I was looking around for a different web hosting company, and decided to give SiteGround a try, because they seem to have a good quality service at a reasonable price.
I signed up for their GrowBig hosting plan that allows you to host multiple domains/sites on one account, and also fully supports the Let's Encrypt free SSL service
Google are keen for the whole of the web to be encrypted. They announced a few years ago that they started to boost web pages in their search results that are hosted on secure sites, and also that later this year the Chrome browser will highlight "Not Secure" web sites.
I had already played around with installing an SSL certificate for my richardbloomfield.com site, but SSL certs can be expensive to buy and maintain, and my old host would only allow me to install one cert on my shared hosting account – so I could only secure one of my domains.
To perform the migration of my WordPress blog between hosts, I followed the instructions on this page:
How to Move WordPress to a New Host or Server With No Downtime
It uses a plugin called Duplicator that does all the heavy lifting of creating a complete backup of your existing site – including the WordPress database (that stores all your posts, pages, comments, and settings), and all the WordPress files (the WordPress software itself plus any themes and plugins you've installed).
The blog installed without any problems on my new hosting account, and I was left with an exact copy of my old WordPress installation.
Then all that was left was to log into the SiteGround control panel and enable the Let's Encrypt SSL for that domain with a couple of clicks, and I was all set.
I also installed the SG Optimizer plugin that allows me to make use of the SiteGround dynamic web cache (which really speeds up my web site) and allows for a one-click option to force all blog traffic over the HTTPS secure connection.
Inspired by a blog post I was reading recently, I started having a play around with an SSL cert.
An SSL cert is what enables a website to encrypt the traffic to and from the end user. This improves security and trust, and I’ve read that it also improves your search rank in Google. The most notable difference to a web site visitor is that the URL of the site changes from http:// to https:// and a little padlock symbol is displayed next to the URL in the address bar.
Some SSL certs can be really expensive to buy. The ones from my own hosting provider range from €30 to €700 a year, depending on the type of cert you want. However by shopping around a bit on the web, I came across SSLs.com who sell certs from as low as $5 a year!
Buying the cert is the easy bit. Configuring it and installing it is a bit more tricky, and I couldn’t find any easy instructions online.
- First of all you need to generate a CSR (Certificate Signing Request). When generated it looks like a really long string of random letters and numbers. Often you need to ask your web host to create the CSR for you, but I found this tool from SSL Store to generate mine. Make sure you keep the CSR and Private Key safe!
- Back at SSLS.com you then need to activate your SSL cert – and you will be prompted to enter the CSR. Copy and paste the full value into the box provided. The SSL cert will then be generated and emailed to you in a ZIP file.
- I installed the supplied SSL cert myself using my web host’s control panel. Make sure you install all the certs provided, together with the Private Key you supplied earlier. In the ZIP file you’ll find your domain cert and three CA certs. Install them all.
The cert should now work for your domain, and you should be able to view your site securely using https at the start of the domain.
For my WordPress site, I also installed the WP Force SSL plugin to automatically redirect non-secure traffic to the secure domain.
Anyway, so it all works, and my richardbloomfield.com site is now encrypted and secure!