Ssl certificate basics

pma111
pma111 used Ask the Experts™
on
We have inherited a wordpress site that does not have ssl, so login credentials are sent plain text (the site doesnt collect any other personal data). Are there any recommendations on who to use and any other dos and donts regarding selecting a certificate and approx costs. Are the costs 'one off' or annual?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
President / Owner CARDA Consultants Inc.
Distinguished Expert 2018
Commented:
Many host now have free certificates available using Let's Encrypt.  Other make you buy them.  I've used both without issue.  Costs vary greatly between providers.  If memory serves me, I believe it was costing me about 70$/CAD/Yr when I was paying for my cert.

Also, once you setup an SSL, be sure to then adjust your htaccess file to include an automatic rewrite so that people always get https:// rather than http://
Most Valuable Expert 2018
Distinguished Expert 2018

Commented:
More and more hosting companies are starting to offer free SSL Certificates through Let's Encrypt, so you might  want to check with your current host. If they don't already offer it, ask them if they're likely to be adding as a feature any time soon. If not, you might want to consider switching hosts.

You might also want to consider a more detailed SSL if you're handling any particularly sensitive data, such as Credit Card information etc. Plenty of companies offering then at various costs if a free one isn't suitable.
David FavorFractional CTO
Distinguished Expert 2018

Commented:
1) https://LetsEncrypt.org has provided free certs for years.

2) All sites are best run as HTTPS these days.

3) Most hosting companies provide plumbing for free LetsEncrypt certs.
11/26 Forrester Webinar: Savings for Enterprise

How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.

Author

Commented:
I contacted the host (hostpapa) would did not indicate its part of their service offering frustratingly.

Author

Commented:
The site isnt collecting/processing any sensitive data. It was just to protect the wordpress credentials in transit.
Most Valuable Expert 2018
Distinguished Expert 2018

Commented:
Regardless of whether you're processing sensitive data or not, ALL websites should have an SSL these days. Google will actually penalise your site in it's rankings if you don't have one.

The only reason a host wouldn't offer a free LetsEncypt SSL is because they can make extra money by charging you for them. You can either switch to a more accommodating host (my recommendation), or accept the charges that they set, but you should definitely install one.
David FavorFractional CTO
Distinguished Expert 2018

Commented:
1) I contacted the host (hostpapa) would did not indicate its part of their service offering frustratingly.

Sounds like it's time to move to different hosting.

2) The site isnt collecting/processing any sensitive data. It was just to protect the wordpress credentials in transit.

You can get away with this for now, so long as you can live with zero SEO traction, as it's likely Google will start giving a severe penalty for HTTP sites in the near future.

3) In addition to Chris Stanyon's comment, keep this in mind.

Very soon, every HTTP site in ever browser will being returning the dreaded "Suspicious site" message.

Because... well... any HTTP site is a suspicious site, because there's no way to tell who's manipulating an HTTP connection.

If you expect to use any site for anything useful these days...

Run your site as pure HTTPS.
Hi,

I'm using Comodo because this is cheap, they have warranty and I need to set it only once a year.
https://comodosslstore.com

With Let's encrypt you don't have warranty, no sceal, and you need to set it every 3 months or set an automatic script to do it for you.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial