One of the best ways to secure your WordPress website is by adding an SSL certificate to your domain.
Installing an SSL certificate on your site’s domain was not only difficult but could also end up breaking your bank. This changed with the Let’s Encrypt open-source project that aims to automate the free installation of SSL certificates for everyone.
With this in mind, in this post, we’ll walk you through a step by step tutorial of installing a free SSL certificate on your WordPress site with Let’s Encrypt. We’ll outline how you can go about installing the SSL certificates through SiteGround’s cPanel and DreamHost’s control panel so you can follow whichever one is easiest for you.
Let’s put everything into context before we begin!
A Brief Overview of SSL
Have you ever noticed that some sites have an HTTPS prefix to their URLs instead of the traditional HTTP?
Sites that require users to enter personal information such as credit card numbers, payment details, and login credentials need a Secure Sockets Layer (SSL) certificate. These certificates are used to prevent hackers from gaining access to the data that a website and its end user are passing to one another.
SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. – SSL.com
The origin of SSL certificates can be traced back to 1996 when they were created to make the connection between a website and its end user more secure. A few years later, the original SSL certificates underwent improvements and were called Transfer Layer Security (TLS). Although we’re actually using TLS certificates today, they’re most commonly known by their original name, SSL certificates.
To move from an HTTP site to an HTTPS site you’ll need to install an SSL certificate acquired from a certified authority. In the past, these certificates cost money and typically required the site to be hosted on a Dedicated Server or a Virtual Private Server. All this changed with Let’s Encrypt. Let’s Encrypt is a free, automated, and open certificate authority provided by the Internet Security Research Group (ISRG).
As you can guess by now, adding an SSL certificate to your WordPress website is important – especially if your customers are entering personal information. Let’s Encrypt makes it easier than ever before to add an SSL certificate to your site. In the following section, we’ll walk you through a step by step tutorial on how you can add free SSL certificates to WordPress using Let’s Encrypt.
Adding Free SSL Certificates to WordPress
With Let’s Encrypt, webmasters can install SSL certificates on their site in a few easy steps. We’ll use Shell access to add a couple of lines of code and then we’ll install and run Let’s Encrypt’s Automatic Certificate Management Environment (ACME) client. By the time you’re done with this tutorial, an SSL certificate will be installed on your WordPress site, instantly!
The easiest way to install an SSL certificate on your site is to sign up with a hosting provider that offers this service in their package. Some of the most popular WordPress hosting providers are offering built-in SSL set up to their customers at no additional cost.
- SiteGround. SiteGround lets customers install security certificates by Let’s Encrypt without any complicated configurations or validation emails. The certificates are automatically renewed and supported by all of the major browsers.
- Other Web Hosts. Most web hosting companies have a section in their documentation that explains how customers can install third-party SSL certificates on your domain. BlueHost and WP Engine let their customers know how they can do this.
Setting Up Free SSL on SiteGround
Step 1: Login to your website’s (hosted with SiteGround) cPanel.
Step 2: Scroll down to the Security section of the dashboard and click on the Let’s Encrypt link.
Step 3: In the following screen, scroll down to the Install new Let’s Encrypt Certificate section and enter your site’s details.
- Domain. The domain name where you would like to install the free Let’s Encrypt SSL certificate.
- Email. Your email address.
Step 4: Click the Install button to continue.
That’s all there is to it. Let’s Encrypt will now issue an SSL certificate for the domain name you provided and you’ll receive a notification when it has successfully installed on your WordPress site.
Some Final Steps
Once you’re done installing the SSL certificate you’ll need to make a few more updates to your WordPress website to ensure everything functions smoothly. First off, we’ll show you how you can move your site from HTTP to HTTPS by updating its URLs. Next, you’ll have to update your site’s URLs in Google Analytics.
Updating WordPress URLs After Setting Up SSL
At this point, your website’s URL will still look something like this:
This means that even though you’ve installed the SSL certificate, your site is still using the HTTP protocol. To start using your newly installed SSL certificate, you’ll have to make your site use the HTTPS protocol i.e. you’ll need to update the URLs of your WordPress website to look like this:
Here’s how you can move WordPress URLs from HTTP to HTTPS:
New WordPress Sites
Step 1: Navigate to Settings > General from the WordPress dashboard.
Step 2: Update your site’s URL in the following two text boxes:
- WordPress Address (URL)
- Site Address (URL)
Step 3: Click the Save Changes button.
Existing WordPress Sites
If your site has been up and running for some time before you installed the SSL certificate then chances are your readers and visitors have been linking to its old URLs on their social media networks, blog posts, and elsewhere. Thankfully, WordPress offers a free plugin that lets you redirect your traffic to the new (HTTPS) URLs.
Install and activate the Really Simple SSL plugin. You don’t have to mess around with any configuration settings. Once the plugin is installed, it will automatically detect your installed SSL certificate and set up your site’s URLs.
Updating Google Analytics Settings
If you’re using Google Analytics then you’ll need to update your WordPress website’s URL from HTTP to HTTPS there, as well. Here’s how you can update it:
Step 1: Login to your site’s Google Analytics dashboard.
Step 2: Navigate to the Admin tab.
Step 3: Click on Property Settings under your website’s name.
Step 4: From the Property Settings screen, click on the drop-down list under Default URL and select https://.
Step 5: Click Save.
Wrapping It Up
While Let’s Encrypt is still in beta and undergoing significant changes, some web hosts have already started to allow their customers to install free SSL certificates on their domain. We showed you how you can install your very own certificate through SiteGround’s control panel without having to code. Be sure to try it out on your own!
Are you thinking about installing a free SSL certificate from Let’s Encrypt on your WordPress website? Get in touch by commenting below!
I have installed Let’s Encrypt on the server domain and added the SSL plugin, it still says the site is not private an no padlock, what is wrong?
If your hosting provider doesn’t support Let’s Encrypt and you need to manually add it I suggest using SSL for Free service which will help you go through process to easily implement Let’s Encrypt for your website.