Do you need SSL for your website or can you do without it?
You absolutely need SSL installed on your site if you want to run a website these days. It’s so important that Google expects it to be the default state of a website.
If you don’t have a valid SSL certificate, Google and other search engines won’t even show your site in search results. So it’s unlikely anyone will find your site organically.
SSL has become mandatory because it makes sure any data sent to and from your site is encrypted, making sure that hackers can’t steal it.
If you look at the address bar at the top of this page on our WP101 website, we have a valid SSL certificate and you can view this by clicking on the barrel lock icon in the address bar. You’ll see that the ‘Connection is secure” along with a padlock icon.
We make sure SSL certificates are enabled on all our websites, partner brands, and client projects. They are always set to auto-renew as well and I’ll explain why later in this guide.
First, I’ll break down what SSL is in simple terms and I’ll show you step-by-step how to install it on your WordPress website.
By the end, your site will be not only more secure but also look more trustworthy to your visitors. Let’s dive in!
What is SSL?
SSL stands for Secure Sockets Layer. It’s a technology that keeps your internet connection secure and safeguards any sensitive data sent between two systems.
When a visitor comes to your site, they might share usernames, passwords, credit cards numbers, etc. Your website may also send sensitive information to their browser.
If it’s sent in plain text, a hacker can intercept this data and read it, and likely misuse it.
If you have SSL enabled on your site, it will scramble (or encrypt) this information sent between the user’s browser and your website. It will also verify that your website is genuinely who it claims to be.
In essence, SSL creates a safe, private “tunnel” for data to travel through the internet, protecting it from potential eavesdroppers or hackers.
When you install an SSL certificate on your site, your website will use https:// and not http://, like this:
Search engines like Google don’t just prefer SSL, they expect it to be enabled by default. So having SSL can help improve your site’s visibility.
How SSL Works
SSL works by creating a secure link between a web server (your website) and a web browser (like Chrome or Firefox). Here’s a simple way to understand how it works:
- Handshake: When someone visits your website, their browser requests the server to identify itself.
- Certification: The server sends back a copy of its SSL certificate (which is like an online ID card).
- Verification: The browser checks the certificate to make sure it’s valid and trusts the site.
- Encryption: Once verified, a secure connection is established, and all data sent between the browser and the server is encrypted.
This means the information is turned into a code that only the browser and server can read and understand.
One of the easiest ways to get SSL for your WordPress website is through web hosts that offer free SSL certificates. So let’s take a look at some of the best available options first.
Web Hosts That Provide Free SSL
Many popular hosting providers include SSL as part of their hosting packages, making it simple and cost-effective to secure your site.
The process is streamlined and integrated into the hosting platform, making it quick and easy to enable SSL.
By opting for a web host that includes free SSL, you can ensure that your WordPress website is secure without going through complicated setup processes or incurring extra costs. This makes it an excellent choice, especially for beginners and small businesses looking to enhance their website’s security.
Here are a few well-known web hosts that offer free SSL:
1. Bluehost
Bluehost is a popular choice among WordPress users for its ease of use and reliable service. They offer free SSL certificates with all their hosting plans, which can be activated with just a few clicks.
You can enable the free SSL certificate under the Security tab inside your Bluehost account manager.
That’s it! Bluehost will handle the rest, and your site will be secured with SSL.
Bluehost plans start at $2.75 per month but we’ve worked closely with Bluehost for years. We’ve secured a great deal only for our users so you can get started with a website at just $1.99 per month. This comes with a free domain registration for 1 year, free SSL, free CDN, AI site creation tools, and so much more.
Get this exclusive Bluehost deal here »
2. Hostinger
Hostinger is another popular web host that provides free SSL certificates with their hosting plans. You can enable the certificate under the Website » SSL section in your web hosting account.
Once you install SSL on your domain, Hostinger will handle the technical part of it and secure it in just a few minutes.
Hostinger starts at $2.99 per month and it includes a handful of free features including a domain, unlimited SSL, email, CDN, daily backups, and more.
3. SiteGround
SiteGround is known for its excellent customer support and performance. They also offer free SSL certificates through Let’s Encrypt.
When you create a site with SiteGround, they will try to automatically issue a free Let’s Encrypt SSL certificate.
The installation process may take up to 72 hours after the domain of your site has been registered and/or properly pointed to the SiteGround Name Servers.
You can check if the SSL has been successfully issued in Site Tools » Security » SSL Manager.
In case it is not auto installed, you can install a new Let’s Encrypt SSL from Site Tools. You need to go to Security » SSL Manager » Install New SSL. Select the domain, choose Let’s Encrypt and click on the Get button.
SiteGround also starts at $2.99 per month and includes free domain, WP installation, auto-updates, SSL, daily backups, CDN, email inboxes, enhanced security, and more.
Other web hosting providers that offer free SSL include
- GoDaddy
- Cloudflare
- A2 Hosting
- DreamHost
- HostGator
- InMotion Hosting
- GreenGeeks
- iPage
- WP Engine
- HostPapa
Now if you want to get an SSL certificate on your own, there are multiple ways to do that. You can choose to get a free SSL certificate. These are great for general websites, small business sites, blogs, and so on.
If you run a large business site, an eCommerce site, or anything that’s high-profile, then you might want to consider a premium SSL certificate.
Let’s see how you can get a free SSL certificate first.
How to Install a Free SSL Certificate on Your WordPress Website
Step 1: Install and Activate the Really Simple SSL Plugin
Log in to your WordPress dashboard and navigate to Plugins » Add New. In the search bar, type “SSL”.
Then click “Install Now” next to the Really Simple SSL plugin by Really Simple Plugins. Once installed, click “Activate”.
An alternative plugin that you can use is WP Encryption. It follows a similar process too.
Step 2: Configure the Really Simple SSL Plugin
After activating the plugin, you can find the plugin under the Settings » SSL & Security page.
Here, click on Activate SSL. This will open up a popup with a setup wizard. If the plugin detects an SSL available from your web host, you can choose your web host and it will activate the SSL for you.
If you don’t have an SSL certificate, no worries. The plugin lets you simply click a button to install a free one from Let’s Encrypt. Then you’ll see this popup in the wizard that lets you enable necessary security features. Click on Enable to go to the next step.
The wizard will continue to take you through a few optional steps that you can choose to enable or skip. Once you finish the wizard, you’ll see the Really Simple SSL dashboard like so:
The plugin will automatically handle most of the necessary changes to configure your site to use HTTPS:
- It will update your WordPress settings URL to use HTTPS.
- It will set up a redirect from HTTP to HTTPS.
- It will resolve any mixed content issues, ensuring that all resources are loaded over HTTPS.
You can view any warnings and risks that the plugin flags and follow the instructions to fix the issues.
Step 3: Update Your Site URLs
While the Really Simple SSL plugin handles a lot of the heavy lifting, it’s a good idea to ensure that all your internal links and resources are using HTTPS.
You can use another handy plugin for this called Better Search Replace plugin.
First, I recommend that you make a backup of your database first. Learn how to do that here: How to Backup Your WordPress Site (The Right Way!)
Again, in your WordPress admin, navigate to Plugins » Add New. Search for “Better Search Replace” and install and activate it.
Now navigate to Tools » Better Search Replace in your WordPress menu.
- In the “Search for” field, enter http://yourdomain.com.
- In the “Replace with” field, enter https://yourdomain.com.
Select all tables and run the search and replace.
Now you’re ready for the final step to check if everything is working correctly.
Step 4: Test Your Site
Once the Really Simple SSL plugin is set up, it’s important to test your WordPress site to ensure everything is working correctly:
Visit your website in a browser: Double click on your website’s name in the address bar and you should see https:// at the front of the domain name. You should also be able to check your SSL status by clicking on this icon in the address bar:
This icon used to be the classic padlock which Google has recently moved away from.
Check for Mixed Content: Follow the steps in the Really Simple SSL plugin to fix any mixed content issues if found.
Inspect Your Site: Manually navigate through your pages and posts to ensure images, scripts, and other resources are correctly loaded via HTTPS.
That’s it! You now know how to install an SSL certificate on your site for free.
Using a plugin like Really Simple SSL makes installing and configuring a free SSL certificate on your WordPress site straightforward.
If you are looking for a premium solution, I’ll cover that in detail next.
How to Get a Paid SSL Certificate
There are many SSL providers that offer premium SSL. I suggest choosing a reputable Certificate Authority (CA) such as SSL.com, DigiCert, Comodo, GlobalSign, or Sectigo. These companies are trusted to issue SSL certificates.
Then you need to determine what type of SSL certificate you need:
- Domain Validated (DV): Basic level, fastest to obtain
- Organization Validated (OV): Moderate level, verifies some organizational information
- Extended Validation (EV): Highest level, requires thorough vetting of your organization
Every SSL provider might have different steps of purchasing a certificate from them but it’s usually a straightforward process.
Then you’ll receive your SSL certificate. You need to install it on your web server following the CA’s instructions.
I’ll detail the general process below. Go to your hosting cPanel and under the Security section, click on SSL/TLS.
This will open the SSL/TLS page where you can manage your SSL including private keys and certificate signing requests (CRTs).
On the right hand side, click on Generate, view, upload, or delete SSL certificates.
On the next page, you can either paste your certificate or use the ‘choose file’ button to select the file from your computer. Then click on the ‘Upload Certificate’ button to add it to your site.
That’s it! Now it’s important to keep your SSL certificate enabled at all times and I’ll tell you why next.
What Happens If My SSL Certificate Expires?
If your SSL certificate expires, then visitors to your site will receive warnings from their browsers indicating that the site is not secure. These warnings can be alarming and may drive visitors away.
Google and other search engines will prevent users from visiting your website because it’s not safe for users.
You could lose traffic, rankings, and sales. Plus, once you renew your certificate, it can still take hours to reflect the change.
If you’ve purchased your SSL certificate from your web host, I recommend setting it to auto-renew. If it’s a free certificate offered with your hosting plan, then it’s likely that your web host will auto-renew it. Make sure to check with customer support if they do.
Free SSL certificates from Let’s Encrypt expire every 90 days. If you’re using the Really Simple SSL plugin, you need to manually renew it every time. They will notify you if any issues arise.
Now, you can ensure your site is always secure, compliant with modern web standards, and trusted by your visitors.
I hope you found this guide helpful. Next, I’ll answer important questions that we get asked at WP101.
FAQs on SSL in WordPress
1. What is SSL and why is it important?
SSL stands for Secure Sockets Layer. It is a technology that encrypts data transmitted between a web server and a browser, ensuring that sensitive information such as login credentials, personal details, and payment information remains secure from hackers.
SSL is also important because it improves trust and credibility with visitors, boosts your site’s SEO ranking, and ensures compliance with many data protection regulations.
2. How do I know if my website has an SSL certificate?
You can tell if your website has an SSL certificate by looking for a padlock icon in the browser’s address bar next to your website’s URL. This may have changed recently as Google has moved away from the padlock. Additionally, the URL should start with https:// instead of http://.
3. Do I need to pay for an SSL certificate?
Not necessarily. Many web hosting providers offer free SSL certificates through services like Let’s Encrypt. Additionally, plugins like Really Simple SSL can help you install and configure these free certificates. However, if your website handles highly sensitive information or requires extended validation, you may consider purchasing a premium SSL certificate.
4. Can I use a plugin to install SSL on my WordPress site?
Yes, you can use plugins like Really Simple SSL to install and configure SSL on your WordPress site. These plugins simplify the process by automatically updating your site’s settings and URLs to use HTTPS.
5. How do I fix mixed content issues after installing SSL?
Mixed content issues occur when some elements on your site are still loaded over HTTP after enabling SSL. Plugins like Really Simple SSL handle most mixed content issues automatically. For additional assurance, you can use the Better Search Replace plugin to update all HTTP URLs to HTTPS in your website’s database.
6. What are the common issues when installing SSL, and how can I troubleshoot them?
- Mixed Content Warnings: Ensure all elements on your site are loaded over HTTPS. Use plugins like Really Simple SSL and Better Search Replace to update your URLs.
- SSL Not Trusted: Verify that your SSL certificate is properly installed and all intermediate certificates are included.
- Redirect Loops: Ensure there are no conflicting redirects in your .htaccess file or from other plugins.
7. Will installing SSL affect my website’s performance?
SSL encryption can introduce a slight delay due to the handshake process, but it is usually negligible and unnoticeable to users. Additionally, modern web servers and browsers are optimized for handling SSL, making sure your site’s performance isn’t affected. Moreover, the security benefits and SEO boost outweigh any minor performance concerns.
8. Do I need to update my site’s URLs manually after installing SSL?
While plugins like Really Simple SSL handle most URL updates automatically, it’s good practice to check for any remaining HTTP URLs manually or use the Better Search Replace plugin to ensure a thorough update.
9. How often do I need to renew my SSL certificate?
Free SSL certificates from Let’s Encrypt need to be renewed every 90 days. Most hosting providers automate this renewal process, but it’s a good idea to periodically check to ensure your SSL certificate is up-to-date.
10. Will an SSL certificate improve my site’s SEO?
Yes, having an SSL certificate can improve your site’s SEO. Search engines like Google consider SSL mandatory to protect their users from data theft and fraud.
Up next, you may also want to read our showcase on the Best WordPress Security Plugins to Shield Your Website.
If setting up your site, installing SSL, and maintaining all of it sounds a bit much, you might be interested in getting professionals to handle it for you.
Our partner brand WPBeginner offers Pro Services that I’ve used on my own sites and have been really happy with their service and customer support.
They offer Maintainance Services where they’ll take care of a host of tasks that include:
- Plugin, theme, and WordPress core updates
- Routine cloud backups
- Uptime monitoring
- Security monitoring
- CDN (Content Delivery Network)
- SSL
…and so much more. They’ll also give you a regular site maintenance report to keep you updated on what’s happening with your site.
Get started with WPBeginner Pro Services
If you have any further questions on SSL or anything else in this guide, feel free to leave a comment below!