HEADS UP PAL..

    Reply
    • February 15, 2017 at 3:10 pm
      Permalink

      lex, glad I could help you become informed. Knowing is half the battle! Let me know how it goes.

      ~Chris

      Reply
  • February 15, 2017 at 12:55 pm
    Permalink

    This was a very informative post. With all the cyber security issues these days this is a timely and simple article.

    Reply
    • February 15, 2017 at 3:12 pm
      Permalink

      Thanks, Keith. You’re right, cyber security is becoming more and more of a big deal as cyber crime becomes more sophisticated. Unfortunately, bloggers like us are an easier target for the bad guys. That’s what makes this so important for us!

      Thanks for stopping by!
      ~Chris

      Reply
  • Pingback: Why I Moved My Site From HTTP to HTTPS - And You Should Too - A Bright Clear Web

Leave a Reply

Your email address will not be published. Required fields are marked *