As a webmaster with over 15 years of experience running WordPress sites, I highly recommend installing an SSL certificate. An SSL connection is now a must-have for any professional WordPress site.
In this comprehensive guide, I‘ll share my insider knowledge on how to properly implement SSL certificates, with a focus on getting and installing them for free.
Contents
Why Every WordPress Website Needs SSL in 2022
Recent versions of Chrome, Firefox, and other major browsers now explicitly warn users when visiting any site not secured with HTTPS. For example, Chrome displays a "not secure" warning:
According to Google‘s Chromium blog, over 68% of traffic on Chrome now uses HTTPS. They plan to eventually display a "not secure" warning for all HTTP pages.
Additionally, Let‘s Encrypt reports that over 240 million active SSL certificates have been issued through their free Certificate Authority (CA) service.SSL usage is clearly the standard across the web now.
As a WordPress site owner, you need to get an SSL certificate installed to avoid browser warnings. But beyond that, here are key benefits of using SSL on your site:
1. SSL certificates encrypt sensitive user data
Any information transmitted between the user‘s browser and your site is encrypted with SSL. This includes:
- Login credentials
- Payment details
- Contact form information
Without encryption, this user data could potentially be intercepted by hackers using man-in-the-middle attacks or packet sniffing.
So if your site accepts user logins, payments, or personal data, SSL is a must-have for security.
2. SSL certificates increase visitor trust and conversions
The HTTPS and padlock icon displayed in the browser bar signals to visitors that your site is safe and secure. Users feel more comfortable entering personal details knowing the connection is encrypted.
Studies show that HTTPS increases conversion rates because users trust the site more. SSL improves perceptions of legitimacy and security.
3. Search engines like Google favor sites using SSL
Google uses SSL as one of many signals for search ranking and indexing purposes. While not a direct ranking factor, Google has indicated that HTTPS does provide a slight boost versus HTTP sites.
Given how competitive search is, every little bit helps in getting ranked!
4. It prevents browsers from throttling traffic to your site
In the past, browsers would limit resources for sites not loaded over HTTPS by throttling scripts and fonts. This degraded performance.
Migrating to HTTPS prevents browsers from throttling your site traffic, ensuring fast load times.
For all these reasons, I recommend all WordPress site owners get an SSL certificate installed as soon as possible.
Now let‘s go over how to get a 100% free SSL certificate through nonprofit and web host initiatives.
How to Get a Free SSL Certificate for Your WordPress Site
Paid SSL certificates from certificate authorities like Digicert and Comodo used to be the only option, typically costing $50-$200 per year.
Thankfully, you can now get SSL certificates completely free through:
-
Let‘s Encrypt – This nonprofit project offers free 90-day SSL certificates through an automated API. Major web hosts use Let‘s Encrypt to provide free SSL.
-
Web hosts – Many managed WordPress hosts like Bluehost now include free SSL as part of all plans.
The easiest method is using the free SSL certificate provided by your web hosting provider. They handle obtaining, renewing, and installing the SSL certificate automatically.
I recommend going through one of these top managed WordPress hosts for your free SSL:
- Bluehost
- SiteGround
- HostGator
- WPEngine
- Liquid Web
Here‘s a look at how to enable the free Bluehost SSL for your WordPress site.
Activating Your Free Bluehost SSL Certificate
If your WordPress site is hosted with Bluehost, you can easily activate the included SSL certificate:
- Login to your Bluehost hosting account and go to the My Sites page.
- Click Manage Sites and select your site domain.
- Go to the Security tab.
- Switch the Free SSL Certificate option to On.
It make take some time for the SSL certificate to fully provision across Bluehost‘s server network. But your WordPress site now has free SSL protection!
The process is similar with other top hosts – just check their docs for details.
Now we need to configure WordPress itself to work properly with SSL…
Setting up WordPress to Use Your SSL Certificate
Once SSL is enabled by your web host, there are a few steps required to convert your WordPress site to HTTPS:
- Update your site URL settings from HTTP to HTTPS
- Set up 301 redirects from HTTP to HTTPS
- Fix mixed content by replacing HTTP references with HTTPS
- Update insecure references in the database if needed
Here are two ways to handle this WordPress SSL configuration:
1. Use an SSL Configuration Plugin
The easiest option is to use a dedicated WordPress SSL plugin like Really Simple SSL. It will:
- Detect your SSL certificate and automatically enable HTTPS URLs
- Set up HTTP to HTTPS redirects
- Fix mixed content by replacing HTTP references
So with just a few clicks, the plugin handles all the technical steps to activate SSL on your WordPress site.
2. Manually Configure WordPress for SSL
As an experienced WordPress developer, I can also walk through manually configuring WordPress for SSL:
-
Update the WordPress and Site Address URLs under Settings → General to change links from
http://tohttps://. This enables HTTPS site-wide. -
Add 301 permanent redirects from
http://pages to thehttps://versions using.htaccessrules or a plugin like Redirection. This prevents duplicate content issues. -
Scan for mixed content errors using Google Chrome‘s Developer tools. Replace any
http://references in content, templates, and assets withhttps://versions. -
Update any hardcoded HTTP references in the WordPress database using a search/replace query.
The manual process takes more effort but provides greater control over the SSL switch. Really Simple SSL is still the easiest SSL option for most users.
Be sure to test that your entire WordPress site loads over HTTPS with no browser warnings or errors before launching. SSL Server Test is a great tool for checking everything is working correctly.
Ongoing Management of Your Free SSL Certificate
Most free SSL certificates expire after 90 days and need to be renewed. Thankfully your web host handles this automatically behind the scenes.
But to ensure your site stays secure long-term, be sure to:
- Periodically check your certificate status page in cPanel
- Watch for any renewal emails from your web host
- Monitor error logs for messages related to an expired SSL cert
- Re-test your site using SSL Server Test after renewals
Staying on top of your free SSL certificate renewals prevents any disruptions or security issues down the road.
Conclusion: The Importance of Enabling SSL on WordPress
I strongly recommend that all WordPress site owners use SSL certificates given recent browser trends. Option 1 is leveraging the free SSL included with hosts like Bluehost.
Properly installing SSL certificates minimizes disruption by:
- Using a dedicated plugin to automate configuration
- Setting up comprehensive redirects from HTTP to HTTPS
- Identifying and fixing mixed content for a smooth transition
Pay particular attention to renewing your free SSL certificates every ~90 days through your web host. This ensures long-term HTTPS protection.
Feel free to reach out with any other questions on implementing SSL!
