On occasion I have the need to secure a WordPress Page on one of my websites. This is usually to make sure that a payment page is safe to accept a users credit card information. A secure page allows the transfer of data between the browser on a users computer and the server to be secure. You have most likely been browsing a website before and had the URL go from http to https. Most of the time you will also see a little padlock that confirms the site is safe. The padlock reassures the user that the page they are on is secure and it is safe to submit their information.
Visit the iCopilot.Net Sign up page to see it in action.
Visit the DailyAppShow Order Page to see it in action.
If you click around the two websites I have as examples above, you will see that only the page that I needed to have secure is secure, the rest of the website operates in a normal insecure environment.
In this article, my goal is to share how I implement SSL on my WordPress websites so you don’t have to struggle through it like I did the first time around.
The first step is to buy an SSL Certificate. I purchase my SSL Certs through Godaddy.com because I can usually find a coupon code that will get me the certificate for cheap. Normally they are around $70 per year but usually you can find a coupon code that will get you one for less than $10 per year. Recently, I found a Godaddy Coupon Code that got me an SSL Cert for $5.99 per year, so I paid for 5 years so I can lock in the price. It was still cheaper than one year at the regular price. The best Godaddy Coupon Codes are usually at Retailmenot.com. Once you purchase a SSL Certificate, the setup is pretty simple. In Godaddy, you manager your new SSL Cert under your “SSL Certificate Manager”. I am not going to include screenshots because Godaddy changes their website every couple of weeks it seems. If you can not find out how to set it up, you can call customer service.
Once you have it set up, you will need to install it on your server or host account. I have a dedicated server with multiple host accounts which means that I needed to move the website I want to assign the SSL Certificate to it’s own IP address. An SSL Certificate can only work with one IP address. If you have other websites on the same IP address it will cause problems. Depending on your website’s host, you may have to pay for a new IP address for your website. With my host, it was cheap. I actually purchased an additional 5 IP addresses for a small fee.
Now that you have your SSL Cert and your website is on it’s own IP address, you are ready to have the SSL Cert installed. If you are somewhat new to all of this, I recommend asking your host provider to do the installation. My server provides each host account with a Cpanel for me to access server functions for each host account. First I had to Generate a SSL Certificate & Signing Request. Typically, you will enter some company information which will be used to show up in the browser if someone clicks on the padlock to see more information about the security of the page they are browsing. Once you create the request you will have your Certificate Signing Request. It should look like a bunch of random characters. You will now copy and paste the request in to the SSL Certificate Manager at Godaddy where they will complete the SSL Certificate setup. Once that is complete, you can download your CRT Bundle for your SSL Certificate and come back to your host to install the certificate. It sounds like quite a process and it can be confusing. It may be easier for you to have your web host set it up for you. When installation has completed you should be able to navigate to https://yourwebsite.com and not get an error.
After you have confirmed that the installation of your SSL Certificate is complete, you can setup WordPress to accept SSL for pages. I recommend that you only setup SSL on pages that you need to have secured. Setting up your entire website in SSL will use up a lot more bandwidth on your server or host account which could slow down the performance of your website and potentially cost you more money.
You will need to install a WordPress Plugin that will manage SSL on a per page basis for you. The plugin that I chose to use is: WordPress SSL (https)
There are other plugins that you can use, but many of them do not secure the other “on page” items which result in your page not being completely secure. After you install this plugin, make sure to activate it. You will not see the SSL Option on your WordPress Pages until you complete the next step.
Once you install the plugin you will need to add a line of code to your wp-config.php file to allow WordPress to accept the SSL protocol.
Now that you have told WordPress that it is ok to allow SSL, the option will show up when you edit a WordPress Page. When you go to edit a page, the option you see in the below image will appear on the right hand side of the page. I had to scroll down a bit to see it.
Checking the Secure Post box will secure the page you are currently editing. Checking the Secure child posts box will secure any pages that are set as child pages to the post you are currently editing.
Once you check the appropriate box and update/save your page, you should have a secure page. You can test it by viewing that page.
If you seem to be getting an error, or the page is not showing up as secure, you can visit a website that will show you what insecure items may exist on your page.
Go to: http://www.whynopadlock.com and enter in the page that is suppose to be secure to test the page. It will show you any insecure items that are on the page so you can figure out how to secure them. The plugin that I gave you to use should do the trick, if you used another plugin, you may have problems. My first try at securing a WordPress Page was with a different plugin that did not secure other on-page items. This resulted in a lot of frustration until I was able to find a different plugin and try that.
I hope this post helps you get SSL setup and ready to secure a WordPress Page. I know that I went through the SSL Certificate Installation Process pretty quickly, but this post was not as much about the install process as it was showing you how to get a WordPress Page secure.