Secure Socket Layer, o simplemente SSL, es un protocolo de seguridad que encripta la comunicación entre un server web y un browser Web.
En esta era de vulnerabilidad web, los certificados SSL de WordPress proporcionan una capa de seguridad adicional al asegurar que la comunicación entre un servidor web y un navegador web be privada.
Cuando visite un sitio web, notará que la Url it is HTTP o HTTPS. La S en el HTTPS se refiere al certificado SSL.
Los buenos crawlers al mismo tiempo tienen esto en cuenta cuando compilan SERPS. Un sitio web con certificado SSL de WordPress tiene preferencia.
Google Chrome comenzó a marcar sitios web sin SSL de WordPress como «No seguros».
Esto resultó en que los visitantes evitaran comprometerse en dichos sitios web. Los propietarios de sitios experimentaron una disminución en las conversiones como ventas, subscription and more.
What is an SSL certificate?
Secure Socket Layer (SSL) encrypts data transferred between a web server and a web browser.
When installing a WordPress SSL certificate on your website, you will notice that your HTTP protocol changes to HTTPS.
How does a WordPress SSL certificate work?
The SSL certificate converts your HTTP protocol to an HTTPS protocol by encrypting the data that is transferred from a web server to a web browser.
Esta operación de encriptación de datos implica que el Username envíe información que puede incluir nombre, número de tarjeta de crédito y domicilio.
<>
Source: Sucuri
This data is encrypted and transported from HTTPS to your web server. Any attempted data breach will not leak the information because it is encrypted.
2LxUkhQ
Although it may seem very technical, for practical purposes, it is quite simple.
Again, SSL encrypts all the data that is transferred between the visitor and the website.
For a website to use SSL, it needs to obtain an SSL certificate. This certificate is proof that the website is legitimate and that the SSL encryption they are using is correct, at the same time the certificate at the same time contains the information about the public key used for the encryption (more information about this later ).
This is what happens step by step when a person visits a website with SSL:
Step 1:
The visitor's browser checks if the website's SSL certificate is valid.
This is done to ensure that the certificate is not fake and that the website is what it claims to be.
The browser checks the certificate to make sure it is not an imposter site. However, the browser does not do this on its own, it is verified by a certificate authority, an external company that issues certificates.
If the validation is successful, the browser alerts you by displaying a padlock next to the url address.
Step 2:
The browser uses the certificate to communicate with the website.
This is done by taking the public key that is part of the certificate and using it to encrypt all data sent to the website.
This data is then transmitted to the website in its encrypted form.
Step 3:
The website uses its own private key to decrypt the message and then processes it.
That private key is known only to the website, and at the same time it is the only key that can decrypt the message correctly. This means that only the website can read the information that the user is submitting.
This becomes crucially important when the data being sent is things like credit card numbers.
Step 4:
The website sends a response to the visitor and adds a unique signature using the private key.
The signature can be verified by the user using the public key of the website. In other words, only the website itself could produce that specific signature, since only it has the private key.
At this stage, we have come full circle, from establishing a secure connection to sending data to the website and receiving a response. This is how communication is done via SSL.
El par de claves público-privadas es un concepto simple, pero es todo lo que se necesita para establecer un channel seguro de comunicación y asegurarse de que la parte con la que se está comunicando es la que dice ser.
In simple terms, you can think of the public key as the lock and the private key as the actual secret combination that can be used to open the lock.
What is the difference between SSL and TLS?
In a word, there is no difference.
Ok, to be more specific, yes. But a simple one for all we need to know. TLS (Transport Layer Security) is an updated version of SSL. It's more secure, and it's actually what all of us use today instead of SSL.
Yes, you read that right, every time you get an SSL certificate for your website, what you think it is, you are actually getting a TLS certificate.
We still refer to it as SSL because it is a more commonly used and understood term.
Types of SSL / TLS certificates
No todos los certificados SSL son iguales. En función del tipo de certificado que obtenga para su sitio web y de cómo lo configure, sus visitantes verán diferentes notificaciones en sus browsers.
Certificates are generally grouped based on two things:
- a) the level of validation of the certificate
- b) the number of domains that can be protected with a single certificate
In the first group (a), we have:
- certificates that validate only the name of domain itself - the certificate authority simply validates that the company is in control of your domain name
- certificates that validate the organization domain owner - this validates not only the domain name but at the same time the information included in the certificate about the organization, such as the name and address
- certificates that offer validation extended- is the highest level of a certificate in which the certificate authority verifies ownership of the domain, information about the organization, its physical location, and even the legal existence of the company
Para que su sitio se integre correctamente con SSL, debe decantarse por la validación de dominio estándar o la validación de la organización. El tercer nivel suele ser algo por lo que sólo los grandes jugadores optan, como PayPal, Airbnb, etc.
You can see the SSL certificate level in the browser window
While the certificates extended they have an additional bar around the lock that includes the company name.
In the second group (b), we have:
- single domain certificates
- wildcard certificates
- multidomain certificates
This is all very simple. Single domain certificates enable you to validate a website under a domain name.
A modo de ejemplo, si su sitio principal se ejecuta en YOURSITE.com y su Blog se ejecuta en YOURSITE.com/blog, entonces puede tenerlos bajo un certificado de dominio único.
However, if your site is on YOURSITE.com but your blog is running on blog.YOURSITE.com, you will need a wildcard SSL.
With the wildcard certificate, you can basically validate a single domain name plus an unlimited number of subdomains under that main domain. Basically there is a wildcard character in the certificate - * .YOURSITE.com, hence the name.
The last type of certificate, the multi-domain certificate, enables you to protect up to 100 domain names under the same certificate. This is not something that a casual website owner or even a developer has to worry about.
? Here's your trim and preserve summary of which SSL certificate you should choose:
- Do you need to validate a single domain name? Obtain a single domain certificate of validation at the domain level or at the organization level.
- Do you need to validate a website with one or more subdomains? Obtain a domain or organization level validation wildcard certificate.
Multi-domain Wildcard
As the name suggests, the multi-domain wildcard is a hybrid of both a multi-domain and a wildcard SSL certificate. This means that the SSL certificate can be used in several domains and at the same time in several subdomains.
What is HTTPS?
HTTP It is a protocol used for communication through the Internet. It is by using this protocol that a website sends you its contents / data and how you can interact with them and return the data to them.
HTTPS it is a secure version of the protocol. That's what the "S" means at the end.
With HTTPS, the communication itself is done in a fairly equivalent way, with the only difference being that it is encrypted by means of an SSL certificate, which makes it secure.
Why do you need a WordPress SSL certificate?
There are several reasons why you would need an SSL certificate, but they can be classified into two categories:
Security
There are many reasons why you should have an SSL certificate on your website, but security tops the list. The HTTPS protocol protects your website by encrypting data from your web server to your web browser.
WordPress SSL certificates provide authentication. This means that you don't have to worry about sending your sensitive data to the correct server and not to an imposter trying to steal your information.
At the same time, this added layer of security gives your visitors a lot of confidence in your website. An HTTPS website encourages visitors to enter their confidential details undoubtedly.
See: 10 Sure Ways To Improve Blog Security In 2019
SSL helps in SEO
As mentioned in the previous article, WordPress SSL certificates contribute to your Google SERPs. Google has the responsibility to direct its users only to those websites that are safe to navigate and participate.
Disponer de un certificado SSL indica a Google que el sitio web es lo suficientemente seguro y protegido como para que usted pueda dirigir a sus usuarios. Esta es la razón por la que si no tienes SSL, no podrás clasificarte más arriba en los rankings de búsqueda de Google.
Free SSL certificate providers for WordPress
Let's Encrypt
SSLs used to be very expensive in the old days. Not too long ago, if you wanted to add SSL to your site, you basically only had two options: VeriSign or Comodo. Both were quite expensive (around $ 100 a year). Hence most people just didn't bother. Having an SSL on your site seemed like an unnecessary and expensive luxury.
But times have changed, and that's mainly thanks to one organization - Let's Encrypt. You've probably already heard of them. Finally, Let's Encrypt provides completely free authentic SSL certificates to any website that wants it.
The "free" component of their offering is what really got the "SSL for the masses" concept off the ground.
But at the same time there was another player on the field who made a big difference: Google.
Google has always been very open in encouraging website owners to integrate SSL certificates. However, it wasn't until Google made encryption a ranking mark that everyone started taking them seriously.
Read: if you want your website to rank higher, you need SSL!
Thus, with the combined efforts of Google and Let's Encrypt, the number of websites with SSL has increased tremendously, with more than 150 million websites using Let's Encrypt at the time of this writing.
What is even more impressive, there are around one million certificates issued per day.
The Let's Encrypt initiative at the same time is supported by the other web giant, Facebook. The company has been with Let's Encrypt from the beginning and is now even converting all outbound links that users share on Facebook to HTTPS versions when feasible.
Este nivel de adopción es realmente increíble! Pero Let’s Encrypt no logró todo esto por sí solo. Sí, los esfuerzos de Google tuvieron su efecto y los de Facebook, pero aparte de eso, Let’s Encrypt al mismo tiempo tiene muchos partidarios en otras empresas que conocen la web y la tecnología.
CloudFlare
Most of you can recognize CloudFlare by its excellent CDN, but they recently announced that they will be offering a free WordPress SSL certificate to all of their users. If you are using CloudFlare CDN, all you need to do is log into your account, select the website you want to enable SSL for, and click on the Crypto icon.
WoSign
WoSign is a free WordPress SSL certificate provider that offers SSL for two years at no cost.
Free SSL
As the name suggests, this SSL certificate provider offers free SSL certificates for WordPress. It uses the Let's Encrypt ACME server through domain validation.
The SSL certificate is a third-party tool that you can obtain from various SSL providers. In this article, we will mention both paid and free SSL certificates for WordPress.
RapidSSL
RapidSSL is one of the most reputable SSL certificate providers in the world. They have a reliable product and excellent service to complete it. They offer single domain and wildcard certificates.
You can buy your single domain SSL certificate for $59 and renew it for the same price. Your wildcard SSL certificate costs $249.
Thawte
Thawte is another professional SSL certificate provider that provides SSL to companies. Offers an inexpensive wildcard SSL certificate to organizations starting from $524 / year with a 30-day money-back guarantee.
SSL certificates offer you up to 256-bit data encryption. Each plan comes with free technical support and reissues.
GeoTrust
GeoTrust is one of the cheapest SSL certificate providers. It is a highly trusted brand that offers a wildcard SSL certificate for just $ 499 per year. At the same time they offer a 30 day money back guarantee with expert support.
Cheap SSL Shop
As the name suggests, Cheap SSL Shop offers the cheapest SSL certificates. With just $51 per year, you can get a wildcard SSL certificate.
Comfortable
Most of you could argue that Comodo should be at the top of the list. Comodo is one of the most popular SSL certificate providers for all types of websites, including corporate and e-commerce companies. Your wildcard SSL certificates start at $199 per year.
How to install SSL in WordPress and migrate from http to https
Although SSLs seem to be quite a technology intensive thing to add to a website, in practice incorporating one with WordPress is fairly straightforward.
In practical terms, there is only one sensible way to add SSL to WordPress, and that is through your current web server.
A couple of reasons for this:
- It is not necessary to obtain the certificate manually from Let's Encrypt. The host takes care of that.
- You also don't need to import that certificate to the server yourself. Again, the work of your host.
- Lastly, you also don't have to worry about renewing your certificate when it expires (it happens every two months or so). Again, your host.
? If your host doesn't give you access to Let's Encrypt certificates or if you want to enable yours manually for other reasons, you can still do so. Let's Encrypt explains how to do it on your site.
This is the easiest way to get an SSL certificate on a WordPress site:
Step 1. Enable SSL through your host
Most top-tier WordPress hosts these days offer a free Let's Encrypt SSL certificate as part of their standard hosting packages at no additional cost.
These are just some of the hosts that offer these free SSLs:
- SiteGround
- Bluehost
- Flywheel
- Kinsta
- WP motor
- DreamHost
- A2 Accommodation
- InMotion Hosting
If you are hosting your site with any of these, you are in luck, and you can get an SSL certificate in a couple of clicks.
Here are some examples of how to get started:
SSL installation on SiteGround:
Login to your SiteGround user profile and go to My Accounts → Extra Services.
By default, you may already have SSL enabled on your primary domain. You will see it on the panel. You can click the button Manage in the Encrypt SSL box to configure everything.
If you want, you can at the same time enable an SSL wildcard there.
Installing SSL on Bluehost:
Login to your Bluehost user panel and go to My Sites → Security. There you can enable SSL.
Instalación de SSL en Flywheel:
Log in to the user panel of your flywheel. You can add an SSL by clicking the three dots icon next to your domain name.
To complete the setup, you have to provide Flywheel with some details about your organization at the same time. It is just a simple form.
Instalación de SSL en cualquier host cPanel:
If your host runs on cPanel (most hosts do), you can simultaneously enable a Let's Encrypt SSL certificate through it.
Login to your cPanel and click Code in the SECURITY section.
Click the button New SSL certificate.
Choose a domain name from the drop-down list, which contains all the domain names you have in that hosting setup, and enable SSL.
Continue at: https://rmarketingdigital.com/migrar-wordpress/http-https/ (UNIFY)
conclusion
There is no question whether you should use WordPress SSL certificates on your website or not. They provide security to your data and make your website appear more authentic.
Vea: ¿Por qué debería usar SSL para su sitio web WooCommerce?
If you know of any other SSL certificate providers that should be on this list, feel free to contribute in the comments.
