An SSL certificate is a must for any website that wants to provide a secure user experience.
And since 2014, Google has used SSL as a ranking signal in its search algorithm.
If you want your WordPress site to get traffic from Google and keep your user’s data secure, you should install an SSL certificate.
Fortunately, installing an SSL certificate on WordPress has never been easier.
We have been in the online marketing business since 2009, installing hundreds of certificates on WordPress websites no matter what the hosting provider.
And in this post, we will share our step-by-step guide on how to do it.
Table Of Contents
- What Is an SSL Certificate?
- Why Do I Need an SSL Certificate?
- How to Install SSL Certificate WordPress?
- What Are the Different Types of SSL Certificates?
- What Type of Certificate Is Best for Your Website?
- Getting a Third-Party SSL Certificate
- Frequently Asked Questions (FAQs)
- How Do I Find My SSL Certificate in WordPress Site?
- What if Your Web Host Does Not Offer a Free SSL Certificate?
- How to Install SSL Without Cpanel?
- SSL Not Appearing on the Login and Admin Pages, What Should Be Done?
- How Should I Handle SSL When Changing Web Host?
- How Do You Know if a Website Has an SSL Certificate?
What Is an SSL Certificate?
SSL stands for Secure Sockets Layer, and it is a way to secure communications between a website and its visitors.
When you open a website in your browser, a lot of data is exchanged between your computer and the web server that hosts the website.
This data includes the pages you visit, your login information, your location, and any other form data you may enter on the site, such as your credit card information.
Without SSL, this data is sent in plain text, which means hackers can intercept and read it.
Obviously, we don’t want our sensitive data to fall into the wrong hands, which is why Secure Socket Layer Certificates are so necessary.
This means that even if someone were to intercept the data, they would not be able to get any useful information from it because it would all be scrambled.
Why Do I Need an SSL Certificate?
You need an SSL certificate for your WordPress site for many reasons.
- Most importantly, it will help to keep your site’s data secure, as mentioned previously.
- Certificates can help to improve your site’s search engine ranking.
- Google has stated that they give preference to sites that have certificates when ranking search results. So, if you want your site to rank higher in Google’s search results, then you need to have a certificate installed.
- Having a certificate will help to build trust with your site’s visitors and improve conversion rates.
- If you don’t have a certificate, then your site will show a “Not Secure” warning in the browser’s address bar. This can make visitors to your site feel uneasy, and it may make them less likely to trust your site with their personal information.
How to Install SSL Certificate WordPress?
Step 1: Activate the WordPress SSL Certificate
The SSL certificate generation process differs from one hosting provider to another, and it’s impossible to give a one-size-fits-all solution.
But we can provide you with instructions on installing SSL certificates with some of the most popular hosting providers on the market, such as WPX, SiteGround, Cloudways, and others.
- Log in to your WPX account
- Hover over My Services and Select WordPress Hosting
- Click on Manage service
- Click on Manage Websites from the left sidebar
- Click on SSL and select Install Free Certificate from the dropdown menu
- A pop-up window will appear. Click on Install to continue the installation.
- Once the installation is successful, you will see a message on the top right corner that says “Let’s Encrypt SSL certificate was installed for YourDomain.”
- Log in to your SiteGround Account
- Go to SSL Settings
- In the Install New SSL section, choose your domain, select the Let’s Encrypt SSL option from the dropdown menu, then click on GET
- Log in to your Bluehost Account
- Click on My Sites from the left sidebar
- Locate the domain name of the site you want to add an SSL certificate to and click Manage Sites
- Open the Security tab
- Toggle the SSL Certificate: Let’s Encrypt button On
- Log in to Cloudways
- Navigate to Applications
- Select the application you want to add the certificate to
- Go to the Application Management tab and click SSL certificate
- Select Let’s Encrypt, provide your email address and domain name, then click Install Certificate
Every Hostgator account comes with a preinstalled SSL certificate.
All you need is to connect your domain name to your hosting account and the certificate will be automatically activated.
If you have a Managed WordPress web hosting account with GoDaddy, then your SSL certificate will be installed automatically.
If you aren’t using WordPress-specific hosting, then your website is probably hosted on a server that uses cPanel.
In this case, you can install an SSL certificate using cPanel’s SSL/TLS Manager.
- Download the SSL certificate
- Log in to your host account
- Go to cPanel, navigate to SSL/TLS, then click Generate, view, upload, or delete SSL certificates or SSL Certificate Signing Requests based on your cPanel version
- Upload you certificate
- Go back to the SSL/TLS page, click Manage SSL Sites, then select Browse Certificate
- Select the certificate you installed, then click on Use Certificate
- Click Install Certificate
Step 2: Force HTTP to HTTPS Redirection
In the previous step, we activated the free SSL certificate, but we didn’t force WordPress to use the SSL version of our site just yet.
Right now, your website has 2 versions:
- The old HTTP version. http//diggitymarketing.com
- The secure HTTPS version. https://diggitymarketing.com
What we need to do is redirect all traffic from the old version of our site to the new one.
This means that if someone tried to access the old, unsecured version of your website (HTTP), they would be automatically redirected to the new, secure one (HTTPS.)
In other words, we need to tell WordPress to use the SSL version of our site by default.
There are a few ways to do this, but using the Really Simple SSL Plugin is the easiest and fastest one.
It’s really easy to use, and it doesn’t require any technical knowledge.
Here is how to use it:
- Log in to your WordPress Dashboard
- Go to Plugins and click Add New
- Search for Really Simple SSL
- Click Install
- Wait till the installation is done, then click Activate
- Once the plugin is activated, click on Settings
- Click on Go ahead and activate SSL!
- That’s it! All the traffic to your website will now be redirected to the HTTPS version.
Step 3: Fix Mixed Content Warnings
This rarely happens, but in some cases, you might see a mixed content warning after installing an SSL certificate.
Mixed content errors happen when your website tries to load both secure (HTTPS) and unsecure (HTTP) content at the same time.
For example, the old page was loading its content from the HTTP URL but when you installed the certificate, you forced all URLs to be HTTPS.
If the certificate isn’t installed properly, the page will try to load content from both versions (HTTPS and HTTP) and that’s when you see the mixed content warning.
Luckily, fixing mixed content warnings is pretty easy.
All you need to do is to:
- Download and activate the SSL Insecure Content Fixer plugin
- After activation, navigate to SSL Insecure Content in your WordPress Dashboard
- Select the level of fixing you want the plugin to do. It’s recommended to start with Simple and if it didn’t work, try Content, Widgets, etc.
You can also use the Better Search Replace plugin.
After activation, navigate to the plugin settings, type in your HTTP domain in the Search for field and your HTTPS domain in the Replace with field, then click Run Search/Replace.
Step 4: Update Your Sitemap at Google Search Console
Search engines treat the HTTPS version of your website as a completely different site, so you need to submit the new sitemap to Google.
If you don’t, Google will continue to index your old pages and you might lose your rankings.
To update your sitemap, follow these steps:
- Generate a new sitemap
- Log in to your Google Search Console account
- Click on Sitemaps from the left sidebar
- Paste in the URL of your sitemap
- Click Submit
Step 5: Update Your Google Analytics (Optional)
If you have Google Analytics installed on your website, it will be pointed to the previous (unsecure) version of your website.
To fix that, you need to update the Default URL in your Google Analytics settings.
Here is how to do that:
- Log in to your Google Analytics account
- Click on Admin from the left sidebar
- Go to Property Settings
- Paste the HTTPS version of your website in the Default URL field
- Click Save
What Are the Different Types of SSL Certificates?
Secure Socket Layer Certificates can be broadly classified based on the level of validation required to issue and the number of websites or domains they can secure.
SSL Certificates Based on Validation
1. Domain Validation (DV)
Domain Validation (DV) certificates are the most common type of SSL certificate.
They are typically used for personal websites, blogs, and small businesses that don’t handle sensitive information.
Obtaining a DV certificate usually only takes a few minutes as you only need to prove your ownership of the domain.
You can do this by receiving an email at an address associated with the domain or by adding a DNS record.
Once you have proven your domain ownership, you will be able to generate the certificate.
2. Organization Validation (OV)
Organization Validation (OV) certificates are more expensive than DV certificates, but they offer a higher level of website security.
An OV certificate verifies the authenticity of the organization that owns the website and also confirms that the company has been vetted by a third party.
This process usually takes about 2 days as the CA will need to verify the organization’s identity and conduct background checks.
However, once the certificate is issued, it will offer users a higher level of trust.
3. Extended Validation (OV)
An EV certificate not only verifies the organization’s authenticity but also requires a thorough vetting process.
This includes confirming the organization’s legal existence, verifying its physical address, and conducting background checks on its principals.
The EV certificate issuance process usually takes a week as the CA needs to complete all the necessary checks.
Once the certificate is issued, it will offer users the highest level of trust as they can be confident that they are dealing with a legitimate organization.
SSL Certificates Based on the Number of Websites
1. Single Domain SSL Certificate
From its name, you can probably guess that a single-domain SSL certificate can only be used for one website.
This is the most basic type of certificate and it is usually enough for most small businesses and personal websites.
2. Wildcard SSL Certificate
A wildcard certificate can be used to secure multiple subdomains of a single domain.
For example, if you have a website with the domain name example.com, you can use a wildcard certificate to secure subdomains such as blog.example.com and shop.example.com.
3. Multidomain SSL Certificate
Also known as a SAN certificate, a multidomain certificate can be used to secure multiple domains.
This is a great option for businesses that have multiple websites as it offers a cost-effective way to secure all of them with a single certificate.
What Type of Certificate Is Best for Your Website?
Now that you know the different types of SSL, how do you choose the right one for your website?
The answer to this question depends on a few factors:
- The type of website you have
- The level of security you need
- The number of websites you need to secure
A DV certificate should be enough if you have a personal or a small business website that doesn’t handle sensitive information.
An OV or EV certificate would be a better option if you have an eCommerce website or a website that deals with sensitive information.
If you have multiple websites, you can either choose to buy a separate certificate for each one or go with a multidomain certificate.
The choice ultimately comes down to your budget and your security needs.
Getting a Third-Party SSL Certificate
If your web host doesn’t offer SSL certificates, you can always also get one from a third-party provider.
Here are a few ways to do that:
Cloudflare is a free content delivery network (CDN) that also offers free Secure Socket Layer certificates.
Here is how to get your free certificate:
- Go to Cloudflare
- Create an account
- Choose the free plan
- Connect your website to Cloudflare. This can be done by updating the DNS records in your domain name registrar account
- After updating the nameservers, switch back to Cloudflare and click continue
- That’s it! Your free certificate should be working within 24 hours.
2. Let’s Encrypt
Let’s Encrypt is a free, automated, and open certificate authority (CA).
It offers free SSL/TLS certificates that are just as secure as paid certificates.
Here is how to get your free certificate from Let’s Encrypt:
- Go to Let’s Encrypt
- Click the Get Started button
- Follow the instructions to generate your free certificate
- After generating the certificate, you will need to install it on your web server.
- If you have shell (SSH) access, it’s recommended to install the certificate using the Certbot ACME client, as it can automatically update the certificate without you having to lift a finger. Just follow the instructions to install your certificate.
Most of the time, you don’t need to do any of that, almost 90% of hosting providers have Let’s Encrypt certificates built-in these days.
Just go to the Certbot host providers list and check if your provider is on the list.
If they are, just follow the instructions to enable Let’s Encrypt for your domain name.
3. Trusted Certificate Authorities (CAs)
The 2 methods mentioned above are the best way to get a free domain validation level SSL certificate but if you want a higher level of security (organization validation or extended validation), you will need to buy one from a trusted ssl provider.
Some of the most popular Certificate Authorities include:
Frequently Asked Questions (FAQs)
How Do I Find My SSL Certificate in WordPress Site?
Your SSL certificate information won’t be visible in your WordPress dashboard. To find your certificate information, you will need to log in to your hosting account and go to the SSL/TLS Manager.
From there, you will be able to view your certificate’s expiration date, issuing authority, and other important information.
What if Your Web Host Does Not Offer a Free SSL Certificate?
If your web host does not offer an SSL certificate, you can still purchase a third-party certificate or one from Let’s Encrypt.
How to Install SSL Without Cpanel?
If your hosting account does not have cPanel, you will need to install your SSL certificate manually.
This can be done by editing your website’s .htaccess file.
SSL Not Appearing on the Login and Admin Pages, What Should Be Done?
If your SSL certificate is not appearing on your login and admin pages, you will need to force HTTPS address direction.
How Should I Handle SSL When Changing Web Host?
After migrating your website to the new web host, you will need to reinstall your SSL certificate.
You can usually do this from your hosting account’s SSL/TLS Manager.
How Do You Know if a Website Has an SSL Certificate?
You can usually tell if a website has an SSL certificate by looking at the URL.
If the website is using a secure connection, the URL will start with “HTTPS” instead of “HTTPS.”
You can also look for a lock icon next to the URL.
Installing an SSL certificate on your WordPress website is a fairly simple process.
All you need is to choose the right certificate for your needs and then follow the instructions provided by your hosting provider.
With that being said, it will save you a lot of trouble if you choose a hosting provider that offers free certificates.
For that, we recommend Siteground, they offer free SSL certificates with every hosting plan, and their prices are very reasonable.