SSL certificates have traditionally cost a bit of money (around $10USD per year) and also added some overhead to your server. But nowadays, thanks to an initiative from the Electronic Frontier Foundation (EFF) which has created a free SSL certificate combined with the increased CPU power of server processors, almost anyone can have an SSL certificate, resulting in encrypted data flowing to and from your server. Increasing security for everyone.
But why would you add SSL certificates right in the beginning of a project? Well, especially if you are in the initial phases of interacting with potential customers, the potential for creating security flaws is high! Usernames, passwords and other sensitive information flow back and forth between your server and your application clients (website, app, extension, etc). This can be easily intercepted with basic hacking skills, but encrypt this flow of data and suddenly you have improved your security with a simple server configuration which takes only a few minutes to implement.
I have been using the WordPress REST API for a while and before I got my head around the oAuth2 authentication, I had to content myself with transmitting usernames and passwords unencrypted to and from my server to apps and extensions (not good!) but at least I was able to encrypt the data right from the beginning!
Get your FREE SSL certificate here:
First time around it was a bit of a hassle to set up the certificate for Learnivor.com, but it became much simpler by using services that do this automatically! Here are a few suggestions:
- Serverpilot installs for “free” the SSL certificate on your site / WordPress site if you have a paid account (starting at $10USD / month and includes monitoring tools, security packs among other things)
- WordPress HTTPS redirect plugin – makes it easy to turn https on and off (I had to fiddle with it a bit as I got a redirection loop).
- You can also purchase cheaply a paid certificate from Namecheap.com and other providers. If you want, Serverpilot makes it easy to add the SSL certificate to your site.
Now that I have used the above services a few times, I would probably not waste time doing it any other way. I spent way too much time trying to do it from scratch. That’s not the MVP spirit!
I have not yet setup https on mvpguy.com yet, so I will probably create a tutorial on how to do it here in the near future.