How to Use SSL to Improve Website Security

How to Use SSL to Improve Website Security

When it comes to the improvement of website security, the utilization of SSL is the top option for the majority of webmasters. With it, you can establish an encrypted connection between your site and your readers. This simply makes sure that all the data and information transferred from the browsers of visitors to the server of your site are safe, preventing the possibilities to be stolen by some malicious hackers. Frankly, this special technology is pretty useful for some sites that require people to offer their personal information, login credentials and financial information.

Previously, we have come out a detailed SSL introduction that tells you what it is, what benefits it brings to you and what type of SSL you can choose. This time, we’d like to introduce how to use SSL to improve the overall security of your website.

Use the Free Shared SSL

It is possible that you may find the free SSL included into the feature list of your web host. Here, you have to note that this free offering is for the shared SSL, with which you cannot use your own domain to achieve the secure connection. In most cases, it looks like the temporary URL that uses the server hostname in conjunction with the control panel username.

If you sign up with BlueHost, for instance, the base URL looks like “https://host.BlueHost.com/~username”. The “host” represents the hostname of your web server, which can be found from the left-side stats column in your control panel. The “username” represents the username of your cPanel.

To use the shared SSL on your site, you simply need to log into your control panel and go to the “Redirects” section to add redirects with the following steps.

  • Choose Permanent (301) for Type.
  • Choose your domain name next to the “http://” section.
  • Enter your URL using the shared SSL next to the “redirects to” section.
  • Tick the boxes that allow the wide card redirection and allow the redirects with or without “www”.
  • Click the Add button.

Add Redirects

Now, if people visit your site, they are forced to access via the shared SSL.

Use the Private SSL

If you want to secure your site using your own domain, we highly recommend you to purchase a private SSL certificate. You can make the deal from the trustworthy SSL providers or some leading hosting providers. In the following, we have listed some great web hosts that offer the budget-friendly SSL.

Here, we have to mention that in order to have the private SSL installed for your website, you must have a dedicated IP address.

Install the SSL Certificate

If you purchase the certificate from your web host, in most cases, you can enjoy the automatic installation service. Again, we take BlueHost as an example.

To begin with, you need to enter your cPanel control panel and click the SSL certificate button in the navigation bar. Then, you can click the Order SSL Certificate button in the next screen. Do not forget to tick the checkbox for the required dedicated IP address if you do not have one.

Purchase SSL Certificate

That’s it! The rest installation practice will be handled by BlueHost, and you just need to wait a few hours for the international propagation.

However, if you want to use the third party SSL on your hosting account, you need to take some efforts. Firstly, you should enter your cPanel and press the SSL/TLS icon from the Security section.

SSL/TLS Section

Then, click the link below the Private Key section. In the next page, you simply need to choose the key size, offer the description of this key and click the Generate button. Note that the size of 2048 bits is recommended.

Private Key

Then, you need to go back to the SSL manager and generate the certificate signing requests. In this page, you are required to offer your private key, your domain name, the complete name of your country, state, city and company, your email address and the short CSR description. Then, press the Generate button.

Generate CSR

Now, you can purchase the SSL certificate and send your generate CSR to them. In exchange, they will give you the CRT file. To upload this file, you need to go to the SSL manager and click the link for Certificate (CRT). Here, you can either paste the body of the file or upload the “.crt” file received from your SSL provider.

Last, you should go back to the SSL manager page again and click the Manage SSL Sites link. In the next page, you are required to offer the CRT, Private Key and the Certificate Authority Bundle for the successful installation.

There is no need for you to copy and paste the required information. You just need to target your domain and click the Autofill by Domain button. All the rest things can be fetched automatically.

Autofill by Domain

Then, just click the Install Certificate button.

Install Certificate

Configure Your SSL Settings

If your site is built using WordPress, you can configure your SSL to have it work better for your site. Firstly, you need to enter the General Settings of your WordPress admin, and modify your Site URL and WordPress URL with the “https”.

General Settings for Site URL and WordPress URL

Next, you can install this plugin on your WordPress site, achieving the all-in-one solution for using the SSL certificate. Upon the installation, you need click the HTTPS button from the left-hand column of your dashboard and finish the general settings of this plugin.

Here, the SSL host is just your domain name and the Port number can be asked from your web host. Besides, you can choose whether to force SSL for your admin, whether to remove unsecured elements such as your plugins, whether to output the debug information and many more. After that, you need to save your plugin settings.

HTTPS General Settings

Also, if you do not want to force SSL for the entire site but for some specific posts or pages, you need to tick the check box for forcing SSL exclusively from the plugin general settings. Then, enter the editing screen of that special post and force SSL from the newly-added HTTPS box.

HTTPS Box