Home Wordpress Add an SSL certificate to a WordPress website in 7 simple steps
Wordpress

Add an SSL certificate to a WordPress website in 7 simple steps

To add an SSL certificate to your WordPress website, you need to follow several steps. SSL (Secure Sockets Layer) ensures secure connections by encrypting the data between your visitors and your server. Here’s how to add it:

1. Purchase an SSL Certificate

You have a few options when acquiring an SSL certificate:

  • Get a Free SSL Certificate: Some hosting providers offer free SSL certificates through services like Let’s Encrypt. Check with your hosting provider to see if they offer this option.
  • Purchase an SSL Certificate: You can buy SSL certificates from various vendors like Comodo, GlobalSign, or SSL.com.

2. Install SSL Certificate on Your Hosting Server

The process of installing an SSL certificate depends on your hosting provider. Here’s a general process:

A. If Your Hosting Provider Offers Free SSL (e.g., Let’s Encrypt)

  • Log in to your hosting account (e.g., cPanel, Plesk).
  • Find the SSL/TLS section in your hosting control panel.
  • Choose the domain where you want to install the SSL.
  • Enable Let’s Encrypt SSL or any other free SSL option.

    B. If You Purchased an SSL Certificate

    Log in to your hosting account (e.g., cPanel).

    Go to the SSL/TLS section.

    Click on Manage SSL Sites or Install SSL.

    Upload your certificate files: You should have received the following from your SSL provider:

    • Certificate: (.crt file)
    • Private Key: (generated during the SSL request)
    • CA Bundle: (Optional)

    Complete the installation by following the instructions from your hosting provider.

      3. Configure WordPress to Use HTTPS

      Once the SSL certificate is installed on your hosting server, you’ll need to update WordPress to ensure it uses HTTPS for all links and pages.

      A. Update WordPress URL Settings

      Log in to your WordPress dashboard.

      Go to Settings > General.

      Update both the WordPress Address (URL) and Site Address (URL) from http:// to https://.

      Save the changes.

        B. Use a Plugin for SSL (Optional)

        If you want to avoid manually updating internal URLs and ensure all content is served over HTTPS, you can use a WordPress plugin. The most popular SSL plugins include:

        • Really Simple SSL:
        • Install the plugin from the WordPress plugin repository.
        • Activate the plugin.
        • It will automatically detect your SSL certificate and configure the settings.
        • WP Force SSL or similar plugins can also be used to force HTTPS on all pages.

        4. Force HTTPS (Redirect HTTP to HTTPS)

        To ensure that all visitors are automatically redirected to the secure version of your site, you need to add a redirect rule. This can be done either via a plugin or manually by modifying your .htaccess file.

        A. Modify .htaccess File (Apache Servers)

        Access your WordPress root directory (where .htaccess is located) using FTP or your hosting file manager.

        Add the following code to the top of your .htaccess file to redirect HTTP traffic to HTTPS:

          apacheCopy code<IfModule mod_rewrite.c>
          RewriteEngine On
          RewriteCond %{SERVER_PORT} 80
          RewriteRule ^(.*)$ https://yourdomain.com/$1 [R,L]
          </IfModule>
          

          Replace yourdomain.com with your actual domain name.

          B. Nginx Server

          If you’re using an Nginx server, add this code to your Nginx configuration file:

          nginxCopy codeserver {
              listen 80;
              server_name yourdomain.com www.yourdomain.com;
              return 301 https://yourdomain.com$request_uri;
          }
          

          5. Update Internal Links

          • Use the Better Search Replace plugin to update old http:// URLs in your content and database to https://.
          • You can also do this manually, but the plugin automates the process.

          6. Check for Mixed Content

          Sometimes, after installing SSL, some resources on your website (like images, scripts, etc.) might still load over HTTP. This is called “mixed content” and can cause your site not to display as fully secure.

          • Fix Mixed Content: You can use the Really Simple SSL plugin to automatically fix mixed content or inspect your site manually using browser developer tools to find and correct HTTP resources.

          7. Test Your SSL Installation

          • Use online tools like SSL Labs’ SSL Test (https://www.ssllabs.com/ssltest/) to verify the installation.
          • Ensure that your WordPress site is properly loading over HTTPS without any issues.

          Once these steps are complete, your WordPress website should be fully secured with an SSL certificate!

          Written by
          Igor Bujas

          I am a UI designer and front-end developer professional working mostly in the Shopify ecosystem. I've been working in the industry for so long that I was fixing bugs for IE5, and animating in Flash while it was still a Macromedia product. While not differentiating between the UI and the code, I am always looking to get outdoors for some alpine climbs or scuba dives. I also work as a Krav Maga instructor in Zagreb, Croatia.

          Leave a comment

          Related Articles

          Wordpress

          Display video on desktop, but display an image on mobile in Revolution Slider

          To display a video on desktop and an image on mobile using...

          Shopify for DevelopersShopify for EntrepreneursWordpress

          Shopify or WordPress?

          Choosing between Shopify and WordPress/WooCommerce depends on your specific needs, preferences, and...

          Wordpress

          MySQL said: Documentation #1046 – No database selected

          It happened to me, it happened to many of my colleagues through...

          4 proven ways to speed up your Shopify store.

            We respect your privacy. Unsubscribe at anytime.