Time and time again, you’ve heard how vital SSL can be for your website’s security, but when it comes to explaining exactly how to install an SSL certificate on WordPress, that’s the information that nobody seems so quick to volunteer.
If that sounds like a familiar problem, don’t worry, I get it.
In fact, I’ve been guilty of it myself.
If you’ve read my recent WordPress web hosting reviews of platforms like WPX Hosting and Cloudways, you’ll have seen me talk at great length about why SSL certificates are absolutely vital for maintaining a safe and successful website, without actually telling you how to add one to your site.
Today, I’m correcting that.
Below, I’ll talk you step-by-step through the entire process of adding an SSL certificate to your website in a way that’s so easy that even an absolute beginner could handle it without any problems.
What is an SSL Certificate, and Why Do I Need to Install One?
An SSL certificate is a digital certificate that enables encryptions between your website and a user’s browser.
Why does this matter?
Because the ability to encrypt any data that your users enter into your site (contact details, credit card information, etc.) ensures that should your website somehow become compromised, hackers won’t be able to steal that data and make use of it.
Given that the consequences of having your user’s data stolen from you can range from -at best- having your reputation seriously damaged to -at worse- paying hefty fines if the breach falls foul of data privacy laws, installing an SSL certificate can prove to be one of the best moves you make for your website.
With that being said, let me show you how it’s done.
How to Install SSL Certificate on WordPress: A Complete Step-By-Step Guide
1. Choose an SSL Certificate
If you’re signed up with just about any one of the top WordPress web hosting companies, you should already have an SSL certificate included as part of your package.
If you don’t, but you signed up with a leading domain registrar, you may also have been given a free SSL certificate when you purchased your domain name.
If not, don’t worry about it.
Let’s Encrypt is a non-profit organization that makes it possible for anyone and everyone to have an SSL certificate installed on their website for free.
In service offering the best part is that Let’s Encrypt is supported by a veritable Who’s Who of the top web hosting companies, ranging from the major name brands like iPage, Hostgator, and Dreamhost to independent companies such as Cloudways and one of my personal favorites, Kinsta Web Hosting.
This means that if you’ve signed up with any one of the 205 web hosting companies that offer Let’s Encrypt support, then all of the hard work involved in setting up an SSL certificate has already been done for you and all you need to do is activate it within your hosting company’s control panel.
2. Visit Your Hosting Company
The truth is that many major hosting companies handle SSL certificates in different ways.
As such, I’ll talk you through the process for some of my favorite hosting companies, including:
- WPX Hosting.
How to Install a Free SSL Certificate on Kinsta
If you chose Kinsta as your hosting company, the good news is that your free SSL certificate comes pre-installed and is automatically added to whatever domain you sync to your hosting account.
How to Install a Free SSL Certificate on Cloudways?
A. Log in to Your Cloudways Account and Select ‘Applications’ From the Main Menu
B. Select the WordPress Installation you Want to Add an SSL Certificate to.
C. Select ‘SSL Certificate’ from the Application Management menu.
D. Select ‘Let’s Encrypt’ from the Dropdown Menu
E. Enter Your Email and the Domain You Want to Add the SSL Too
F. Click ‘Install Certificate’ to Complete the Process.
How to Install a Free SSL Certificate on Bluehost?
A. Log In To Your Account And Select ‘WordPress Tools’ From The Bluehost Dashboard
B. Select ‘security’ From The Options Presented
C. Toggle the Free SSL Certificate On
And that’s it with that one. Your SSL certificate may take a few hours to become active, but you’ll be notified once it’s done and can move on to Step 3 of this tutorial.
How to Install a Free SSL Certificate on WPX Hosting?
1. Log In To Your Wpx Dashboard And Select My Services – WordPress Hosting
Image courtesy of WPX Hosting
2. Choose The Hosting Plan You Want To Use And Select ‘manage Service’
Image courtesy of WPX Hosting
3. Select ‘manage Websites’ From The Website Management Menu
4. Select ‘SSL’ From The Dropdown Menu Followed By Install Free Certificate
5. Click ‘Install’ on the Pop-Up.
Follow these five steps, and you’re good to go.
You’ll receive a notification in your WPX Hosting dashboard, which tells you when your SSL is active, at which point you can move on to step 3 of this process.
3. Setup Redirects
In step 2, we saw four different ways that an SSL certificate can be installed on WordPress. If you host your website with a company other than one of the four shown above, you should still find that the process closely matches at least one of those four examples.
Whichever method you use, once your SSL certificate is installed, you still have to ensure that your WordPress site now knows to use HTTPS (the secure, SSL-encrypted connection) rather than the standard HTTP.
The easiest way to do this is to install a free plugin called Really Simple SSL.
Once activated, this super-helpful tool checks to ensure that you have an SSL certificate in place, then create HTTP to HTTPS redirects and handles the process of changing your website’s settings to start using the SLS/HTTPS protocol, all at the click of a button.
Installing an SSL Certificate on WordPress: A Final Word of Advice
If you came to this tutorial expecting to learn that installing an SSL certificate on WordPress is a long and complicated process, I hope I’ve put your mind at rest that this is certainly not the case.
Simply put, regardless of the hosting company you’re with, installing an SSL certificate is typically a simple case of logging into your hosting dashboard, selecting SSL from the dashboard menu, and turning on SSL.
From there, all that’s left to do is to head into your WordPress dashboard and configure your redirects, and you’ve just taken a big step towards keeping your website secure.
However, if I could offer one final piece of advice today, it’s that installing an SSL certificate isn’t the only step you’ll need to take to ensure your website is secure.
Ensuring you have things like malware scanning and removal, scheduled backups, and other WordPress hardening features in place are just as important when it comes to enjoying maximum website security.
To help you out with all that, here’s my guide to the best WordPress security plugins, as well as my guide to the top WordPress backup plugins to use.