WordPress SSL for Managed WordPress

SecurityCategory
4 min read
Christopher Carfi

First things first: if your Managed WordPress site isn't secured with SSL, you kinda need to get on it. If you're doing WordPress commerce, you want SSL. If you want your site visitors to have an increased level of confidence in your site, you want to secure it with SSL. More recently, Google even announced that SSL was going to be a ranking signal used in determining where a website shows up in search results. It's kind of important.

old-way-of-doing-wordpress-ssl

It used to be a pain to secure a site with SSL. You needed to get an SSL certificate, then download it, then install it on your WordPress server, then modify configuration files, then scrawl all sorts of arcane runes into the floor with chalk while lighting candles and chanting and wearing robes and such and the neighbors would look at you funny and whisper and surreptitiously point and it was kind of embarrassing.

Ahem. Let's just say it was a difficult experience.

Thankfully, things have progressed significantly since then. Adding SSL to a Managed WordPress site has become a point-and-click experience. Modern Managed WordPress hosts, including GoDaddy, enable you to do it with just a couple of clicks. How do I know? I just did this on my personal WordPress demo site. Here's how to do it.

orange-ssl-logos

First, get yourself an SSL certificate. That part is easy.

Next, go into your account where you manage your Managed WordPress hosting, SSL, domains and other goodies. Usually that's at https://mya.godaddy.com. Click on "SSL Certificates" to manage the certificate. Also easy.

ssl-certificate-configuration

Here's where the big change from a couple of years ago comes in. Remember all that configuration you needed to do, cutting and pasting and sort of hacking around inside configuration files? You don't need to do any of that anymore. All you need to do is click the Managed WordPress domain you want to associate with the SSL certificate.

ssl-certificate-setup

From there, you need to wait for just a few minutes. (For this example, it took about five minutes for the verification to come through. Quick and painless.) The configuration system verifies that you are the person responsible for both the SSL cert and the domain, associates the certificate with the domain, and does the WordPress configuration to set Managed WordPress up to handle the SSL connections, all automatically.

The meter will head up to 100%. After the verification and validation are done, you are good to go. The Managed WordPress site now shows it is SSL enabled.

green-ssl-https-lock

SSL is now enabled, with no fiddling with configuration files required.

How come pages sometimes won't show the SSL lock icon?

One of the things that happens sometimes when adding SSL to an existing site is that some pages show an error in the SSL icon in the browser bar, while other pages show the SSL lock correctly.

Double-you. Tee. Eff.

While there may be a number of causes for this, a common cause is if the page includes external resources, such as images or JavaScript libraries, that are linked insecurely. If those external resources are linked using http:// instead of https://, the page will have issues.

linking-only-http

Fortunately, this common issue is easily resolved. If the resource is available using https://, simply re-link to the resource using the https:// protocol.

linking-with-https

While SSL was relatively difficult to deploy in the past, improvements such as the ones shown here have made it so that there's really no excuse any longer. Simply put, you should be using SSL. It's now a three-step process:

  1. Get a cert.
  2. Attach it to your domain.
  3. Profit!

With all of the benefits such as increased trust and improved online presence, and none of the downsides, adding an SSL cert to your site needs to be on your list. It takes just a couple of minutes and is easy to do. So go do it.