Recently I read a book “The Art of Invisibility” by Kevin Mitnick, a well known hacker and security expert. In one of the chapters he talks about how important it is to secure your website with an SSL certificate. Have no clue about what I am talking about? When you visit a website on your browser, you would’ve seen a green padlock icon before the URL. The green lock signifies the presence of an SSL certificate and websites that have them often start with “https://“
In this post, I am going to explain what is SSL? why is it essential for your website/blog? And, how to install one for your website/blog for FREE.
Note: These steps don’t work for blogs that are created within Blogger/Wordpress.com as they themselves come with an SSL certificate by default. This tutorial is for those who’ve self hosted their website/blog.
What is an SSL certificate?
Rather than telling you what is an SSL certificate and how it works, I have attached a 1-minute video:
Why do I need SSL for my blog?
An SSL certificate acts as an added layer of security for your website. It protects your domain from DDoS attacks. With the number of cyber threats increasing day-by-day, adding an SSL would be a great advantage.
Better SEO ranking in Google
Google has now started ranking websites based on the availability of SSL. If you have an SSL certificate installed on your domain, there are more chances for your website to have a higher rank in Google.
Badge of Trust
A green padlock icon always earns a sense of trust among the visitors.
Getting your FREE SSL Certificate
WARNING: The below mentioned steps were performed on a trial and error basis. I followed several online tutorials and articles to get this done. This article is to give you an overview of how easy it is to obtain an SSL certificate for your blog. If you mess things up when you’re on the way, reach out to your domain registrar and hosting provider for support.
There are several options to get free SSL. One of the simple and effective way is getting it through Cloudflare. The free account of Cloudflare provides you basic protection against DDoS attacks and also offers you a free shared-SSL certificate for your domain.
To start with, create a account in Cloudflare and choose the FREE plan.
- Once you have logged in, enter the URL of your website.
- Cloudflare will scan for a while and will give you DNS addresses. It would look something like this:
- Now head to your domain registrar. Let’s say you have bought the domain from GoDaddy. In that case log into your GoDaddy account.
- Click on your domain name and select the Manage DNS option.
- Click on Add Record button and add the following nameserver information.
- Make a note of the old DNS records and delete them.
- Now, Cloudflare will be your default DNS.
- If you complete this step, you’re done with 70% of the SSL setup.
The next step is to choose the SSL type from your Cloudflare account.
- Log into your Cloudflare account and select SSL type as Flexible.
- Check whether SSL is in active state.
Now head to your hosting provider’s account (let’s say you’ve hosted your website in Bluehost or Hostgator) and log in with your cPanel credentials. Once you’re in, select Cloudflare from the dashboard and login using your username and password.
Once that is done, the last and final step is to make changes to your WordPress account.
Log into www.yourdomain.com/wp-admin using your username and password.
Head to Plugins section on the left sidebar and select the Add New option.
In the screen that follows, you will see a wide range of plugins. Type Really Simple HTTPS on the search bar and install the plugin.
Once installed, click on Activate and the plugin will automatically configure HTTPS for you.
Once your SSL is active you will see something like this: (Ignore the warnings! :))
Clear the cache and reload your website, and you will be able to see the green padlock icon next to your URL.
Until next time 🙂