Are you looking to install a Free SSL certificate on your WordPress site? If so, then you are at the right place!
SSL (Secure Socket Layer) is a security protocol that enables encryption of data transferred between a website and its users. When a website has an SSL certificate installed, it secures sensitive information such as login credentials, personal information, and financial details.
SSL certificates are used to establish trust between the website and its visitors and prevent malicious entities from intercepting and stealing sensitive data.
In this article, I will show you to install an SSL on a WordPress site. It is completely free and does not require know-how in programming.
Wait, do you know what is the disadvantage of not having SSL?
The main disadvantage of not having SSL (Secure Sockets Layer) for your website is that your website visitors’ data will be transmitted in plain text, which can be intercepted and read by attackers who may be able to steal sensitive information such as login credentials, credit card numbers, and other personal information. This can result in identity theft, financial loss, and damage to your website’s reputation.
Additionally, not having SSL may negatively impact your website’s search engine rankings as search engines, such as Google, prioritize websites with SSL certificates and consider them more secure. This means that your website may rank lower in search results, making it harder for people to find your site.
Furthermore, some modern web browsers may display a warning message to users when they visit a website that doesn’t have SSL, indicating that the site is not secure. This can cause visitors to leave your website and look for a more secure alternative, leading to decreased traffic and potential revenue loss.
What is an SSL
SSL (Secure Sockets Layer) is a technology that encrypts the data that is transmitted between a website and its visitors’ web browsers. When a website has SSL, it means that the data is securely transmitted and protected from interception by hackers and other malicious entities.
SSL works by establishing an encrypted connection between the website and the visitor’s browser, creating a secure channel through which data can be transmitted. This encryption ensures that any sensitive information, such as login credentials or credit card numbers, cannot be intercepted or read by unauthorized individuals.
In addition to providing security for visitors’ data, having SSL can also boost a website’s search engine rankings. Google, for example, prioritizes secure websites in its search results, so having SSL can help improve a website’s visibility and attract more visitors.
SSL Certificates: How Do They Work?
SSL (Secure Sockets Layer) is a security protocol that is used to encrypt data sent between a client and a server over the internet. It ensures that the data is transmitted securely and cannot be intercepted by third parties.
Let’s say you want to visit a website, https://www.example.com. When you type this URL into your internet browser and hit enter, your browser sends a request to the server hosting the website. This request is sent in plain text, which means that anyone who intercepts the request can read its contents.
To prevent this from happening, the server responds with a digital certificate. This certificate contains the server’s public key and is signed by a trusted Certificate Authority (CA). The public key can be used to encrypt data that is sent to the server, while the private key is used to decrypt it.
Your browser then checks the certificate to make sure it is valid and has been issued by a trusted CA. If the certificate is valid, your browser creates a symmetric key (a shared secret key) and sends it to the server. This key is used to encrypt and decrypt data that is sent between the client and the server.
Once the key exchange is complete, all data that is sent between the client and the server is encrypted using the symmetric key. This means that if anyone intercepts the data, they will only see a jumble of characters that cannot be deciphered without the key.
Get the SSL Certificate
First and foremost, you need to make sure that you don’t already have an SSL certificate provided with your hosting purchase plan. Most WordPress hosting providers offer free SSL certificates with their hosting plans.
Let me help you, in case you don’t have SSL installed already on your WordPress website.
Let’s Encrypt is a non-profit Certificate Authority that provides free SSL/TLS certificates to website owners. Here are the steps to get a free SSL certificate from Let’s Encrypt:
1/ First, make sure your WordPress site is installed and accessible via HTTP.
2/ Install the “Certbot” tool on your server. You can follow the installation instructions for your operating system on the Certbot website.
3/ Install the “Certbot plugin for Apache” or the “Certbot plugin for Nginx”, depending on your web server software. These plugins will help Certbot automatically configure your web server to use the SSL certificate.
4/ Next, install the “Certbot plugin for WordPress” by running the following command:
sudo certbot plugin install certbot-plugin-wp
This plugin will handle the installation and renewal of the SSL certificate for your WordPress site.
5/ Run the following command to obtain an SSL certificate for your WordPress site:
sudo certbot certonly –webroot -w /var/www/yourdomain.com -d yourdomain.com -d www.yourdomain.com -i certbot-plugin-wp:wordpress
Replace “/var/www/yourdomain".com with the path to your WordPress site’s root directory, and “yourdomain.com" with your actual domain name. The “-d" options are used to specify the domain name and any additional subdomains that should be included in the SSL certificate.
6/ Certbot will verify that you own the domain name by creating a file in the webroot directory and checking that it is accessible via the internet. Once verification is complete, Certbot will issue the SSL certificate.
7/ The SSL certificate files will be stored in /etc/letsencrypt/live/yourdomain.com/.
8/ Configure your web server to use the SSL certificate. The configuration steps may vary depending on your web server software. If you used the Certbot plugin for Apache or Nginx, it should have automatically configured the web server for you.
9/ Finally, log in to your WordPress dashboard and go to “Settings” > “General”. Change the “WordPress Address (URL)” and “Site Address (URL)” fields to start with “https://” instead of “http://”.
Installing the Free SSL Certificate with Really Simple SSL WordPress Plugin
here’s a step-by-step guide on how to install and configure the Free SSL certificate with the Really Simple SSL WordPress plugin:
Step 1: Install the Really Simple SSL Plugin
- Log in to your WordPress dashboard.
- Click on “Plugins” on the left-hand side menu.
- Click on “Add New”.
- In the search bar, type “Really Simple SSL”.
- Once you see the plugin, click on “Install Now”.
- After installation, click on “Activate”.
Step 2: Activate SSL with Really Simple SSL
- Once you have installed and activated the plugin, a notification will appear at the top of the page that says “Really Simple SSL has detected that your site is not running over https.”
- Click on the “Go ahead, activate SSL!” button.
- You may be logged out and redirected to the https:// version of your website.
- Verify that your website is now running over https.
Step 3: Verify SSL Certificate
- After activating SSL, Really Simple SSL will check if your SSL certificate is valid.
- If the SSL certificate is not valid, a warning message will appear.
- Click on the “Check SSL” button to see what needs to be fixed.
- If you have a valid SSL certificate, the plugin will let you know that SSL is working.
Step 4: Enable SSL for All URLs
- Click on “Settings” on the left-hand side menu.
- Click on “SSL” from the dropdown menu.
- Check the box next to “Enable SSL for all pages”.
- Click on “Save”.
Step 5: Update Site URLs
- Click on “Settings” on the left-hand side menu.
- Click on “General”.
- Change the “WordPress Address (URL)” and “Site Address (URL)” fields to start with “https://” instead of “http://”.
- Click on “Save Changes”.
Step 6: Test SSL Certificate
- Test your SSL certificate by going to your website’s homepage and checking if the URL starts with “https://”.
- If your website has mixed content warnings, Really Simple SSL will try to fix them for you.
- Verify that your website is fully secure by using an online SSL checker.
That’s it! You have successfully installed and configured the Free SSL certificate with Really Simple SSL WordPress plugin.
How to Manually Redirect URLs from HTTP to HTTPS in WordPress
If you want to manually redirect URLs from HTTP to HTTPS in WordPress, you can do so using the .htaccess file. Here are the steps:
Step 1: Backup Your Website
Before making any changes to your website, it’s important to create a backup of your website. This will ensure that you can restore your website to its previous state in case something goes wrong during the process.
Step 2: Access Your .htaccess File
The .htaccess file is a configuration file for Apache web servers that allows you to make various changes to the server settings. To access the file, you can use an FTP client such as FileZilla to connect to your website’s server.
Step 3: Edit the .htaccess File
Once you have accessed the .htaccess file, you can add the following code at the top of the file to redirect all HTTP requests to HTTPS:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]</IfModule>
Step 4: Save and Upload the Updated .htaccess File
After making the changes to the .htaccess file, save the file and upload it to your website’s server. Be sure to replace the existing .htaccess file with the updated version.
Step 5: Test the HTTPS Redirection
Once you have updated the .htaccess file, test the HTTPS redirection by accessing your website using HTTP. If the redirection is working properly, you should be automatically redirected to the HTTPS version of your website.
That’s it! By following these steps, you can manually redirect URLs from HTTP to HTTPS in WordPress using the .htaccess file. However, please note that if you are not comfortable making changes to the .htaccess file, it’s best to consult with a professional to ensure that the changes are made correctly.
Final Thoughts
With so many online tutorials available on adding SSL to your website, it can be overwhelming to navigate through the varying processes outlined in each. Unfortunately, many of these instructions are outdated and can end up consuming a lot of your valuable time. However, the truth is that the process of installing an SSL certificate is no longer as complicated as it used to be, thanks to the availability of Let’s Encrypt and Really Simple SSL plugin. With these tools, securing your website with an SSL certificate can be a quick and hassle-free process.
