Google shows all non-SSL websites as “Not Secure”. This means that you’re not using an SSL certificate on your website, and if you don’t have an SSL certificate or Free SSL Certificate on your sites that means you’ll lose user’s trust.
Because SSL certificate helps protect your website data, and it makes trust with the customer who visits your website. If you’ve any online shopping website then you must have SSL on your sites to accept the payment online.
Normally, there are lots of hosting provider available who gives paid SSL certificate but that was to much expensive. If you’re making a WordPress website then you likely want to keep costs low.
There are various ways to get a free SSL certificate to reduce your website cost. In this article, I’ll show you how to get a Free SSL Certificate for your WordPress website and set it up all by yourself.
Before know-how to create free SSL certificate, we will also cover the following topic
- What is an SSL Certificate?
- What is HTTPs?
- Why do you need an SSL certificate for your WordPress website?
- How does the SSL certificate work?
- How you can get a free SSL certificate?
- How to install a free SSL certificate in WordPress Website?
Let’s get started.
What is SSL?
SSL means “Secure Sockets Layer”. It is an internet protocol for securing the data transfer between a user’s browser and the website they are visiting.
Every internet user transfers information when they visit websites. This information can often be sensitive like payment details, credit or debit card information, or login credentials.
Using the normal HTTP protocol means this information can be hijacked by hackers. This is where SSL or HTTPS comes in.
Websites need an SSL certificate issued by one of the recognized certificates issuing authority. This certificate should be verified and highlighted in the user’s browser address bar with a padlock sign and HTTPS instead of HTTP.
What is HTTPs?
HTTPs is the secure version of HTTP protocol used between the browser and web server. The “s” at the end of HTTPs stands for “secure”. Technically it refers to HTTPs / secure socket layer or SSL. HTTPS means all communications between your browser and a web server are encrypted behind HTTPs.
Why do you need an SSL certificate for your WordPress website?
SSL certificate is compulsory for all websites on the internet. However, it is absolutely required for all websites that collect user information like login details, payment information, debit card information, and more.
SSL certificate plays an important role in building trust between a browser and a web server.
By definition SSL certificate is web servers a digital certificate issued by a third party and a verifies the identity a web server and its public key.
If you’re running an online shopping website, a membership website, or require users to login, then you need to get an SSL certificate on your website.
If you have that type of website where you are accepting online payment, then your website to use SSL / HTTPS before you can receive payments.
Not even to collect user information only but if you want to make trust with the user’s then you should have SSL / HTTPS on your website.
Last but not least, if your website is not using an SSL / HTTPS certificate, then Google chrome will show your users that your website is not secure.
This Not secure icon affects your brand image and user’s trust on your website.
How does the SSL certificate work?
As I discussed above what is SSL? Why SSL certificate important for us?
Now if you’re wondering how does the SSL certificate works? Then I’m going to give the answer actually how it works?
SSL protects information by encrypting the date transfer between a user’s browser and the website.
When a user visits an SSL / HTTPs website, their browser first verifies if the website’s SSL certificate is valid or not.
If everything checks out, then the browser users the website’s public key to encrypt the data. This data is then sent back to the intended server where it is decrypted using the public key and secret private key.
Let me use one example to demonstrate how SSL certificate works?
Here is the scenario:
I want to connect with yahoo web server and I want all communications with yahoo web server are encrypted.
I type in https://www.yahoo.com, here is what happens when I hit enter key from the keyboard.
Step 1: My browser requests secure pages (HTTPs) from a yahoo web server.
Step 2: The yahoo server sends its public key with its SSL certificate, which is digitally signed by a third party, or we call certificate authority, or simply CA.
Step 3: Once my browser gets the certificate, it will check the issuer’s digital signature to make sure the certificate is valid. As we know a digital signature is created by a CA’s private key, and my browser, either Chrome or Firefox, is previously installed with many major CA’s public keys. Thus, digital signature can be verified.
Once the SSL certificate signature is verified the digital certificate can be trusted. A green padlock icon appears in the address bar.
The green padlock simply indicates that the web server’s public key really belongs to the web server, not someone else.
Verification has been done.
Now it is time to exchange a secret.
Step 4: My browser creates one symmetric key a shared secret. It keeps one and gives a copy to the webserver. However, my browser does not want to send the shared secret in plain text.
Therefore, its user the web server’s public key to encrypt the secret and then sends it to the web server.
Step 5: When the webserver gets the encrypted symmetric key, it uses its private key to decrypt it.
Now the webserver gets the browser’s shared key. From now on all traffic between the client and the web server will be encrypted and decrypted with the same key.
How to get a Free SSL Certificate for your WordPress website
Now if you go to your website and you see this not secure message on your browser It means that you do not have SSL certificate.
If you want to change this message into the secure lock symbol you need to get an SSL for your website. So, this will make your visitors to trust your website.
So let’s get started…
We’re going to get a Free SSL Certificate in just five steps.
Step 1: Create an account on a website called “Cloudflare”.
This is a website which is going to give us the free SSL. So, to create the account let’s go to cloudflare.com and then click on “sign up”
Now enter your email, and password then click on “create account”. Once you’ll click on create account your Cloudflare account has been created.
Step 2: Add your website name to this account.
So just enter your website name, and then click “Add a Site“. Then click Next, and select the free plan, and click confirm. Now scroll down and click on continue.
Now our website has been added to Cloudflare.
Now go to the next step which is ‘Change your nameservers’.
Step 3: Change your nameservers
Here you can see the nameservers. You need to add these nameservers to your domain provider. You need to first login to your domain provider’s website, and add these nameservers to domain providers.
My domain provide is Godaddy. So, I’m going to login Godaddy.
Go to the Godaddy Dashboard and click on DNS option under domain section.
After click on DNS, go to the nameservers, and click on change
Now, you need to select I’ll use my own nameservers and paste both nameservers from Cloudflare. Then click on Save.
So now we have successfully added the nameservers to our domain. Now go to the Cloudflare, and click on continue. Once you will click on the continue it will show you your nameservers has been changed.
If you’ll not show that option then you need to click on Re-check otherwise you need to wait for some times.
Step 4: Install the cloudflare plugin in WordPress.
To install the plugin let’s go to WordPress Dashboard, and then go to plugins and click add new. Now search for flexible SSL and you will get this plugin.
Click on Install and activate this plugin.
Once you have installed the plugin we can now go to the final step Which is to ‘Enable SSL in cloudflare’.
Step 5: Enable SSL in cloudflare
Go to the Cloudflare and click on lock sign.
After click on lock sign, you have to click on Flexible option, and then click on Edge Certificate as shown on the above picture.
Now you need to enable Always Use HTTPS and turn it on.
After turn this on Your website will now be secured with SSL. Now refresh your website and you can see that we now have the lock And the HTTPS Which means we have now got the SSL.
Note: If you are not able show lock sign and connection is secure option then you need to wait for 24 hours.
I hope you like this article How to Get a Free SSL Certificate for Your WordPress Website, and you have successfully installed SSL on you website. If you have any question you can ask in the comment box.