At Angry Creative, we use WP Engine for specialist WordPress hosting, and this post talks through the two ways of setting up SSL on your WP Engine-hosted site.
What is SSL and why should I use it?
When you’re running an eCommerce website, have sensitive information or just want a little added security you can add SSL to your site. SSL stands for Secure Socket Layer is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers. For some payment gateways like Stripe, it’s mandatory. Other times SSL is used to protect login credentials or user-submitted information.
What does SSL do?
SSL is a protocol that does two things:
- Encrypts your data, which means no hacker can see what your browser sends to the server nor what the server sends to the browser.
- Authenticates your website, which means it tells your browser “This website really is what it claims to be.”
HTTPS just means “HTTP with SSL.” Just as “HTTP://” means “this is a website,” seeing “HTTPS://” means “this is a website, and it’s using SSL to encrypt data and authenticate the website”.
So when you want a “secure website”, i.e. a website with HTTP, you’re saying you want to use the SSL protocol.
How to set up SSL for your WordPress site
There are two ways to set up SSL with WP Engine:
- Use your own SSL provider – gives you complete control, but costs more
- Use WP Engine’s SSL provision – an easy option
1. Using your own SSL provider
- Generate a CSR (Certificate Signing Request). Open a ticket with WP Engine, selecting SSL from the Topic list and include this information in the Description:
- Site URL (also known as the Common Name) e.g. www.mysite.com
- Organisation Name e.g. My Site Ltd
- City Name e.g. Brighton
- State / County e.g. Sussex
- Country Name / Code e.g. GB
- Email Address e.g. [email protected]
- Wait for the reply, you’ll be sent a block of text starting
—–BEGIN CERTIFICATE REQUEST—– and ending
—–END CERTIFICATE REQUEST—– - Purchase a certificate. As part of the process, you’ll be asked for the CSR sent to you. There are hundreds of companies offering certificates ranging between £30 and £3000 depending on your needs and the level of certification you require. There is the option of an Extended Validation certificate (which makes the URL bar green and shows the company name). Some examples of SSL providers are:
- Once you’ve purchased your certificate and it’s been issued (which can take some time, especially for Extended Validation certificates), you’ll be presented a ZIP file to download.
- Go back to the WP Engine ticket, and reply, uploading the certificate files
- WP Engine takes care of the installation and configuring of the certificate, and will let you know once it’s done.
This process usually takes around two hours of billable time to complete, but it’ll take longer than that to actually get everything in place because of the time between opening a ticket and WP Engine replying, and any delay in getting the certificate generated and available to use. We’d be happy to take care of this for you for £140+VAT based on our standard rate is £70 + VAT per hour.
Get in touch if you would like us to set up an SSL certificate on your WordPress website for you.
2. Using WP Engine SSL
If that all sounds a bit daunting, WP Engine offers their own SSL certificate service for:
- $49/year for a single domain
- $199/year for a wildcard certificate (multiple domains)
(Prices correct at time of publishing).
You can read the full details from WP Engine here. If you want us to coordinate this process for you, it’ll take us an hour to manage the process (£70+VAT).
Contact us if you’d like us to set up WP Engine’s own SSL certificate on your WordPress website for you.
Either way
There are a few steps they’ll help with to make sure your site serves pages that should be secure correctly, these include:
- The login page
- WordPress Admin pages
- Pages that include forms that collect personal data
- Any commerce checkout pages
Once these steps have been completed, your site will be capable of serving pages over a secure connection! Any questions? Give us a shout!