Tuesday, 12 September 2017


Installing SSL Certificates on the website is proven effective in minimizing the occurrence of hacker attacks that want to steal data because by installing this SSL Certificate your website becomes more secure and any information sent through the browser to the server has been encrypted so the information is not easy to read.

There are many ways to improve website security and this is important to do so that your website can be protected from irresponsible attacks that will harm you. Especially if your website serves as a tool to run business-related clients either eCommerce, online payment for goods and services or other types of online business.

In this article I will try to discuss how to install a free SSL Certificate in WordPress using Let's Encrypt to make your WordPress website more secure and free to purchase SSL license. Before going into the Let's Encrypt SSL Certificate discussion, I'll give you a few tips on how to secure your WordPress website and the difference between HTTP and HTTPS.


WordPress is constantly updated and developed by experienced developers around the world on a regular basis to ensure the platform remains secure and not behind, but even if it's already done by WordPress developers, you as a user also need to work to make sure your site stays safe. All this is done because the internet continues to grow, and the hackers still find new ways to hack the website, especially WordPress is a popular platform and many users then this is also used as the main target platform for hackers to always look for loopholes from WordPress weakness.
The first step for basic security that you need to apply in WordPress is to always change your WordPress username and password periodically with a strong password. The second step is that you should always keep your core WordPress core updates when WordPress gets updated and keeps updating the plugins and themes you use.

The third step is that you should always do regular backups when you want to make changes or will update. Although there is no update made the backup process, you should do on a scheduled basis to avoid problems occur in the future.

The fourth step is that you have to make a change to the default WordPress login URL to a unique URL, this is necessary because the default WordPress URL is already known to all WordPress users and hackers, since this gap is commonly used by hackers to launch brute force actions.

In addition to taking the basic steps listed above, you must enable encrypted communication between your site and your browser. Every time a user accesses your website, servers and browsers exchange the necessary information with each other.

You do not want outsiders to have access to that communication, but it should still be encrypted and used only by web browsers and servers. For that, you should make your site secure by installing an SSL Certificate.


HTTP stands for 'Hyper Text Transfer Protocol', and HTTPS stands for 'Hyper Text Transfer Protocol Secure.' HyperText is enriched Text, text that contains links, formats, and other elements. HyperText transfers through various channels across the network require a certain set of rules or protocols.

HTTP defines rules for data transfer between browser and server. When the security protocol is implemented on HTTP, it becomes HTTPS.

Online Banking, E-commerce website, Payment Gateway and many other sites that need to handle sensitive information should use HTTPS for encryption. HTTPS is required to safeguard the interests of customers and businesses. And HTTP on the other hand is used for data transmission between browser and server without encryption.

To get the HTTPS Domain name, you need an SSL certificate from a CA (Certificate Authority). You can use Let's Encrypt to get an SSL certificate and make your website secure for free.

Let's encrypt free ssl certificate
Let's Encrypt is a CA (Certificate Authority) that provides free certificates for TLS encryption through automated procedures. Many companies such as Google, Facebook, Cisco, Automattic, Mozilla have gathered to support Let's Encrypt to improve the overall level of security on the Internet. ISRG (Internet Security Research Group) defend it. The Automatic Certificate Management Environment (ACME) Environment enables you to install multiple certificates only command


Let's Encrypt gives you a free SSL certificate and you can use it for WordPress sites. And this is important for you to use while in free, in addition to your website more secure you will get benefits like visitors or your customers will feel more confident about the security of your site and will also have a positive impact on your search engine ranking.

Let's Encrypt is also easy to integrate, especially if you use hosting services like Bluehost, Hostgator, Siteground which let you to create SSL certificates with Let's Encrypt in their cPanel.

Steps to create a free SSL certificate using Let's Encrypt on hosted hosting Let's Encrypt.

Step 1. Login to your cPanel website.

Step 2. Go to the "Security" section and click the "Let's Encrypt" icon.
Let's Encrypt cPanel
Let's Encrypt cPanel
Step 3. Choose your Domain Name and the contents of other options such as email address if asked.
Select Domain Install SSL Certificate
Select Domain Install SSL Certificate

Step 4. Click Install or Add Now option.
Step 5. Save the certificate you have created. Because you will need it later.
If your web hosting does not offer a Let's Encrypt option in cPanel, you can contact Let's Encrypt directly, and they will guide you through this process. Of course this way will be more complicated than the steps above and can vary greatly between different hosting services.

Once you create an SSL certificate for your domain, you need to configure your website and load the certificate to work.

Step 1. Open cPanel from your site.

Step 2. Open File Manager or FTP.
 CPanel File Manager
CPanel File Manager

Step 3. Copy and paste the certificate file in the public_html folder on your site.
Copy Paste Certificates Public_html Install SSL Certificate
Copy Paste Certificates Public_html Install SSL Certificate

Step 4. Close FTP and return to the cPanel Dashboard and reenter the "Security" section and click on the "SSL / TLS Manager" icon.

SSL TLS Option Install SSL Certificate
SSL TLS Option Install SSL Certificate

Step 5. Click 'Install and Manage SSL for your site (HTTPS)'.
Manage SSL Install SSL Certificate
Manage SSL Install SSL Certificate

Step 6. Copy the code from cert.pem, private.pem, and chain.pem.
Step 7. And paste the code into each available box.
Enter Values ​​Install SSL Certificate
Enter Values ​​Install SSL Certificate

After the above process is complete, please save and your SSL encryption certificate should already be active on your site. For this process usually takes about ten to fifteen minutes.


After securing your website with an SSL certificate, you need to change your URL from the HTTP URL to the HTTPS URL from your WordPress Dashboard. Without changing the URL, the SSL certificate will not work, and your website will not be secure entirely.
Step 1. Login to your WordPress website Dashboard.
Step 2. Point the cursor to 'Settings' and click 'General'.
Step 3. Change your WordPress Address and Site Address from HTTP to HTTPS.
Step 4. Click the 'Save Changes' button.
After completing the steps above, your website has become an HTTPS website with an SSL certificate installed therein.

If you have a new website, then the process is complete, but if you already have a website that has many pages indexed in Google, it will cause some problems. Some pages of your site will be loaded using the HTTP protocol, and others will be loaded with HTTPS.  This can be very counterproductive to your search engine rankings. In addition, many backlinks that use HTTP will no longer work.

But you do not have to worry because there are some plugins like 'Really Simple SSL' that you can install, this plugin detects the SSL state on your site and configure it to run on HTTPS. All HTTP references will be automatically converted to HTTPS, and you will not lose any traffic.

If you use Google Analytics as an analysis of the traffic on your website, you also need to do this step to let you know that your site is now using the HTTPS URL in Google Analytics. And here's how to Update Analytics Settings for HTTPS.

Step 1. Login to your Analytics Account.
Step 2. Go to Admin menu.
Step 3. Open your website settings by clicking "Property Settings" under your domain name.
Step 4. Click Default URL and Select HTTPS from the drop down menu.
Google Analytics Select property
Step 5. Click "Save" button.

Now, Google analytics will provide you with the correct reports about analyzing your traffic after changing using HTTPS SSL Certificates.

see video related to this post, sourced from youtube.com

And that's the steps in installing a free SSL Certificate in WordPress with Let's Encrypt, hopefully this article useful and make your website more secure. good luck

3 komentar

sangat bermanfaat gan informasinya

Thx, finally i found to solve my problem

Thank you bro, this is the article I am looking for. :D