One way to make your WordPress website more secure is by installing an SSL certificate.
An SSL certificate will add https:// to your site’s domain and, more importantly, will enhance security for your users. It’ll also give you some SEO benefits.
In this tutorial, you’ll learn how to install an SSL certificate for your WordPress site for free using Let’s Encrypt. I’ll show you how to do it using the SiteGround admin screens, using cPanel, and also using a plugin.
Special Discount for WordPress Hosting
If you need WordPress hosting, take a look at SiteGround. It comes with an easy installer, free support, and automatic updates. And it includes support for SSL to keep your site secure! We're happy to be able to offer a huge discount of 70% off self-managed WordPress hosting, thanks to our partnership with SiteGround.
What Is SSL?
SSL stands for ‘Secure Sockets Layer’. It uses key pairs to authenticate website access: a public key, which anyone can access, and a private key, which is private. The relationship between the two means that only someone with the private key (i.e. the website owner, that’s you) can encrypt information that’s transmitted using the public key. It also means anyone can use the public key to verify that the site is secure.
But don’t worry—you don’t have to store these keys for your website. Instead, the keys are used by an SSL certificate that you install on your site. This means that when your site sends information between the browser and the server, it’s encrypted.
When you install SSL, it will change the way your site looks. The https:// at the beginning of your domain will change to https://, and a padlock will appear when you visit the site in your browser, as you can see in this screenshot of the Tuts+ website.
What Are the Benefits of SSL?
So why bother to add SSL to WordPress? It’s an extra job to do after setting up your site and doesn’t change the way the site appears to users, so why should you do it?
There are two main benefits—security and SEO.
SSL and Security
The first and most obvious benefit is to your website security. By adding SSL, you make it much harder for anyone to intercept data that’s being transmitted, and harder for someone to access information that users input to your site.
So if you’re running an e-commerce store or collecting user information for them to register on a membership site, for example, SSL is essential. Running any site like this without SSL is very dangerous and irresponsible.
SSL and SEO
The other great thing about adding SSL to your site is that it’s good for search engine optimization.
Google prefers sites with SSL certificates and will rank them more highly. Given that adding SSL is free, even if your site isn’t collecting user data, it’s worth installing an SSL certificate for the SEO benefits.
How to Add SSL to WordPress for Free
It used to be that to get SSL you had to pay for an SSL certificate, and it could cost more than your hosting. But now you can get an SSL certificate for free using Let’s Encrypt.
You can add this with a WordPress plugin (also free) or you can use the SiteGround admin tools or cPanel to easily add SSL to your site.
Let’s take a look at each method.
Adding Let’s Encrypt SSL via SiteGround
To add SSL to your WordPress site in SiteGround, start by logging in to the SiteGround site and clicking on the Websites tab.
Click the Site Tools button to access tools for your site, and then on Security > SSL Manager.
In the Select Domain field, select the site to which you want to add SSL. In the Select SSL dropdown list, select the option you want to use.
The three options are:
- Let’s Encrypt—a standard SSL certificate, which is free and will meet the needs of the majority of sites.
- Let’s Encrypt Wildcard—wildcard SSL means you can add subdomains to the site and they will use the SSL certificate. Useful if you've got a multisite network using subdomains.
- Premium Wildcard—includes extra features for added security. This will cost extra.
You can find out more on the SSL certificates page of the SiteGround website.
For this demo, I’m going to select Let’s Encrypt as it's free and will meet the needs of the majority of WordPress sites.
Once you’ve selected the option you want, you’ll see a notification that your request is being processed.
This can sometimes take a while as your request is sent to a queue, and there may be other SiteGround account holders submitting requests at the same time. Once the request is complete, you’ll see a success message.
If you click the Configure HTTPS link, you’ll be taken to a tutorial on the SiteGround website that covers a range of website systems. Don't worry, I'll tell you exactly what to do—just skip ahead to the Configuring WordPress Settings to Use HTTPS section below.
Adding SSL in cPanel
If you’re with a hosting provider other than SiteGround that also offers Lets Encrypt SSL, or you’re using an older SiteGround account that still uses cPanel for SSL, you can install a free Let’s Encrypt SSL certificate using the cPanel interface.
Start by logging in to your hosting provider’s interface and opening cPanel. Scroll down to the Security section.
Click the Let’s Encrypt link to go to the Let’s Encrypt manager screen. Go to the Install new Let’s Encrypt Certificate section.
In the Domain field, select the domain you want to add a certificate to. Then select the certificate type. You have two options:
- Let’s Encrypt SSL—suitable for most sites.
- Let’s Encrypt Wildcard SSL—useful for sites with subdomains, such as multisite networks.
Choose the one you want and click the Install button.
You will see a success message telling you your request has been added to the queue. Click the OK button.
At first, it won’t show up in the Manage Let’s Encrypt Certificates section—that’s because your request is in the queue waiting for other users who’ve requested certificates. But it will change to reflect that quite quickly.
Now skip ahead to the Configuring WordPress Settings to Use HTTPS section below.
Adding SSL With a Plugin
If you’re not with SiteGround and your hosting provider doesn’t offer Lets Encrypt, you can install a free plugin that will let you add a free SSL certificate.
In WordPress, install the plugin. Go to Plugins > Add New.
In the search box, type SSL. You’ll see a range of SSL plugins.
Find the SSL Zen plugin. Click the Install Now button and then, when that turns into an Activate button, click that to activate the plugin.
Once the plugin has installed, you’ll be taken to the SSL Zen screen. If you aren’t or you need to come back to it, click SSL Zen in the admin menu.
Click on the Use Free Version link at the top of the screen to be taken to the setup screen.
Check that the domain and email address are correct, check the www option if you want to add https:// to that too, and check the terms and conditions option. Click the Next button to continue.
The next step is to verify that you own the domain. Follow the instructions onscreen to upload a file to a new folder. Make sure you add the folders and files to the public_html folder in your site, not the root. You’ll need to have FTP access to your site or use the File Manager option in cPanel.
Once you've done that, go back to the plugin setup screen and click the Verify button next to each of the files.
The plugin will check that the files are in the right place. Once that’s done, click the Next button.
If you want, you can download your certificates, but you don’t have to—they’ll also be emailed to your WordPress admin email address. Click the Next button again to finish.
Your site will now have an SSL certificate installed, but you still need to ensure that WordPress is using https:// in the browser. We'll cover that in the next section.
Configuring WordPress Settings to Use HTTPS
Now you need to tell WordPress to use https:// instead of http://
In the WordPress admin, go to Settings > General. Find the Site URL and WordPress URL fields.
Edit the two fields so that they include https:// instead of http://
Scroll down and click the Save changes button to save your changes.
You’ll need to log in again—this is because your browser has stored your login cookie for the http:// version of your address, and you need to log in again for https://.
Your site will now use https:// and have the padlock icon.
Adding an SSL certificate to your WordPress site will make it more secure and will enhance your SEO. So there really isn’t any reason not to do it.
And you also don’t need to spend any money to do it. Whichever method you use, add an SSL certificate to your site today, and you’ll be safe in the knowledge that it has better security and will be ranked more highly by search engines.
Easy SSL Setup With SiteGround
As you've seen, SiteGround makes it really easy to set up SSL for your WordPress site. It also comes with an easy installer, free support, and automatic updates—and thanks to our partnership with SiteGround, we can offer a discount of up to 70% off self-managed WordPress hosting.
Envato Tuts+ tutorials are translated into other languages by our community members—you can be involved too!Translate this post