Do you have SSL on your website? (And are you scratching your head at “SSL”?) Don’t worry: I’m here to explain everything and teach you how to enable free SSL in Siteground and Flywheel (it’s super quick, too!).
There are many reasons why enabling SSL on your website is beneficial and even necessary depending on your website and growth goals:
- Starting in January 1, 2017, Google started giving a slight SEO advantage to websites with HTTPS (SSL)
- As of June 30, 2017, SSL is vital if you run a website that uses PayPal (if you only have buy buttons, you should be okay, but if you use PayPal’s IPN with a plugin, your PayPal integration no longer works without SSL on your website!)
- Starting in July 2018, Google Chrome is marking all websites that are not SSL (HTTPS) enabled as insecure. This means that from July 2018, when someone finds your site on Google, it will be flagged as ‘not secure’ — which will deter many from using your website.
- It’s more secure. SSL means your info is encrypted and people’s info entered via your site is protected.
- It plain looks more legit, yo!
Here’s why you need free SSL on your website
As covered in the Keep WordPress Happy: Essential Tips – January 2017 edition, an SSL certificate secures your website’s connection from a web server to a browser (like Chrome or Safari). It’s what takes you from http://website.com to https://website.com and shows a padlock next to the domain.
It used to be only for websites that processed sensitive data like credit card information, but now Google is making it valuable for anyone who wants to keep their website ranking high in search results.
And as mentioned above, PayPal is now making it mandatory.
Also in that post from January, I link to resources explaining how to set up SSL for free – but it’s not that easy or quick. In fact, it’s a PITA.
GOOD NEWS: Now, you can do it almost instantly when you host your site on Siteground or Flywheel. *Does happy dance in my yoga pants*
And you don’t have to pay GoDaddy $70/year for SSL. BTW that $70 would only cover 1 SSL certificate for 1 website – if you run several sites, the expense adds up quick! Each domain you have needs its own SSL certificate, you can’t buy one and share it across domains.
I say screw that: enable free SSL for your website and use the cash you save on a killer gemstone necklace instead (I’m obsessed: hellooo labradorite!) …or pop it into your savings account because saving cash is sexy too, amirite?!
This blog post will teach you how to enable free SSL for websites hosted via Siteground and Flywheel. If you’re still on a crappy or needlessly expensive hosting provider, go ahead and switch to Siteground – it’s the cheapest and they have speedy customer service, plus free website migrations and free SSL. Or if you want a managed hosting option for WordPress and don’t mind paying more, check out Flywheel! They’ll spoil you. Both are wonderful hosts for your website, and Siteground is dope whether you’re using the WordPress CMS or something else.
Warning: Just like when doing anything else to your website, take a moment to make a full backup before jumping in!
Now that you know you can enable SSL for free, what are you waiting for?
How to enable free SSL in Siteground and Flywheel
How to set up free SSL in Siteground
Let’s start with Siteground since it’s faster to enable and more of you are likely to use it compared to Flywheel, which is more expensive.
I was blown away by how fast and simple it is to activate SSL – for free – in Siteground. Just another reason why the more I use ’em, the more I love ’em.
When you log into your account, head to Siteground > My Account > Extra Services > Let’s Encrypt Certificates > Manage > Select the domain you want and toggle these settings ON:
That’s it, supahero!
At most, you’ll have to wait a few minutes, but reload your site and you should see it running with “https” and a shiny new padlock (green or gray).
How to set up free SSL in Flywheel
In Flywheel we have a couple more steps, but it’s still quick and easy and freeeee (sing it!) like the wind (I made it up, not a real song).
Go to your Dashboard > select your website > select Add-Ons > click the blue “Add SSL” button:
Select “Simple SSL” and click the green “Configure SSL” button:
Fill out the form. Easy peasy!
Boom! Wait about 10 minutes and you’ll see this when you go to your Dashboard > select your website > select Add-Ons:
The last step is to force HTTPS like so when you go to your Dashboard > select your website > select Advanced > Force HTTPS:
Need more help setting up free SSL?
If once you’re done you’re still seeing that it looks insecure (your “HTTPS” is gray instead of green)
Here’s how you can troubleshoot that:
Install the free SSL Insecure Content Fixer plugin from WordPress (via wordpress.org or via Dashboard > Plugins > Add New). The under the plugin’s settings, start with “Simple” and save your changes. Then reload your website and see if that does the trick.
If not, continue trying the subsequent options (Content, Widgets, and Capture – try to avoid Capture as it’s a troublemaker and can break things on your site).
And then BOOM – it’ll be fully secured with a padlock:
FYI your padlock can be green or gray. Technically they’re equally secure. Green means it’s using an EV (extended validation) certificate, gray doesn’t.
Still got issues with your free SSL setup?
If this still doesn’t solve the issue for you and you still have some mixed content (read: insecure content mixed in with your secure content), I’ll tell you how I fixed mine:
On the Chrome browser, go to the page showing insecure content and then in Chrome go to More Tools > Developer Tools > Console. There you’ll be able to spot the mixed content and address it.
For me, it was two things:
- Old code from typography.com from when I used Gotham as my font. Turns out I still had the script from that website in my website header, and it used http instead of https. Oops.
- My opt-in code! I’m on Aweber right now and the code I grabbed from them way back when I set up my end-of-blog-posts opt-in had insecure content from Aweber. So I logged into my Aweber to grab new, secure code for my forms. I probably still have one here or there that’s insecure and I’ll get to it (if you spot one, let me know ;)).
You can also go to whynopadlock.com to see what your issues are, but the Chrome Console is wayyy more specific in helping you find where exactly in your website the issues lie.
Last steps to move from HTTP to HTTPS
Then, be sure to go into your Google Analytics and Google Search Console (you’ve set those up for yourself, right??) and do this:
- On Google Analytics, go to Admin > Property > Property Settings > Default URL and change the protocol from HTTP to HTTPS
- Also on Google Analytics > Admin, go to View > View Settings > Website’s URL and change the protocol from HTTP to HTTPS
- On Google Search Console, add the HTTPS version of your domain as a new property and submit your sitemap
Now you’re golden 😊