![\"The](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2015\/01\/IETF_Logo-320px-312x166.png\"){kind=logo}
SSL was later revised and released for the first time as version 3.0 in 1996, but contained vulnerabilities. It was officially taken over by the Internet Engineering Task Force (IETF) in 1999 and was vastly improved.<\/p>\n
At this point, SSL was renamed to TLS (Transport Layer Security), but it’s still widely referred to as SSL or TLS \/ SSL. Its purpose remains the same to this day and the technology has become the standard for website security.<\/p>\n
When Should You Use SSL?<\/h2>\n
Last year Google announced giving search ranking boosts<\/a> to sites using SSL. Over time the search engine plans to increase this\u00a0boost, but in the meantime you’ll only see about a 1% increase, giving everyone a chance to switch over.<\/p>\n Other than that, if your site requires users to log in or provide personal information such as their name, address, credit card details\u00a0and the like, you need SSL protection. Without it, your user’s information can be easily compromised.<\/p>\n SSL works by encrypting information passed between a site’s server to the browser rather than having it remain viewable in plain-text, meaning text would be arranged in a seemingly random string of illegible\u00a0letters and numbers rather than in human-readable words.<\/p>\n To create a secure SSL connection on a website, the site’s owner needs to get an SSL certificate from an issuing company, referred to as a Certificate Authority. Once the service is purchased, the website and company details are given to the authority such as their name, address and phone number.<\/p>\n In turn, the site owner receives a public and private key. The private key shouldn’t be shared with anyone \u2013 much like a password \u2013 but the public key doesn’t have to remain perfectly hidden.<\/p>\n They are a string of cryptic letters and numbers that distinctly fit together mathematically\u00a0\u2013 like a matching key and lock! They are created by a Secure Hash Algorithm.<\/p>\n The public key is then submitted with your previously entered information to the authority in a file called a Certificate Signing Request.<\/p>\n The authority verifies the information to make sure it’s accurate \u2013 and that you’re not a scammer or hacker\u00a0\u2013 and if everything checks out, the SSL certificate is signed with an SHA.<\/p>\n The actual SSL certificate is then issued. This is the stage where a website is now able to use an SSL-encrypted connection.<\/p>\n When a user visits a protected site, the site’s server matches its SSL certificate with the private key and when it fits together, an encrypted link between the site and its server, and the user and their browser, is created.<\/p>\n The prefix https<\/em> will appear in front of a URL rather than the default http<\/em>. You will also notice a green padlock appear in the address field of your browser.<\/p>\n If a site has chosen to purchase an Extended Validation SSL Certificate, your address bar will be entirely green or will have the company’s name with a green background appear before the URL.<\/p>\n Extended Validation Certificates typically offer more security and are issued once the company has gone through and passed a more thorough application process. They are asked to provide proof of their physical address and legal operation on top of the standard requirements.<\/p>\n If an SSL certificate has expired, is self-signed or becomes invalid, the padlock turns red and sometimes has a line through it as well.<\/p>\n When the certificate has expired, the site owner simply needs to renew their SSL through their authority and the encryption will be renewed. It’s best not to let them expire at all to keep the security of your site seamless.<\/p>\n You are using a self-signed certificate if you applied for and issued your own SSL certificate and you did not go through a Certificate Authority for them to validate you or your certificate.<\/p>\n Most browsers only trust SSL certificates handed out by trusted Certificate Authorities and will display a warning for all sites using a self-signed certificate.\u00a0If you have purchased an SSL certificate from a company that is not a high ranking Certificate Authority, your site may still be recognized as using a self-signed certificate.<\/p>\n An SSL certificate may\u00a0become invalid for many other reasons, such as if the SHA encryption is outdated.<\/p>\n Hashing is the conversion of a lot of information written as characters into a shorter size often referred to as a key and it is done through a\u00a0set of mathematical rules that are applied. As technology advances, stronger hashing is necessary to keep security strong.<\/p>\n SHA0 is no longer used and SHA1 is being phased out by many browsers including Internet Explorer. Chrome will begin to issue warnings starting January 1, 2016 for sites who still use SHA1. The current standard for encryption is SHA2 which will eventually also be phased out in favor of SHA3.<\/p>\n An SSL certificate can also appear to be invalid if the browser cannot verify it with the authority. This can happen if the domain name of the certificate does not match the actual site which is using it.<\/p>\n The best way to resolve these issues is to update your SSL certificate with your authority and follow their instructions.<\/p>\n If a yellow padlock appears with a mini yield sign, the likely cause is\u00a0links in your site still refer to an unsecured page. Make sure that all your images, menu items and links use https<\/em> in the URL.<\/p>\n To easily find the source of an invalid certificate you can use the free tool Why No Padlock<\/a>. It instantly\u00a0informs\u00a0you of\u00a0the specific problem including invalid images and scripts.<\/p>\n Once you have your SSL certificate ready to go you can use it with your WordPress site.<\/p>\n Don’t forget to backup your entire site before you make any changes to prevent you from losing everything if something goes wrong. Once that’s done you can continue.<\/p>\n To set up SSL in both a single or Multisite install, first edit your wp-config.php<\/em> file and add the following line of code. It will force both<\/em> logins and access to the WordPress admin area to use SSL:<\/p>\nHow Does SSL Work?<\/h2>\n
![\"Some](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2015\/01\/ssl-registration-enter-details-700x200.png\")
![\"A](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2015\/01\/public-key-in-whm-700x104.png\")
What Does an SSL Protected Site Look Like?<\/h2>\n
![\"SSL](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2015\/01\/https-and-green-padlock-in-chrome-700x104.png\")
![\"EV](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2015\/01\/ev-ssl-certificate-in-safari-700x104.png\")
When SSL Stops Working<\/h2>\n
![\"An](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2015\/01\/untrusted-ssl-certificate-on-site-700x200.png\")
![\"A](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2015\/01\/ssl-certificate-expired-700x314.png\")
![\"A](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2015\/01\/insecure-ssl-certificate-on-site--700x104.png\")
Using SSL with WordPress<\/h2>\n