Adding an SSL certificate to your WordPress site is one of the best ways to secure it. Additionally, by adding this certificate, you get extra SEO benefit for your site, as search engines consider a secure website more trustworthy than a website with no https.
In our previous article on advanced WordPress security we have shared some additional tips to secure your WordPress website, and adding a security certificate is the inception towards security.
An SSL enabled website is a necessity of a secure web but the cost of implementing it raises concerns towards its widespread adoption.
In this post, we’ll walk you through step by step instructions and free SSL certificate provider to add a free SSL certificate to your WordPress site.
How to get a Free SSL Certificate for WordPress site?
Let’s Encrypt is the new open source certificate authority which provides free SSL certificates for websites.
Their service currently offers full support for IPv6, IDN, ACME DNS challenge, and ECDSA signing.
SSL for free is a tool that helps you to obtain SSL certificates for your website. The renewals are also free and unlimited. Issued certificates are supported by all major browsers and operating systems.
The objective of this authority is to widespread the use of SSL and change that red address bar to green by enabling https.
Step 1: Install SSL Certificates on your host
Using Let’s Encrypt
There are two ways you can install SSL certificate using LetsEncrypt. First is the manual way where you have to go through the manual installation using Let’s Encrypt Documentation.
Second is the automatic installation. Many popular hosts now include automatic installation options with their admin panels.
Although each hosting company will have a slightly different process, for the most part, below steps will be the same:
- Login to your user portal.
- Head over to your-website-name > SSL > Add Certificates > Get Let’s Encrypt.
- Select the domains for which you want HTTPS.
Not every web host comes with Let’s Encrypt auto installer. So here is the list of hostings who supports Let’s Encrypt and check whether your hosting supports it or not. If your hosting isn’t supporting it, there is an alternate explained, down in the article.
Visit SSLforfree.com, Enter your domain name for which you want to obtain a security certificate. Enter your domain name with www and click on “Create Free SSL Certificate” button. SSL For Free will also add the non-www version to the certificate (i.e example.com).
In the next step, you will be required to verify ownership of the domain for which you want to add free SSL certificate. There are three options to verify your domain; Automatic FTP verification, Manual FTP verification and manual verification using DNS.
Follow each instruction carefully and verify your domain. By far automatic FTP verification is the easiest method.
If SSLforfree.com successfully verifies your domain name, your SSL certificate will be generated upon clicking on “download SSL certificate” button. You can leave “I Have My Own CSR” unticked.
The downloaded zip file will contain all the files needed to enable HTTPs on your site.
Now visit your hosting cpanel, search for SSL/TLS and navigate through.
Select the domain from the drop down menu for which you want to install SSL certificate.
Select “Setup a SSL certificate to work with your site.”
Paste contents from the file zip downloaded.
As an alternative, you can directly copy and paste corresponding text from SSLforfree screen to cpanel SSL/TLS screen.
Press Install button once you are done.
Yaaye !! A free SSL certificate is now installed on your domain. You can install SSL on new and existing WordPress websites by following the same procedure.
This is also the alternative method for installing free SSL to those web hosts who do not support Let’s Encrypt in their cpanel.
NOTE: If you do not find SSL/TLS option in your Cpanel, you can download the zip and share it with your hosting provider support, they will add it from their end.
Step 2: Update Your WordPress URLs
By now you have successfully installed an SSL certificate to your WordPress website. Your site now will now get a green padlock upon switching to https. To finalize the redirects to https, you need to change the URL’s of your WordPress website.
This is how you can leverage your newly installed SSL certificate.
Start off by navigating to Settings > General from your WordPress admin panel.
Scroll down to the WordPress Address (URL) and Site Address (URL) sections.
It should look something like this:
Now, replace HTTP with HTTPs in the text fields of both sections.
Click the Save Changes button to continue.
Updating WordPress URLs on Existing Sites
If you’ve installed an SSL certificate to an existing WordPress site then chances are that it’s already being indexed by search engines. Since you’ve probably shared links using HTTP in the URL, you will need to ensure that all the HTTP link juice is redirected to new HTTPs url’s.
Now you have successfully added a free SSL certificate to your WordPress site. You can now show off by adding a SSL seal graphic on your site.
NOTE: This free SSL Certificate is valid for 90 days and after expiration, you have to renew by following the same procedure.
Let’s Encrypt vs SSLforFree
Let’s Encrypt or SSLforFree which one is the perfect free SSL solution?
The answer is Both.
Well both cannot be compared because SSLforFree is a tool which utilizes Let’s Encrypt acme client and generate SSL certificates for Shared hostings.
Let’s encrypt requires root access to the server for generating and installing security certificate via command.
For non-technical and shared hosting users it is impossible to perform such actions, so SSLforfree generate SSL certificates in the most user friendly way.
This is how you can get a free SSL certificate for your WordPress website and configure it for a secure environment.
For discussions and queries, you are always welcome to share them in comments below.