Basic Guide to Understanding SSL Certificates

Basic Guide to Understanding SSL Certificates

SSL certificates are important as more and more online payments and transactions become commonplace. The need for security has increased for both users and the website owner. With the number of hacking incidents continuing to rise, it’s essential that your website employs the proper security tools to protect your WordPress website from hackers. Understanding SSL Certificates is a really important part of protecting your website.

[bctt tweet=”As a #business owner on the internet, when it comes to #security, you need to be aware of one crucial #website security tool: #SSL.”]

Getting a basic SSL certificate is much easier than you think and having an SSL certificate on your website could be the factor that determines the safety of your website, and it’s users. In this article, we’ll go through the basics of SSL so that you understand how certificates work and how to utilize it effectively for your business.

What is SSL?

You might ask yourself, “what the heck is SSL?”. Well, to put it simply, SSL (Secure Sockets Layer) is a protocol that allows your browser to create a safe connection between itself and a website or server.

When you have an SSL certificate, it verifies that the legitimate and appropriate company owns the website that’s being accessed. It ensures that visitors are visiting the correct site and helps prevent other people from impersonating your company and website.

For customers and users, an SSL certificate helps establish a secure connection between their browser and your website’s server. This adds another layer of data encryption that will protect sensitive information such as passwords and credit card details.

Although understanding SSL certificates is important – If you want to be sure you have the right web host, check out our guide on finding a secure WordPress hosting company.

How does SSL work?

So now that you know what an SSL is, you might wonder how it works. Well, there are a few steps to it, but in a nutshell, the process of how SSL works with a website is summed up below:

  • A visitor connects or loads up a site (i.e., web server) that are secured with SSL in a browser. The browser/server will request for the web server to identify itself.
  • The web server will then send a copy of its SSL certificate to the browser/server.
  • The browser/server will then check if the SSL certificate can be trusted or not. Once it’s checked, it will send a message to the web server.
  • Upon receiving the message, the web server will send back a digitally signed acknowledgment to initiate an SSL encrypted session.
  • Now all the data shared between the browser/server and the web server will be encrypted.
  • HTTP to HTTPS - Understanding SSL Certificates

The whole process is commonly known as the “SSL Handshake,” and throughout the process, your website and your visitor will have a secure session which will prevent anyone from stealing or accessing data that’s being shared.

Importance of SSL to Google

We’ve mentioned how important SSL is, especially for eCommerce sites to keep a customer’s personal information safe from hackers.

However, having SSL goes beyond that. In fact, having an SSL certificate or not will have an effect towards your search ranking on Google as they will be labeling all standard HTTP pages as non-secure, starting from July 2018 onwards.

Treatment of HTTP Pages

While you might be able to function without an SSL certificate at the moment, we recommend having one sooner or later as Google will start penalizing and issue warnings to sites which are not using HTTPS.

Installing SSL Certificates on WordPress sites

Now that you’ve understood the importance of SSL, how do you install it on your WordPress website?

Well, you’ll be glad to know that install an SSL certificate on WordPress is surprisingly easy and requires minimal coding or changes on your side. All you need to do is use the right plugin, and you’ll have a website that’s equipped with SSL.

If you need a little help to get started, follow the step-by-step guide below:

  • First, you need to either purchase your SSL certificate from a hosting provider or get one for free (more on the difference later). Some web host provider, such as WPEngine, will set up an SSL by default.
  • Once you’ve got the SSL, you need to install it to your domain. If you have unlimited domains and maintain many sites, you need to choose one to install the SSL.
  • Use a plugin to do most of the work for you. Some plugins will help set up your site with the SSL automatically, just by activating it. A few that we recommend you use are Really Simple SSL, CTW SSL for Cloudflare, and WP Force SSL.
  • After you’ve installed the plugin to maintain your SSL, you’ll then need to modify your WordPress setting. Head to your “Settings” and look for a “Site Address” text box. Make sure that your domain’s prefix is “https.”
  • Another step that you can do is to modify your .htaccess manually with some simple coding. Just load up the file in an editor and add the following lines:
<IfModule mod_rewrite.c>

Rewrite Engine On


RewriteRule^(.*)$$1 [R.L]


Do everything correctly, and you should have a secure website that comes with an SSL certificate!

Difference between paid and free SSL

We’ve mentioned earlier that you can opt for a free or a paid SSL, but what’s the difference? While both do offer the same level of encryption, there are some difference SSL certificates that you should be aware of.

In general, you can just use Let’s Encrypt certificates, which most major website hosts support these days. Although a host sometimes might make it a bit tricky to find. Make a search on Google on how to install on your website host.

SSL Certificate Type

A free SSL certificate only comes with a Domain Validation (DV) option which is used only for providing basic level authentication. These are useful for small websites and blogs. Paid certificates, on the other hand, offers Organization Validation (OV) and Extended Validation (EV) options which are necessary to protect medium or bigger business websites.

Level of Validation

For free SSL, Certificate Authorities (or CA) do not validate anything besides the identity of the website owner. For paid certificates, a CA must conduct an in-depth verification of the business and the website owner before issuing it.

Validity Period

The validity period for a free SSL certificate only lasts for 30 – 90 days. This means that every 30 – 90 days, you’ll have to renew your certificate. While as paid certificates can be issued for a period of 1 – 2 years.

SSL Certificate support

When it comes to customer support, paid certificates are better as certificate authorities, and SSL resellers are committed to giving support to their customers either by chat, email, or phone call. On the other hand, if you’re having issues with free SSL certificates, you’re going to have to solve it yourself by going through old forum posts.


If anything goes wrong with your free certificate, then you’re out of luck, even if the fault lies on the CA’s end. Those who opt for paid certificates, they come with warranties that can pay anywhere between 10 grand to over 1 million.

Benefits of SSL

In this world, there’s no such thing as a perfect security system. For example, if you decided to publish sensitive information on your website without a password, then even having an SSL won’t prevent it from any unauthorized viewing.

However, there are many benefits to having an SSL certified website, especially for small businesses. Among them are:

  • Having your site look more professional as applying for an SSL certificate requires you to be checked by a certificate authority before issuing them.
  • Visitors will be more loyal to your website since they know that their information, such as credit cards or emails, are protected.
  • If you’re selling online, shoppers will check if you have an SSL certificate and are likely to visit if you have one.
  • Visitors are more encouraged to make a purchase using online checkout if you have SSL. Some reputable checkout system might have their own SSL, but it’s best that you have own SSL certificate instead.
  • All of your information will be protected. Whenever you send a promotional code or a voucher to your website’s visitor, SSL protects all of the information that you send and receive.

You might feel like you’re being forced to implement an SSL certificate on your website due to big businesses such as Google. But at the end day, SSL certificate is an important security feature, and it only cost a small price to pay to give your customers and visitors peace of mind whenever they visit your website.

There is more to keeping your WordPress website secure, take a look at our guide on how you can protect yourself from the most common WordPress issues.



Interested in learning more and increase your understanding? Check out this great explanation video:

[sc_fs_faq html=”true” headline=”h2″ img=”” question=”What are SSL certificates?” img_alt=”” css_class=””] An SSL certificate helps establish a secure connection between a browser and a server. These certificates are a way for a website to identify itself and adds a layer of data encryption to protect sensitive information. If the website you are visiting has “https” in the beginning, then it is connected via SSL. Notice the “s” in https, this stands for Secure. [/sc_fs_faq]


Read more about the author .

Save 40%

On monthly and annual plans

Lifetime Deals

Only during BF sales!




We won't spam you. Unsubscribe any time.

Wait! Before you go!

Get 10% discount for any WP Security Ninja plan!


Subscribe to our newsletter for new releases, discounts and general WordPress Security news. Sprinkled with other interesting stuff :-)

WordPress Turns 20: Save 20% Now!



Code valid till June 26th 2023

10% OFF

Subscribe to our newsletter

* We do not spam or share your email

Discount on any Security Ninja plan

and get

Hi and welcome back :-)