Most of you would have probably heard about the importance of switching your website from HTTP to HTTPS to make the site a lot more secure and safe. This can be quickly done by buying and installing an SSL certificate on your website. However, some website admins might not know how to add an SSL certificate to the website.
If you are running a WordPress website for your business, it is essential to understand how to install an SSL certificate to WordPress. It is best to have a clear understanding of the importance of SSL and HTTPS in WordPress before you learn more about how you can add them to your website.
Table of Contents
- What are SSL and HTTPS in WordPress?
- Why Do You Need HTTPS and SSL in WordPress?
- Adding SSL and HTTPS in WordPress
- How to Fix Mix Content Warning?
- Update Google Analytics
- Free vs. Premium SSL Certificates
- Selecting the Right Certificate for WordPress Website
- Wrapping Up
What are SSL and HTTPS in WordPress?
NOTE:
HyperText Transfer Protocol Secure or HTTP is a protocol, which guarantees the protection and confidentiality of data exchanged between the user’s device and the website.
Data will be exchanged between the server and the internet user during every internet browsing session through the HTTP protocol. Several business websites over the internet collect payment details, personal data, and other information from customers.
Websites collecting such information from their customers need to ensure that the information does not get into the wrong hands. Hackers and cybercriminals will be targeting sites with such data, and if they get successful, it might cause severe financial and reputational damage to your business.
Fortunately, you can avoid such issues by switching your website from HTTP to HTTPS.
Security of confidential business and customer data is ensured by using SSL certificates on websites.
NOTE:
Secure Socket Layer or SSL is another protocol currently used by millions of websites to protect their data. Employing the right kind of SSL cert is as important as buying one. You need to find the one that is best suited for your unique needs.
If you run an e-store, you would probably need to secure multiple first-level subdomains such as payment, blog, and product collection pages under one primary domain.
Suppose budget is a concern; you can easily find a cost-saver cheap wildcard SSL certificate for your business website without any hassles that will serve the same purpose as the more expensive ones. It is highly recommended to go for Comodo SSL certificates as they offer a premium range of cybersecurity products at affordable prices.
WP Force SSL is another good SSL plugin for WordPress. The plugin’s SSL certificate validation utility verifies that the SSL certificate is legitimate, installed appropriately, and valid. Carefully designed with over 14 SSL tests and different settings, WP Force SSL makes an excellent choice for keeping your web-safe.
⚡Check out the complete WordPress security checklist.
Why Do You Need HTTPS and SSL in WordPress?
Most modern businesses and eCommerce websites have online shopping activities, payment transactions, payments made for transactions, and more on their business database.
Therefore, it is integral for such websites to use SSL certificates to prevent the chance of cyberattacks and data breaches.
In addition, the HTTPS protocol is an essential requirement for websites that request personal information or data from users to give them access to certain content. Therefore, businesses need to protect such crucial data from cybercriminals and hackers.
Another interesting thing to note is that most eCommerce websites and online stores have online payment gateways to help online shoppers easily complete their transactions. Businesses looking to integrate PayPal, Stripe, and other popular platforms will need an SSL certificate to ensure security.
Finally, website security will play an essential part in the search engine ranking of your website, as Google has mentioned it as one of their essential ranking factors. So, in short, your business will suffer and fail to remain competitive if you do not use HTTPS and SSL on your WordPress website.
Adding SSL and HTTPS in WordPress
Installing a Comodo SSL certificate on your business WordPress website might seem quite challenging to several website admins and owners. This is why I have listed a comprehensive and step-by-step guide on adding SSL and HTTPS to WordPress websites.
Generate The CSR
Before I start, let me remind you that different servers have different CSR generation processes.
I’ll cover CSR generation for cPanel, one of the most popular platforms out there:
- Login to the cPanel and check for the Security section. Once you have found the security section, click on the SSL/TLS Manager.
- You will now be able to see “Generate, view, or delete SSL certificate signing requests” under the CSR ( Certificate Signing Requests) section.
- Go to the “Generate, view, or delete SSL certificate signing requests” and fill in Domains, State, Country, and other fields using alphanumeric characters.
- Then click on Generate.
Once you have completed the steps mentioned above, both public and private keys will be generated. It would help if you remembered that the CSR code, which contains the public key, will be sent to the Certificate Authority with other details based on the instructions of the CA.
Once the CA receives your public key and other required details, they will start vetting your credentials. The certificate authority might even request you to perform additional steps for proving the domain ownership. After completing the validation process, the CA will issue the SSL certificate for your website.
Installing the SSL Certificate via cPanel
As mentioned earlier, different web servers and portals have different types of SSL certificate installation processes. I’m covering the installation process for cPanel here, but most other servers have similar setup processes.
1. Find the SSL/TLS option under the Security Section on your cPanel account.
Under the CRT section, you will be able to find the ‘‘Generate, view, or delete SSL certificate signing requests” section, click on it, and proceed to the next step.
2. Go to the “Upload A New Certificate” section.
Look for “paste the certificate into the following text box”. There will be a code on the yourdomain.crt file, which must be pasted in the above field. You can also download it directly from your account. Make sure to include both the footer and header in the code.
3. Click on Upload or Save Certificate
4. Go to cPanel, and find “Install and Manage SSL for your site (HTTPS)”
Select Manage SSL sites. You will need to choose the domain for which an SSL certificate has been issued for your website. The system will automatically fill the Private Key (KEY) and Certificate (CRT) fields.
The CA bundle has to be added into the box, which comes under Certificate Authority Bundle (CABUNDLE).
5. Select Install Certificates
Enabling SSL in WordPress by using a plugin
Really Simple SSL Plugin is one of the most commonly used plugins to install SSL certificates on WordPress websites.
- Go to your WordPress dashboard
- Select Plugins and click on Add New
- Search for the Really Simple SSL Plugin and install it
- Locate the Really Simple SSL Plugin under Plugins and select Settings
- Choose Go ahead activate SSL.
Your website will be shifted to HTTPS if there are no mixed content errors. However, if there are any mixed content errors, here is what you need to do.
How to Fix Mix Content Warning?
When you migrate your WordPress website from HTTP to HTTPS, there is a chance for some elements to not load over HTTPS properly. As a result, you will receive a mixed content warning. In addition, changing the codes manually and updating all links to HTTPS is time-consuming.
So, you can use the free WordPress plugin Better Search Replace.
Write the HTTPS domain in Replace with and the HTTP domain in Search For and then select Run Search/Replace.
What’s Next? Update Google Analytics
The last thing you need to do is let Google and other search engines know that your website has been switched to HTTPS.
Here is how you can do that:
- Open Google Analytics
- Go to the Admin section
- Click on Property and then select Property Settings
- Update the domain name with HTTPS on the URL field in default and click Save
📚Read also: How to Add Google Analytics to WordPress?
Free vs. Premium SSL Certificates
There are free and premium SSL certificates available in the market, so it is crucial to understand the difference between them before settling for one.
Most of the free SSL certificates available in the market are single domain, whereas you will find different types of premium SSL certificates. In other words, there is no free organization validation (OV) or extended validation (EV) certificate available out there.
Another major downfall of free SSL certificates is that they will expire in 90 days, which means that you will need to get a new one after the free certificate expires. On the other hand, paid SSL certificates can be issued for 2 years, which means that you will not have to worry about the expiry date for quite some time.
Selecting the Right Certificate for WordPress Website
Determining what type of SSL certificate is ideal for your website can be quite challenging. However, do not worry because I’m here to make things simpler for you:
- Informative blogs, websites, and personal websites should consider investing in a Domain Validated SSL certificate.
- WordPress websites that offer paid subscriptions, accept donations, and paid membership will need Extended Validated or Organizational Validated SSL certificates.
- Multi-domain SSL certificates are required for websites with multiple domain names.
SSL FAQs
Does WordPress have an SSL certificate?
If you are using WordPress.com for hosting your website, you get an SSL certificate (even using a free plan).
What is an SSL certificate in WordPress?
Secure Socket Layer is the protocol currently used by millions of websites to protect their data.
How much does an SSL certificate cost?
SSL certificate pricing varies, but the premium options start from $8 per year.
How to make HTTPS without an SSL certificate?
It’s not possible.
Wrapping Up
You might indeed see some fluctuations in the Google ranking of your website when you switch from HTTP to HTTPS. However, running your website with a non-secure label is not a good idea, as it will affect your rankings gradually and reduce customer trust.
So, it is best to add SSL and HTTPS to your WordPress website from the beginning.