Are you wondering whether you should use the TLS or SSL security protocol in WordPress?
Installing a security certificate makes your website secure so that you can accept payments in your online store and protect your users. However, terms like SSL and TLS can confuse beginners.
In this article, we will talk about TLS vs. SSL certificates and show you which protocol you should use on your WordPress website.
What Are SSL/TLS Certificates? How Do They Work?
SSL stands for Secure Sockets Layer, and TLS stands for Transport Layer Security. They are both internet security protocols that you install on a website in the form of a certificate.
SSL/TLS certificates are like a security lock for your WordPress website. When a user visits your website, the security certificate will encrypt the data before sending it to the user’s browser. Similarly, they also allow the user’s browser to encrypt data before sending it back to your WordPress website.
All websites on the internet must use a security certificate. It allows you to securely accept payments online, protect passwords, and safely transfer personal data online.
Security certificates like SSL or TLS work with security keys. When data is transferred from your website to the user’s browser, it is locked behind encryption. In order to read the data, the user’s browser will need the security key to unlock it.
Similarly, when users send data back, they use the same security key to encrypt the data. Your WordPress website will then use its private key to decrypt the data.
Once you have installed a security certificate on your website, the beginning of your site’s address (URL) will change from http:// to https://.
This shows that you are now using the HTTPS (Secure HTTP) protocol to securely transfer information over the internet.
You will need to update the URL in your WordPress settings and set up redirects so that visitors will be taken to the correct URL when using an old link. You can learn how in our guide on how to properly move from HTTP to HTTPS.
What Is the Difference Between SSL and TLS Certificates?
SSL (Secure Sockets Layer) was the original technology behind security certificates used by websites. SSL certificates were first used in 1995.
Unfortunately, security flaws were found with the original SSL protocol that left it vulnerable to hackers. These vulnerabilities allowed hackers to intercept and modify data as it traveled between the website and the user’s browser.
Over the years, several improvements were made to SSL to make it more secure. Here is a quick timeline of the changes as security vulnerabilities were discovered:
- SSL 1.0 (unpublished) was never publicly released due to security issues.
- SSL 2.0 (1995) was deprecated in 2011 due to security issues.
- SSL 3.0 (1996) was deprecated in 2015 due to security issues.
- TLS 1.0 (1999) was deprecated in 2021 due to security issues.
- TLS 1.1 (2006) was deprecated in 2021 due to security issues.
- TLS 1.2 (2008) is still in use.
- TLS 1.3 (2018) is still in use.
The SSL protocol is no longer used, but the term SSL certificate stuck, and it is still commonly used as a synonym for TLS certificates.
To summarize, TLS is the evolved form of SSL certificates. Most websites on the internet use TLS certificates. However, they are still commonly referred to as SSL certificates.
How to Get an SSL Certificate for Your WordPress Website
There are a number of ways you can get an SSL certificate for your WordPress website. The price usually varies between $50-200/year. However, you may be able to get one for free.
The best option is to pick a WordPress hosting provider that includes a free SSL certificate with your hosting plan. That way, you can easily turn on your security certificate from your hosting dashboard.
Here are some of our recommendations for the best WordPress hosting providers that offer free SSL certificates:
If your hosting provider doesn’t offer a free SSL certificate, then you can get one for free with Let’s Encrypt.
If you prefer to buy an SSL certificate, then we recommend using Domain.com. They are one of the largest domain name registration services in the world, and they offer the best deal on SSL certificates.
They provide simple SSL certificate plans starting from $35.99/year, which come with a $10,000 security warranty along with the TrustLogo site seal.
After you have purchased the SSL certificate, you can ask your hosting provider to install it for you or follow our tutorial on how to properly move WordPress from HTTP to HTTPS.
FAQ: Frequently Asked Questions About SSL and TLS
At WPBeginner, our readers often ask us questions about SSL vs. TLS certificates. Here are the answers to the most commonly asked questions about these security protocols.
How are TLS and SSL different?
TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are encryption-based protocols used to secure communication over the internet.
While they serve the same purpose, TLS is the newer and more secure replacement for SSL.
Most modern browsers no longer support SSL, so if you want to make sure that your website is accessible to all users, then you should use TLS.
What is the latest version of TLS?
The latest version of TLS is TLS 1.3. It was released in 2018, and it is the most secure version of TLS to date. However, TLS 1.2 is still often used.
TLS 1.2 and 1.3 are supported by most modern browsers and devices.
Earlier versions should not be used due to known security issues.
How can I discover which version of SSL or TLS my website is running?
The easiest way to check which SSL or TLS protocol your website is using is with an online tool like the Qualys SSL Labs SSL Server Test.
Simply type in the website’s domain name and then click the ‘Submit’ button. The tool will show which versions are supported and also look for common SSL issues.
What should I do if my website is still using SSL?
If your website is still using SSL, then you should upgrade to TLS. You will also need to upgrade if you are using the older, less secure TLS versions 1.0 or 1.1.
Upgrading to TLS 1.2 and/or 1.3 will improve the security of your website and make it more accessible. Plus, this is a relatively simple process that can be done by your web hosting provider.
Expert Guides on SSL Certificates in WordPress
Now that you understand more about TLS and SSL, you may like to see some other articles related to SSL certificates in WordPress.
- How to Properly Move WordPress from HTTP to HTTPS (Beginner’s Guide)
- What is HTTP/2 and How to Enable It in WordPress?
- How to Get a Free SSL Certificate for Your WordPress Website (Beginner’s Guide)
- How to Add Free SSL in WordPress with Let’s Encrypt
- How to Fix Common SSL Issues in WordPress (Beginner’s Guide)
- How to Fix the Mixed Content Error in WordPress (Step by Step)
- How to Fix Your Connection is Not Private Error (Site Owners Guide)
- How to Fix Secure Connection Error in WordPress
We hope this tutorial helped you learn the difference between TLS vs. SSL certificates. You may also want to see our ultimate WordPress security guide or our expert pick for the best WordPress security plugins to further protect your website.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
Syed Balkhi says
Hey WPBeginner readers,
Did you know you can win exciting prizes by commenting on WPBeginner?
Every month, our top blog commenters will win HUGE rewards, including premium WordPress plugin licenses and cash prizes.
You can get more details about the contest from here.
Start sharing your thoughts below to stand a chance to win!
Moinuddin Waheed says
I have used SSL certificate for all my WordPress websites and I never knew that in fact I was using the TLS behind the scene.
secure socket layer what we have studied so far but as you have mentioned originally it was SSL and when vulnerability arose, with the successive improvements, it has evolved to TLS.
though the name we are using is SSL.
thank you for the clarification of both the terms.
WPBeginner Support says
You’re welcome, glad you found our post helpful
Admin
Jiří Vaněk says
Thank you for the article and explanation of the difference between SSL and TLS. I currently use CloudFlare services, which use TLS certificates. However, the certificate verification service mentioned in the article isn’t functional with Cloudflare, likely due to the proxy server. It’s not possible to perform the check with it. It continuously checks in a loop but doesn’t display the result.
WPBeginner Support says
Sadly for that inability to check you would want to reach out to CloudFlare and they would be able to assist.
Admin
Ralph says
This is the first time I even hear about TLS. Didn’t even know it exists!
I have free Lets Encrypt with my hosting. It works for 30 or 45 days i don’t remember but they auto renew it, so i never bother to do anything about it in years of blogging.
WPBeginner Support says
Unless we hear otherwise, they’re currently using TLS
Admin
Ram E. says
Thanks for this informative article. Question: when do you think it is best to upgrade to TLS when the SSL currently installed on your sites are working just fine and offerred free by your hosting provider? Is there any use case where you really need to make the switch?
WPBeginner Support says
We would recommend first checking with your hosting provider in case they are already using TLS and naming it SSL for your site and after that you could look to upgrade to TLS if they are using SSL. When possible it would be best to change over but that answer depends on the specific site.
Admin
Ram E. says
Got it, thank you.
Konrad says
Still calling it SSL
I can’t imagine any serious website operating without it. Thank you.
WPBeginner Support says
You’re welcome
Admin