How can I add a Free SSL Certificate to My WordPress Website?

Jessica Thompson
Jessica Thompson

Brand Strategy & Community Expert

 
June 1, 2020 6 min read

Adding an SSL certificate to your WordPress site is one of the best ways to secure it. (Secure your domain with SSL) Plus, by adding this certificate, you get extra SEO benefit for your site, as search engines consider a secure website more trustworthy than a website with no https. (The Impact of HTTPS on SEO)

In our previous article on advanced WordPress security we shared some additional tips to secure your WordPress website, and adding a security certificate is the start towards security.

An SSL enabled website is a necessity for a secure web, but the cost of implementing it raises concerns towards its widespread adoption. (Why TLS/SSL is Important to Secure Your Site - Newor Media Blog)

In this post, we’ll walk you through step by step instructions and a free SSL certificate provider to add a free SSL certificate to your WordPress site.

How to get a Free SSL Certificate for WordPress site?

Let’s Encrypt is the new open source certificate authority which provides free SSL certificates for websites.

Their service currently offers full support for IPv6, IDN, ACME DNS challenge, and ECDSA signing.

SSL for free is a tool that helps you to obtain SSL certificates for your website. The renewals are also free and unlimited. Issued certificates are supported by all major browsers and operating systems.

The objective of this authority is to spread the use of SSL and change that red address bar to green by enabling https. (Though, these days you'll mostly see a padlock icon instead of a green bar, which is still a good sign of security.)

Step 1: Install SSL Certificates on your host

Using Let’s Encrypt

There are two ways you can install an SSL certificate using LetsEncrypt. First is the manual way where you have to go through the manual installation using the official Let's Encrypt documentation.

Second is the automatic installation. Many popular hosts now include automatic installation options with their admin panels.

Although each hosting company will have a slightly different process, for the most part, the below steps will be the same:

  1. Login to your user portal.
  2. Head over to your-website-name > SSL > Add Certificates > Get Let’s Encrypt.
  3. Select the domains for which you want HTTPS.

Not every web host comes with a Let's Encrypt auto installer. So here is the list of hostings who support Let’s Encrypt and check whether your hosting supports it or not. If your hosting isn’t supporting it, there is an alternate explained down in the article.

Using SSLforFree

Visit SSLforfree.com, enter your domain name for which you want to obtain a security certificate. Enter your domain name with www and click on “Create Free SSL Certificate” button. SSL For Free will also add the non-www version to the certificate (i.e., example.com).

In the next step, you will be required to verify ownership of the domain for which you want to add a free SSL certificate. There are three options to verify your domain: Automatic FTP verification, Manual FTP verification, and manual verification using DNS.

Follow each instruction carefully and verify your domain. By far, automatic FTP verification is the easiest method.

Manual DNS Verification: If you choose this method, you'll need to add a specific TXT record to your domain's DNS settings. SSLforFree will provide you with the exact record (host and value) to add. You'll typically do this through your domain registrar or hosting provider's DNS management panel. Once the record is added, SSLforFree can detect it and verify your domain.

If SSLforfree.com successfully verifies your domain name, your SSL certificate will be generated upon clicking on the “download SSL certificate” button. You can leave “I Have My Own CSR” unticked.

The downloaded zip file will contain all the files needed to enable HTTPS on your site. These typically include:

  • Certificate: This is your actual SSL certificate.
  • Private Key: This is a secret key that corresponds to your certificate. Keep this secure!
  • CA Bundle (or Intermediate Certificate): This helps browsers trust your certificate.

Now visit your hosting cpanel, search for SSL/TLS and navigate through.

Select the domain from the drop-down menu for which you want to install the SSL certificate. Select “Setup a SSL certificate to work with your site.”

Paste the contents from the files in the zip you downloaded into the respective fields. You'll usually find fields for "Certificate (CRT)", "Private Key (KEY)", and "Certificate Authority Bundle (CABUNDLE)".

As an alternative, you can directly copy and paste the corresponding text from the SSLforfree screen to the cpanel SSL/TLS screen.

Press the Install button once you are done.

Yaaye!! A free SSL certificate is now installed on your domain. You can install SSL on new and existing WordPress websites by following the same procedure.

This is also the alternative method for installing free SSL to those web hosts who do not support Let’s Encrypt in their cpanel.

If you do not find the SSL/TLS option in your cPanel, you can download the zip and share it with your hosting provider support; they will add it from their end.

Step 2: Update Your WordPress URLs

By now you have successfully installed an SSL certificate to your WordPress website. Your site will now get a padlock icon upon switching to https. To finalize the redirects to https, you need to change the URLs of your WordPress website.

This is how you can leverage your newly installed SSL certificate.

Start off by navigating to Settings > General from your WordPress admin panel. Scroll down to the WordPress Address (URL) and Site Address (URL) sections.

It should look something like this:

Now, replace HTTP with HTTPS in the text fields of both sections.

Click the Save Changes button to continue.

Updating WordPress URLs on Existing Sites

If you’ve installed an SSL certificate to an existing WordPress site then chances are that it’s already being indexed by search engines. Since you’ve probably shared links using HTTP in the URL, you will need to ensure that all the HTTP link juice is redirected to new HTTPS URLs.

To do this, install a plugin called Really Simple SSL. Once you install and activate it, the plugin will automatically configure your website (i.e., update all URLs) to redirect to HTTPS by updating the .htaccess file or running some JavaScript code. In addition to this, it will also fix any insecure content issues. "Insecure content issues," often called "mixed content," happen when your HTTPS page tries to load resources (like images or scripts) from an HTTP source. This can break your site's security and cause warnings for visitors.

Now you have successfully added a free SSL certificate to your WordPress site. You can now show off by adding an SSL seal graphic on your site.

Important Note on Renewal: This free SSL Certificate is valid for 90 days. After expiration, you have to renew it.

  • For Automatic Installations (via Hosting Provider): If your host provided an auto-installer for Let's Encrypt, they usually handle renewals automatically. Check with your hosting provider to confirm their renewal process.
  • For Manual Installations (via SSLforFree or Let's Encrypt Documentation): You'll need to repeat the installation process. Visit SSLforFree again, re-enter your domain, and follow the steps to generate and install a new certificate. The process is generally the same as the initial installation.

Let’s Encrypt vs SSLforFree

Let’s Encrypt or SSLforFree, which one is the perfect free SSL solution? The answer is Both.

Well, they can't really be compared because SSLforFree is a tool that utilizes Let’s Encrypt's acme client and generates SSL certificates for shared hostings.

Let’s Encrypt requires root access to the server for generating and installing security certificates via command.

For non-technical and shared hosting users, it is impossible to perform such actions, so SSLforfree generates SSL certificates in the most user-friendly way.

This is how you can get a free SSL certificate for your WordPress website and configure it for a secure environment.

For discussions and queries, you are always welcome to share them in comments below.

Jessica Thompson
Jessica Thompson

Brand Strategy & Community Expert

 

Brand strategist and community manager who helps businesses build authentic connections through AI-enhanced social media content. Expert in audience engagement and brand voice development.

Related Articles

subcultures for kids

Contemporary Subcultures: A Guide for Young Learners

Explore contemporary subcultures with this kid-friendly guide! Learn about different youth movements, their values, and how they influence society today. Perfect for young learners curious about the world around them.

By David Kim October 2, 2025 5 min read
Read full article
AI content creation

Discovering Hidden Gems in AI-Driven Content Creation

Explore the untapped potential of AI in content creation. Discover hidden tools and strategies to elevate your social media marketing and engagement.

By Michael Johnson September 30, 2025 6 min read
Read full article
content creation trends

What Trends Can Teach Businesses About Content Creation

Discover how current trends, including AI and social media shifts, can inform and improve your business's content creation strategy. Learn to leverage data, adapt to new platforms, and create engaging content.

By Alex Chen September 28, 2025 17 min read
Read full article
AI academic writing

AI for Academic Writing: Essays, Papers, and Theses

Discover how AI tools are revolutionizing academic writing. Learn about AI-powered assistance for essays, research papers, and theses, while maintaining academic integrity.

By Alex Chen September 26, 2025 7 min read
Read full article