Having an SSL (Secure Socket Layer) certificate is crucial for website security. Non-secure websites are dangerous because hackers can gain access to the site and to user’s information. Because of this, Google marks any website without an SSL certificate as not secure. This can result in visitors avoiding your website or your website getting blocked by browsers. Fortunately, it isn’t that difficult to install an SSL certificate. In this article, we’ll step you through how to install an SSL certificate on your WordPress website.
Why You Need an SSL Certificate
Without HTTPS, hackers can intercept the connection between a server and a browser. This means hackers can access your data including anything you provide within a form such as credit card information.
SSL is also important for sites that do not collect money or include forms such as blogs, brochures, or information sites.
Being marked as not secure will leave visitors with a bad impression of your site and business.
An SSL certificate secures the connection between servers and browsers, taking your site from the non-secure HTTP to the secure HTTPS.
HTTPS is better for SEO because Google prefers secure websites.
Regardless of what type of website you have, your site needs an SSL certificate.
Where to Get SSL Certificates
There are a few ways to get an SSL certificate for your WordPress website. If you have subdomains, then you’ll need a wildcard certificate. Otherwise, you just need a standard certificate.
Many hosting companies provide SSL certificates. Some are free while others charge for them.
You can purchase SSL certificates from third-party providers.
You can also get free certificates to use on your website. Some only work for three months and then you’ll need to reapply for the certificate. Here’s a list of the most popular free SSL certificates that anyone can use:
Both provide free SLL certificates for personal and commercial use and they include both standard and wild card certificates.
How to Install an SSL Certificate on Your WordPress Website
Once you have your SSL certificate, you’ll need to install it on your server and then activate HTTPS on your WordPress website.
Installing an SSL Certificate on your Server
Before you can convert your WordPress website to HTTPS, you’ll need to install your SSL certificate on your server. This is done by enabling the host’s SSL certificate, or by copying and pasting the files within fields in the cPanel.
Certificates have several components:
- Certificate (CRT)
- Private Key (KEY)
- Certificate Authority Bundle (CABUNDLE)
Each of the components must be pasted into their fields individually. You can also ask your host for assistance as some may install it for you.
Here’s a look at how to install the SSL certificate manually. In your server’s cPanel, go to the section for security and click on SSL. Your cPanel might look slightly different, but it should work the same way.
Select to install SSL. In my example, the option is Manage SSL sites under Install and Manage SSL for your site (HTTPS).
In this example, my host provides free SSL, so it’s available to me as an autofill. I can also paste in the certificate components manually if I’ve gotten the SSL certificate from a third-party provider. You’ll need to include both your domain and the www subdomain if you get a third-party SSL certificate. Free certificates are usually provided as individual files that you simply copy and paste into these fields.
Once you’ve pasted in your keys, click Install Certificate. Your server now has SSL available for your WordPress website to connect to.
Enable HTTPS on your WordPress Website with a Plugin
Once you’ve activated your SSL certificate for your domain, you’ll need to change your website from HTTP to HTTPS for all of your URLs and files. The easiest method is to use a plugin that makes the changes for you as they also handle the 301 redirects and mixed content, taking a lot of time and pain out of the process.
Really Simple SSL
There are several good plugins to use SSL with WordPress. Really Simple SSL is the most popular by far, with over 3 million active installs. Once you’ve gotten your certificate, Really Simple SSL automatically detects your certificate and handles the move to HTTPS for you. You don’t have to do anything else for basic SSL.
Once the plugin is activated, it will provide some information and ask to activate SSL. Be sure to make a backup of your website first. Once you activate the plugin your site will automatically become an HTTPS domain.
Your certificate will be detected and enabled automatically. The site is now on HTTPS with no changes required. It does have a few features that require the premium edition, but the free version will handle the SSL, set your WordPress installation to use HTTPS, fix mixed content, and handle the 301 redirects from HTTP to HTTPS.
If you’re using them (and you should), you’ll also need to change the settings in Google Analytics and Webmaster tools to target HTTPS. This will be done within your Google account.
The Settings tab includes a few other features you can enable. I recommend leaving these settings at their defaults and only use them if the default settings don’t work for you.
The plugin replaces content as the page is loading. This could have a negative impact on your site’s loading speed. The impact is small, so it’s well worth using this plugin. We recommend using a caching plugin, such as Divi Rocket, to minimize any speed impact. It’s tempting to simply deactivate the plugin, but if you deactivate the plugin as normal, your site will revert back to HTTP.
Deactivating Really Simple SSL
Fortunately, there is a way to deactivate the plugin and retain SSL. In the dashboard menu, go to Settings > SSL Settings. Scroll to the bottom of the page and click Deactivate Plugin and keep SSL.
It’s still possible, but not guaranteed, to have mixed content errors, and 301 and JS redirect will stop working. I recommend keeping Really Simple SSL active and using Divi Rocket to help with any negative impact the plugin might have.
That’s our look at how to install an SSL certificate on your WordPress website. A plugin is the easiest way to handle the SSL certificate on your WordPress website, but you still need to get your certificate from your host or a third-party supplier and have it activated on your server. Many hosts provide free SSL certificates and there are several options if you need a free certificate.
It does take a few steps for both your server and your website, but it isn’t difficult to do and it’s well worth the effort. Not only is your website more secure for your visitors, which in turn looks more professional and builds confidence in your website, but it will also get a better search engine ranking.
Have you installed an SSL certificate on your WordPress website? Let us know about your experience in the comments.