5 Best SSL Plugins for WordPress
Running and growing a successful website – be it a food blog or an online learning platform – would be difficult enough even if you didn’t have to think about security. Putting security on the back burner, however, is usually not an option. And the more information you’re asking from your website visitors, the more pressing the issue around security becomes.
In the past couple of years, adding an SSL certificate to your WordPress website has come up as one of the most accepted ways to add an extra layer of security to it. And this being WordPress, you know there’s a plugin out there, or a few, that lets you do anything on your website. Adding SSL to your website is not an exception.
In this article, we’ll cover:
Short for “secure sockets layer,” SSL is a technology that allows the connection between your website and the website visitors’ browsers to become encrypted. This would mean that any data transferred over that connection would be difficult for someone else to see, making it reasonably safe from a variety of attacks.
Websites that have SSL add an “s” to the HTTP in front of their website. This means that the regular Hypertext Transfer Protocol, the foundational communication protocol without which we couldn’t imagine the internet, becomes Hypertext Transfer Protocol Secure.
When you get an SSL certificate, you’re more likely getting something that’s called TLS – transport layer security. There’s some confusion about it because TLS is the successor of SSL, but the term “SSL” has been so widely used that people can’t seem to give up on it even though they’re talking about TLS. It’s also possible to see the SSL/TLS abbreviation. They all refer to the same thing, and its role is to keep your website and its visitors safe.
Encryption is an important layer of security for your website, especially if you use it to acquire some kind of information from your website visitors. If they leave their email address or a password, using an SSL certificate would make it more difficult for someone other than your website and the visitor’s browser to see that information.
You can imagine how, the more important the information you ask gets, the more crucial having SSL becomes. When you want people’s credit card numbers, asking for people to give it without at least an SSL to protect that information would be negligent beyond any measure. You simply do not do that in this time and age.
Another reason to have SSL is that, if you don’t, your website might be flagged as not being secure even if you don’t ask for valuable or personal information. Browsers will notify their users when they’re seeing a non-SSL-protected website, and they’ll leave no doubt that it’s not as secure as it could be. At the very least, adding SSL can improve trust, and that’s one thing you can never have enough of.
There are a couple of different ways to get an SSL certificate. You should, however, know that a lot of the time you’ll need an SSL certificate before you use the actual plugin to add it to your website. There aren’t that many plugins that will acquire the certificate and also install it for you.
People usually get their SSL certificates either through their hosting providers or directly from Certificate Authorities. Getting it from the host might come with the added benefit of having it installed and configured, although it might not happen every time. Then again, you might also get one for free from a Certificate Authority such as Let’s Encrypt.
Either way, if you find yourself with a certificate and a website in need of security, it might be up to you to add and set it all up on your website. So that’s when these plugins can come in handy.
Really Simple SSL
The most popular SSL plugin on WordPress.org, Really Simple SSL can boast over five million active installations and a five-star rating from over six thousand users. This plugin is light, with few options, but it will get the job done – as long as you remember to provide the SSL Certificate.
From there, the plugin will take care of most of the things. It will iron out all the kinks WordPress has with SSL, make sure that all upcoming requests are redirected to https, change the siteurl and homeurl, replace http URLs with https.
You can also choose to get the pro version of the plugin which will allow you to do some additional interesting things. If you need to enable HTTP Strict Transport Security, for example, or configure your website for the HSTS preload list, the pro version might be just the thing you’ve been looking for.
Some plugins will do their work with as little input from you as possible. Others will have you do at least some of the work on your own. SSL Zen will do either, depending on the type of version you get.
In the free version, you will get the redirects to https, fixing of the site and home URLs, and replacing regular URLs with https URLs. You will, however, need to provide the Certificate, verify your domain, install the Certificate, and make sure you update it.
Going for the premium version of the plugin will automate all of those chores. Everything will start happening at a push of a button, and you’ll get more great features to use for your website. You’ll get spam and brute-force protection, blocking of a variety of known attack types, and much, much more.
WP Force SSL & HTTPS Redirect
When it comes to lightweight plugins that keep their options to the minimum and just do the job they were built for, WP Force SSL & HTTPS Redirect is as good as it gets. With just two settings within the plugin, it won’t give you that much to do.
Apart from getting and installing the Certificate, that is, because that’s not covered by the plugin. You can rely on it for testing your Certificate after you’ve installed it, which is a great and useful feature, and it will automatically redirect the traffic to your website to https. It will also let you enable HTTP Strict Transport Security.
The plugin has no paid plans.
Free SSL Certificate Plugin for WordPress
Here’s a plugin that needs little introduction apart from listing its full name: Free SSL Certificate Plugin for WordPress – Auto-Install Free SSL, Force HTTPS Redirect. Right off the bat, you know exactly what it does.
The plugin will, automatically, issue an SSL Certificate to your website. It will install it, and when the time comes, it will renew it. When that’s done, you can use the plugin to force SSL activation, which is just another way of saying that the plugin will take care of all the things that need to be taken care of before you can say it’s secured with an SSL Certificate.
A deeper dive into the plugin’s features show that it, for example, doesn’t work with Windows hosting, being limited to Linux instead. It lets you choose how often you want to renew your certificate, but also the SSL Certificate’s key length. And it does all of that without charging a single penny.
Another plugin with a long name, WP Encryption – One Click Free SSL Certificate & SSL/HTTPS Redirect to Fix Insecure Content differs from its equally as descriptively-named list-mate by offering two different user experiences depending on the version you choose.
In the free version, you have to do lots of things on your own. Domain verification, Certificate installation, as well as its renewal are all things you’ll have to do manually with the free version. Forcing HTTPS is done automatically, however. The mixed content scanner can also come in handy to determine which content on your website can make your website appear insecure.
The pro features take much of the work out of your hands. Apart from simply automating what you previously had to do manually, the pro version provides Wildcard SSL support, multisite support, CDN access for annual plans, and lots and lots of blocking rules.
Let’s Wrap It Up!
SSL Certificate is one of the best ways to add some security to your website not only because it works, but also because it’s noticeable. Nothing better than a trust signal that actually does its job. For installing an SSL certificate on a WordPress website using a plugin, you’ll notice that the offer is good, but it’s a mixed bag of different services and price points. Your best bet would be to find something that matches your budget, level of expertise, and amount of free time, and then make sure you keep up with those Certificate renewals!