Setting up SSL on WP Engine

At Pragmatic, we use WP Engine for specialist WordPress hosting, and this post talks through the two ways of setting up SSL on your WP Engine-hosted site.

What is SSL and why should I use it?

When you’re running an eCommerce website, have sensitive information or just want a little added security you can add SSL to your site. SSL stands for Secure Socket Layer is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers. For some payment gateways like Stripe, it’s mandatory. Other times SSL is used to protect login credentials or user-submitted information.

What does SSL do?

SSL is a protocol that does two things:

  • Encrypts your data, which means no hacker can see what your browser sends to the server nor what the server sends to the browser.
  • Authenticates your website, which means it tells your browser “This website really is what it claims to be.”

HTTPS just means “HTTP with SSL.” Just as “HTTP://” means “this is a website,” seeing “HTTPS://” means “this is a website, and it’s using SSL to encrypt data and authenticate the website”.

So when you want a “secure website”, i.e. a website with HTTP, you’re saying you want to use the SSL protocol.

How to set up SSL for your WordPress site

There are two ways to set up SSL with WP Engine:

  1. Use your own SSL provider – gives you complete control, but costs more
  2. Use WP Engine’s SSL provision – an easy option

1. Using your own SSL provider

  1. Generate a CSR (Certificate Signing Request). Open a ticket with WP Engine, selecting SSL from the Topic list and include this information in the Description:
    • Site URL (also known as the Common Name) e.g. www.mysite.com
    • Organisation Name e.g. My Site Ltd
    • City Name e.g. Brighton
    • State / County e.g. Sussex
    • Country Name / Code e.g. GB
    • Email Address e.g. [email protected]
  2. Wait for the reply, you’ll be sent a block of text starting
    —–BEGIN CERTIFICATE REQUEST—– and ending
    —–END CERTIFICATE REQUEST—–
  3. Purchase a certificate. As part of the process, you’ll be asked for the CSR sent to you. There are hundreds of companies offering certificates ranging between £30 and £3000 depending on your needs and the level of certification you require. There is the option of an Extended Validation certificate (which makes the URL bar green and shows the company name). Some examples of SSL providers are:
  4. Once you’ve purchased your certificate and it’s been issued (which can take some time, especially for Extended Validation certificates), you’ll be presented a ZIP file to download.
  5. Go back to the WP Engine ticket, and reply, uploading the certificate files
  6. WP Engine takes care of the installation and configuring of the certificate, and will let you know once it’s done.

This process usually takes around two hours of billable time to complete, but it’ll take longer than that to actually get everything in place because of the time between opening a ticket and WP Engine replying, and any delay in getting the certificate generated and available to use. We’d be happy to take care of this for you for £140+VAT based on our standard rate is £70 + VAT per hour.

Get in touch if you would like us to set up an SSL certificate on your WordPress website for you.

2. Using WP Engine SSL

If that all sounds a bit daunting, WP Engine offers their own SSL certificate service for:

  • $49/year for a single domain
  • $199/year for a wildcard certificate (multiple domains)

(Prices correct at time of publishing).

You can read the full details from WP Engine here. If you want Pragmatic to coordinate this process for you, it’ll take us an hour to manage the process (£70+VAT).

Contact us if you’d like us to set up WP Engine’s own SSL certificate on your WordPress website for you.

Either way

There are a few steps they’ll help with to make sure your site serves pages that should be secure correctly, these include:

  • The login page
  • WordPress Admin pages
  • Pages that include forms that collect personal data
  • Any commerce checkout pages

Once these steps have been completed, your site will be capable of serving pages over a secure connection! Any questions? Give us a shout!

Get new blog posts by email!

  • Image credit
  • This field is for validation purposes and should be left unchanged.

2 responses to “Setting up SSL on WP Engine

  1. Have a question and or concern with WPengines set up for SSL. My understanding is that they do not add any redirects in htacess file. They do it at the server level i think. The redirects take place so that all your URLs now redirct to the https version.

    I thought Google recommends changing over ALL your files to https which is inside your code. Doesnt this have to be done in order for https to work correctly and not get any errors? If so I dont think simply them switching a button for automatic redirects is sufficient.

    What are your thoughts? I cant afford to screw up my site.

    1. Hi Brad, thanks for the comment.

      You only need to worry about changing any files if your site contains hard-coded links to resources using http:// – for example a stylesheet. Assuming that’s all done, you shouldn’t need to change files, just set your site and home URL settings to use https (and search/replace the whole DB just to be sure), then configure SSL in WP Engine.

      Let me know if that’s not enough info – WP Engine themselves will give you good support on this, or contact us if you want us to help.

Leave a Reply

Your email address will not be published. Required fields are marked *