How to Install SSL Certificate On WordPress

You are looking to install an SSL certificate on your WordPress site? Then you are in the right place!

SSL certificates are of utmost importance for SEO and security. It protects your website data and make your visitors feeling safe. If you don’t have one, Google will show your website as “Not Secure” and this will have a negative impact on your site ranking.

In this article, you will learn how to add an SSL to a WordPress site. It is completely free and does not require expertise in programming.

Let’s get started!

What is SSL?

SSL stands for Secure Sockets Layer. The protocol ensures that data is transferred securely between a browser and a website.

Every time an internet user visits a website, they transfer information. Such information might be sensitive:payment details, credit card info, and login credentials, etc.

By using the normal HTTP protocol, you open yourself up to hackers stealing your information. HTTPS or SSL will help you to fix this issue.

The URL of your website will also be surrounded by a reassuring lock once SSL has been installed. This allows your visitors to know that the data they will be submitting to your website are somehow safe.

SSL certificate exemple

So there is no doubt, you need to install a SSL certificate on your WordPress site. SSL certificates are mandatory if you operate WooCommerce website, a membership site, or have a login system.

SSL Certificates: How Do They Work?

SSL uses public key cryptography to encrypt data. To send secure data between two systems, public key cryptography uses two keys – a private key and a public key. Encoding and decoding secure data require these two keys.

Using public key cryptography is like using a padlock. The public key is the padlock itself, and the private key is the combination. The server makes the padlock available to anyone to protect their data.

Nevertheless, the padlock cannot be opened without the server’s combination – which only the server knows.

Here’s how SSL functions:

  1. The user connects to a website, that is SSL-enabled.
  2. As part of the exchange, the user’s application requests the public key of the server. By using this public key exchange, both parties can encrypt messages that can only be read by the other party.
  3. The application encrypts the user’s message with the server’s public key when it sends it to the server.
  4. As soon as the server receives the message it decrypts it using its private key. 

Installing the SSL Certificate on Your WordPress Site

WordPress SSL certificates can be installed relatively easily. It does not require much coding on your part. With only a few clicks and the right plugin, you can provide visitors with secure pages.

Getting the SSL Certificate

First and foremost, make sure you don’t already have a SSL certificate available with your hosting plan. Most WordPress hosting companies offer free SSL certificate with their hosting plans.

If you don’t have one, you can obtain a SSL certificate for free with Let’s Encrypt. Founded in 2012, Let’s Encrypt is a nonprofit certificate authority that provides Transport Layer Security certificates at no charge.

If you struggle with Let’s Encrypt, just shoot a message for your hosting provider support to ask them to install Let’s encrypt for you.

If you are looking for a premium alternative, WP Force SSL is the finest paid plugin out there; it also comes in a free version, but the PRO version contains more than 14 SSL checks and other features. It makes it easy for people to switch from insecure HTTP to secure HTTPS and fix SSL problems.

WP Force SSL

The plugin includes an SSL certificate validation tool that checks whether the SSL certificate is genuine, fully installed, and up to date.

Installing the SSL Certificate with Really Simple SSL Plugin

For an easy SSL transition, this plugin is ideal. Firstly, you need to install and activate Really Simple SSL. No extra configuration is required.

When you activate the plugin, it will check whether your SSL certificate has been enabled. Afterwards, it will enable HTTP to HTTPS redirect and set your website’s settings to use SSL/HTTP.

To make the most of your SSL certificate, you need to redirect your URLs from HTTP to HTTPS. Hopefully, Real Simple SSL will fixe your URLs automatically when the page loads through the plugin.

The Really Simple SSL plugin makes it easy to set up free SSL certificates in WordPress. If you are a beginner, you should stick to this.

However, it catches non-secure URLs before the page loads, resulting in increased loading times. Therefore, advanced users who are concerned about WordPress speed might choose to redirect HTTP to HTTPS manually.

Manually Redirecting URLs from HTTP to HTTPS

Add these rules to your .htaccess file if you want to force your entire website to use https, but without using a plugin:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$$1 [R,L]

Simply replace with your actual domain name.

Then go to your WordPress admin area >> Settings >> General.

url structure wordpress

Make sure you use the same URLs with HTTPS for both you WordPress Address and site Address.

SSL Certificate And WordPress: Final Thoughts

A number of tutorials are available online to add SSL to your website, but each seems to cover a different process, so it is easy to get overwhelmed. The truth is, many of the instructions are outdated and will end up wasting a lot of your time. 

The process of installing an SSL certificate is not complicated. There was a time when it was true, but no longer thanks to Let’s Encrypt and Really Easy SSL plugin.