How to Add Free SSL in WordPress with Let’s Encrypt

When we first covered how to add SSL in WordPress, a lot of our readers asked for a free SSL solution. Unfortunately nothing existed at that time. However that has changed now thanks to Let’s Encrypt. In this article, we will show you how to… Read More »

The post How to Add Free SSL in WordPress with Let’s Encrypt appeared first on WPBeginner.

When we first covered how to add SSL in WordPress, a lot of our readers asked for a free SSL solution. Unfortunately nothing existed at that time. However that has changed now thanks to Let’s Encrypt. In this article, we will show you how to add free SSL in WordPress with Let’s Encrypt.

Adding a Free SSL Certificate in WordPress with Let’s Encrypt

What is SSL and Let’s Encrypt?

Every internet user shares lots of personal information each day. We do that when shopping online, creating accounts, signing into different websites, etc.

If not properly encrypted, then this information can be spied upon and stolen. This is where SSL comes in. It provides the encryption technology to secure the connection between a user’s browser and the web server.

Each site is issued a unique SSL certificate for identification purposes. If a server is pretending to be on HTTPS, and it’s certificate doesn’t match, then most modern browsers will warn the user from connecting to the site.

Unsecure connection warning in Google Chrome

Previously, the only way to secure sites with SSL was by using a paid SSL certificate.

Let’s Encrypt is a free open certificate authority that aims to provide SSL certificate for general public. It is a project of Internet Research Group, a public service corporation. Let’s Encrypt is sponsored by many companies including Google, Facebook, Sucuri, Mozilla, Cisco, etc.

Let's Encrypt

Having said that, let’s take a look at how you can add free SSL certificate to your WordPress site with Let’s Encrypt.

Easy Way – Using a Host That Offers Built-in Free SSL

As Let’s Encrypt is becoming popular, some WordPress hosting companies have already started offering built-in easy SSL set up.

The easiest way to add Let’s Encrypt free SSL to WordPress is by signing up with a hosting company that offers a built-in integration.

Setting up Free SSL with Let’s Encrypt on SiteGround

SiteGround is one of the most trusted and well-known hosting companies offering built-in integration of free SSL. We use Siteground for our List25 website.

Here is how to enable Let’s Encrypt free SSL in SiteGround.

Simply login to your cPanel dashboard and scroll down to the security section. There you will need to click on the Let’s Encrypt icon.

Let's Encrypt icon in cPanel

This will bring you to the Let’s Encrypt install page. You will need to select the domain name where you want to use the free SSL, and then provide a valid email address.

installletsencrypt

You can now click on the install button. Let’s encrypt will now issue a unique SSL certificate for your website. Once it’s finished, you will see a success message.

Let's Encrypt installed

That’s all, you have successfully integrated Let’s Encrypt free SSL to your WordPress site.

However, your WordPress site is not yet ready to use it. First you will need to update your WordPress URLs and then fix insecure content issue.

Don’t worry we will show you how to do that. Skip to the section on updating URLs and fixing insecure content issues.

Setting up Free SSL with Let’s Encrypt on DreamHost

DreamHost is another popular WordPress hosting service provider that’s offering built-in integration to setup free SSL on any of your domains hosted with them.

First you need to login to your Dreamhost dashboard. Under the Domains section, you need to click on secure hosting.

Secure Hosting

On the secure hosting page, you need to click on ‘Add Secure Hosting’ button to continue.

Dreamhost will now ask you to select your domain. Below that it will give you an option to add free SSL certificate from Let’s Encrypt. You need to make sure that this checkbox is checked.

Adding secure hosting

You can optionally choose to add a unique IP to your domain name. It is not required, but will improve compatibility with older versions of Internet Explorer on Windows XP.

Click on Add Now button to finish the setup. DreamHost will now start setting up your Free SSL certificate with Let’s encrypt. You will see a success message like this:

Success message after adding free SSL on DreamHost

You have successfully added a free SSL certificate with Let’s Encrypt to your WordPress site on DreamHost.

You still need to update WordPress URLs and fix insecure content issue. Jump to the section, updating WordPress URLs after setting up SSL.

Installing Let’s Encrypt Free SSL on Other Web Hosts

Let’s Encrypt free SSL is a domain based SSL certificate. This means that if you have a domain name, then you can add it on any web host.

However, if your web host does not offer an easy integration like SiteGround or DreamHost, then you will need to go through a somewhat lengthy procedure.

This procedure differs from one web host to another. Most hosting companies have a support document explaining how to do that. You can also contact their support staff for detailed instructions.

BlueHost one of the official WordPress hosting providers allows you to add third-party SSL to your domains hosted with them. For detailed instructions, take a look at their SSL installation of 3rd party certificate page.

Updating WordPress URLs After Setting up SSL

After setting up the Free SSL certificate with Let’s Encrypt, the next step is to move your WordPress URL from HTTP to HTTPS.

A normal site without SSL certificate uses HTTP protocol. This is usually highlighted with http prefix in web addresses, like this:

http://www.example.com

Secure websites with SSL certificates use HTTPS protocol. This means that their addresses look like this:

https://www.example.com

Without changing the URLs in your WordPress site, you will not be using SSL and your site will not be secure for collecting sensitive data.

Having said, let’s see how to move WordPress URLs from http to https:

For Brand New WordPress Website

If you are working on a brand new website, then you can just go to your WordPress admin area and click on settings. There you will need to update the WordPress URL and Site URL fields to use https.

Setting up WordPress to use HTTPS in URLs for a new website

Don’t forget to save your changes.

For Existing WordPress Sites

If your site has been live for a while, then chances are that it is indexed by search engines. Other people may have linked to it using http in the URL. You need to make sure that all traffic is redirected to the https URL.

First thing you need to do is install and activate the Really Simple SSL plugin. For more details, see our step by step guide on how to install a WordPress plugin.

The plugin will automatically detect your SSL certificate and set up your website to use it. In most cases, you will not have to make any more changes. The plugin will also fix insecure content issue.

Update Google Analytics Settings

If you have Google Analytics installed on your WordPress site, then you need to update its settings and add your new url with https.

Login to your Google Analytics dashboard and click on ‘Admin’ at the top menu. Next, you need to click on property settings under your website.

There you will see the default URL option. Click on http and then select https.

Changing default URL in Google Analytics

Don’t forget to click on the save button to store your settings.

That’s all, we hope this article helped you add Free SSL in WordPress with Let’s Encrypt. You may also want to see our list of 40 useful tools to manage and grow your WordPress blog.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Add Free SSL in WordPress with Let’s Encrypt appeared first on WPBeginner.

How to Add SSL and HTTPS in WordPress

Are you looking to move from HTTP to HTTPS and install a SSL certificate on your WordPress site? In this article, we will show you how to add SSL and HTTPS in WordPress. Don’t worry, if you have no idea what SSL or HTTPS is.… Read More »

To leave a comment please visit How to Add SSL and HTTPS in WordPress on WPBeginner.

Are you looking to move from HTTP to HTTPS and install a SSL certificate on your WordPress site? In this article, we will show you how to add SSL and HTTPS in WordPress.

Don’t worry, if you have no idea what SSL or HTTPS is. We’re going to explain that as well.

What is HTTPS and SSL?

WordPress Security

Every day we share our personal information with different websites whether it’s making a purchase or simply logging in.

In order to protect the data transfer, a secure connection needs to be created.

That’s when SSL and HTTPS come in.

HTTPS or Secure HTTP is an encryption method that secures the connection between users’ browser and your server. This makes it harder for hackers to eavesdrop on the connection.

Each site is issued a unique SSL certificate for identification purposes. If a server is pretending to be on HTTPS, and it’s certificate doesn’t match, then most modern browsers will warn the user from connecting to the site.

Google Chrome showing warning about an unsecure connection

Now you are probably wondering, why would you ever need to move from HTTP to HTTPS and install a SSL certificate?

Why do you need HTTPS and SSL?

If you are running an eCommerce website, then you absolutely need a SSL certificate specially if you are collecting payment information.

Most payment providers like Stripe, PayPal Pro, Authorize.net, etc will require you to have a secure connection using SSL.

Recently, Google also announced that they will be using HTTPS and SSL as a ranking signal in their search results. This means that using HTTPS and SSL will help improve your site’s SEO.

We already use SSL for our eCommerce sites like OptinMonster, Soliloquy, and Envira Gallery. We will also switch all content sites to SSL as well. We just added SSL for Syed Balkhi’s blog (our founder).

A site secured by HTTPs and SSL in WordPress

We’re often asked wouldn’t SSL and HTTPS slow down my WordPress website? In reality, the difference in speed is negligible, so you should not worry about that.

Requirements for using HTTPS/SSL on a WordPress Site

The requirements for using SSL in WordPress is not very high. All you need to do is purchase a SSL certificate.

Some WordPress hosting providers offer free SSL with their plans. Siteground, one of our favorite providers, offer a one year free SSL certificate with their “grow big” plan).

If your hosting provider does not offer a free SSL certificate, then you can ask them if they sell third party SSL Certificates. Most hosting providers like Bluehost sell them around $50-$200.

You can also buy SSL from providers like Godaddy.

Once you have purchased a SSL Certificate, you would need to ask your web hosting provider to install it on your server.

This is a fairly straight forward process.

How to Setup WordPress to Use SSL and HTTPS

If you are starting a new site and/or want to use HTTPS everywhere on your site, then you need to update your site URL.

You can do this by going to Settings » General and updating your WordPress and site URL address fields.

updating-urls

Now if you’re adding SSL to your existing site, then you need to setup WordPress SSL redirect from HTTP to HTTPS.

You can do this by adding the following code in your .htaccess file:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R,L]
</IfModule>

Don’t forget to replace yoursite.com with your site URL.

If you are on nginx servers (most users are not), you would add the following to redirect from HTTP to HTTPS:

server {
listen 80;
server_name yoursite.com www.yoursite.com;
return 301 https://yoursite.com$request_uri;
}

By following these steps, you will avoid the WordPress HTTPS not working error because all your site URL and content will be on SSL.

If you want to add SSL and HTTPS on your WordPress multi-site admin area or login pages, then you need to configure SSL in wp-config.php file.

Simply add the following code above the “That’s all, stop editing!” line in your wp-config.php file:

define('FORCE_SSL_ADMIN', true);

This wp-config.php SSL trick works for single sites as well as multi-sites.

Setup SSL and WordPress HTTPS on Exclusive Pages

Now if for some reason, you only want to add HTTPS and SSL on specific pages of your site, then you would need the plugin called WordPress HTTPS (SSL).

First thing you need to do is install and activate the WordPress HTTPS (SSL) plugin.

Please note that this plugin hasn’t been updated for a while, but it works fine and is safe to use. See our guide on installing plugins not tested with your WordPress version for more information.

Upon activation the plugin will add a new menu item labeled HTTPS in your WordPress admin. You can click it to visit the plugin’s settings page.

WordPress HTTPs SSL settings

The first option of the settings page asks you to enter your SSL host. Mostly it is your domain name. However, if you are configuring the site on a subdomain and the SSL certificate you got is for your main domain name, then you will enter the root domain. If your using a shared SSL certificate provided by your web host, then you will need to enter the host information they provided instead of your domain name.

In some cases if you are using a non-traditional SSL host and need to use a different port, then you can add it in the port field.

Force SSL Administration setting forces WordPress to use HTTPs on all admin area pages. You need to check this box to make sure that all traffic to your WordPress admin area is secure.

The next option is to use Force SSL Exclusively. Checking this box will only use SSL on pages where you have checked the Force SSL option. All other traffic will go to the normal HTTP url.

This works if you only want to use SSL on specific pages like shopping cart, checkout, user account pages, etc.

Click on the save changes button to store your plugin settings.

If you want to use HTTPS just for specific pages, then you need to edit those pages and check the Force SSL checkbox.

Forcing HTTPs on specific pages and posts

Once done, visit your page to ensure that you have all green light in Chrome and other browsers.

Chrome WordPress HTTPS error

That’s all, we hope this article helped you add HTTPS and SSL in WordPress. You may also want to check out our guide on when do you really need managed WordPress hosting.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Google+.

To leave a comment please visit How to Add SSL and HTTPS in WordPress on WPBeginner.