Search
Close this search box.

Easy ways to get FREE SSL security for your WordPress website

If you get a hosting plan from Hostinger or another hosting provider that already offers an SSL certificate for free with their plans. Then, you won’t need to do anything; your WordPress website will already be SSL-secured. 

But if you don’t have it, you can manually do it. Though it’s a bit technical, we’ll try our best to explain it very simply.

If you’re running a website, whether it’s a personal blog or an online store, an SSL certificate is not just any “nice to have” thing. 

Nowadays, it’s the backbone of your website, particularly after 2018 when Google announced that websites that don’t have SSL certificates will not rank in Google search results. 

Websites that have it will be given priority. On top of that, they introduced another function, the “Not Secure” red color indicator, on the URL bar. 

The user seeing it will know that your website is NOT secured. 

Why? Smart internet users know that SSL ensures that any data shared between your website and them is encrypted and secure. 

Without SSL, sensitive information like passwords, credit card numbers, and personal details are exposed to hackers so easily. 

SSL creates a secure way for that data to travel, which protects both your website and your users.

With an SSL certificate, your visitors will see the padlock icon and will be rest assured to trust you and convert. They actually feel confident that your site is safe to use.

So that’s why if you still don’t have an SSL certificate, then you won’t be getting visibility, and visitors will keep running away. 

Enable a FREE SSL certificate from your hosting provider dashboard

Firstly, you have to get your SSL certificate. What it does is verify the identity of your website and encrypt it; it’s a digital file. 

The surprising part is that people had to pay a steep fee for an SSL certificate. But nowadays, you can easily get it for free from Let’s Encrypt. 

Login to your hosting provider: 

Simply go to your hosting provider’s website and login to jump to the dashboard, then go to the SSL/TLS Section from the side menu.

On the sidebar at the dashboard, you’ll find the SSL/TLS or Security section. This is where you can manage your SSL certificates.

Choose Let’s Encrypt: 

Now, this is where you can get your FREE SSL certificate without paying any fee. 

Choose the option to add a new SSL certificate and select “Let’s Encrypt” from the available options.

Choose your domain: 

Select the domain or subdomain you want to secure with the SSL certificate. If you’ve got multiple domains and websites, make sure you select the right one. 

Install the certificate: 

Now, that’s it; you’ll just have to click on the install button, and your hosting provider will handle the rest of the processes, including generating the certificate and configuring your server.

How to turn on HTTPS in WordPress after installing an SSL certificate

Once you’ve installed an SSL certificate from your hosting provider. The job’s not done yet. 

You’ll require just one other step to enable HTTPS on your WordPress website. 

This is when your website will start to show up with the secured padlock popup.

  • Log in to Your WordPress Dashboard

Type “yourdomain.com/wp-admin” into your browser. Once you’re in, you’re ready to start the process of switching from HTTP to HTTPS.

 2. Check Your SSL Installation

So, before you enable HTTPS on your WordPress website, you need to check first if the SSL is enabled from your serverside (hosting). 

 You can verify this by simply typing your website with `https://` instead of `http://`

Here’s an example: 

https://yourdomain.com

If the site loads without any errors, the SSL is active.

3. Install and activate the plugin to make it easier

You can also do this through manual methods, of course, but that might require more effort. So, the plugin is the best bet for you. One of the most popular and trusted plugins for this is “Really Simple SSL.”

  • Go to Plugins in your WordPress dashboard and then click Add New
  • Type “Really Simple SSL.” from the search bar.
  • Once you find it, click Install Now and then Activate.

 4. This plugin will automatically enable it

Once you activate it, the plugin will automatically enable the SSL certificate. You can check it by going to Settings > SSL. 

But the problem here is that this plugin might cause issues like mixed content and requires a premium version for strict HTTP enabling. 

You could even fall into content mixing issues, which means your website will be using both HTTPS and HTTP for different pages or content that will load through HTTP. 

Your website will still not be secured in that case. 

5. Using the better search plugin:

There’s another better option: use the Better Search Replace plugin. It’ll help you find and replace any remaining `http://` URLs in your database with `https://`, and you’ll get rid of content mixing. 

Simply install it and then: 

  • Go to Tools
  • Select Better Search Replace
  • You’ll see the two boxes: one is Search for, and the second is Replace with
  • Add the “http://yourdomainname” version of your domain name in Search for. 
  • Add the “https://yourdomainname” version of your domain name in Replace with. 
  • Select all the tables and UNCHECK this option: “If checked, no changes will be made to the database, allowing you to check the results beforehand.”
  • And then click Run Search/Replace

 6. Update WordPress Address and Site Address 

Now, here’s the extra step, which will completely convert your site to HTTPS:

  • Go to Settings in your WordPress dashboard. 
  • Then General.
  • Now look for the WordPress Address (URL) and Site Address (URL) fields.
  • Make sure both fields start with `https://` instead of `http://`. (ex: https://yourdomainname.com)
  • Click Save Changes.

Last Step: Force HTTPS on your website

Now, it’s the last part of moving your WordPress website entirely to the HTTPS version. So, there won’t be any problems if your visitors are directed to an insecure version of your site. 

To do this, you’ll have to enforce HTTPS. This can be done through your hosting control panel, or you can add a redirect rule to your “.htaccess” file.

It’s a configuration file for the server (hosting). 

Here’s how to do it with “.htaccess”:

  1. Access your site’s files through an FTP client or your hosting provider’s File Manager (Hostinger has its file manager)
  2. Look for the “.htaccess” file in your root directory.
  3. Add the following code at the top of the file to force HTTPS:

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

</IfModule>

  1. Save the file and close it. Now, all visitors will be redirected to the secure version of your site.

8. Test Your Website

Finally, visit your site to make sure everything is working smoothly. Look for the padlock icon in the address bar, which will show that your site is secure. 

If you see it, then congrats! Your efforts have all paid off. Your WordPress site is now running securely over HTTPS.

But remember that if you buy hosting services, Bluehost or Hostinger, there’s just no need to do it. Your website will already be secured without even doing anything. 

It’s also important that you put your new HTTPS URL in the Google Search Console as a better SEO practice, and Google will know your website is now secured. 

How to enable HTTPS in WordPress using Cloudflare (FREE)

Now, if you know about Cloudflare, then you’ll know that they give a free SSL certificate through its services, and enabling HTTPS with it will be a straightforward process. 

In fact, it’s simpler than doing it through WordPress plugins. 

Cloudflare works as a reverse proxy and is like a firewall between your visitors and your hosting server, which makes it easier to secure your site and enhance its performance. 

If you choose Cloudflare, you’re not only going to get a FREE SSL certificate, but you can also enable CDN (Content Delivery Network). 

This will help your website improve its speed! This is also another crucial step for SEO and user experience. 

Here’s how to enable HTTPS in WordPress using Cloudflare:

Don’t worry; the SSL and even the CDN are free with Cloudflare, so it’s just an easy step.

 1. Sign Up for a Cloudflare Account

Create a Cloudflare account with your email and enter your password by going to https://www.cloudflare.com and signing up for a free account.

 2. Add Your Website to Cloudflare

After creating your account, Cloudflare will prompt you to add your website:

  • Enter your domain name (e.g., `yourdomain.com`) and click Add Site.
  • Then, you’ll see a new dashboard where you can select the FREE basic plan. 
  • Cloudflare will then scan your DNS records. This might take a moment, but once it’s done, you’ll be shown a list of your current DNS records.

 3. Update Your Nameservers

Once your DNS records are scanned, Cloudflare will provide new nameservers for you to use. You’ll need to update your domain’s nameservers to point to Cloudflare.

  • Go to your domain registrar (where you bought your domain name), log in to your account, and find the section where you manage your domain’s DNS settings.
  •  Replace the current nameservers with the ones Cloudflare provided.
  • Save the changes, and give it a few hours (up to 24) for these changes to propagate globally.

 4. Configure SSL in Cloudflare

Now that your site is connected to Cloudflare, the next step is to configure SSL. 

Cloudflare offers a few different SSL options, but the most commonly used (and beginner-friendly) option is Flexible SSL. 

Here’s how to set it up:

Go to the SSL/TLS tab in your Cloudflare dashboard, and then under the SSL section, choose the Flexible option. 

This will confirm that traffic between your visitors and Cloudflare is secured, even if the connection between Cloudflare and your web server isn’t fully encrypted (though Full SSL is preferred if your hosting provider supports it).

Once selected, your website should start serving traffic over HTTPS.

 5. Install and Activate the Cloudflare Plugin in WordPress

To ensure smooth integration between Cloudflare and WordPress, you’ll need to install the official Cloudflare plugin. This will help you manage Cloudflare settings directly from your WordPress dashboard.

  • Go to Plugins from your WordPress dashboard > Add New.
  • Search for “Cloudflare” and install the Cloudflare plugin.
  • Once installed, click Activate.

 After activation, you’ll be asked to enter your Cloudflare account email and API key (which you can find in your Cloudflare account under “My Profile” > “API Tokens”).

 After entering the credentials, click Save API Credentials.

 6. Force HTTPS with Cloudflare

With SSL configured, you now need to ensure all visitors are directed to the HTTPS version of your site. Cloudflare makes this easy with their Always Use HTTPS option:

  •  In the Cloudflare dashboard, go to the SSL/TLS tab
  • Find the Always Use HTTPS option and turn it on. This will automatically redirect any visitors from `http://` to `https://`.

 7. Fix Mixed Content Issues

You could stumble upon the same problem of “mixed content.” 

This happens when images, stylesheets, or scripts are loaded via insecure HTTP while your site is running on HTTPS.

But with Cloudflare, you can easily fix it because they offer an option called Automatic HTTPS Rewrites:

In the SSL/TLS settings, scroll down and enable Automatic HTTPS Rewrites

This option ensures that any assets being loaded over HTTP are automatically rewritten to HTTPS.

Update WordPress URLs

Now, you’ll have to go through the same step we talked about at the top. This is crucial because it’s the last step in permanently setting up HTTPS.

  • Go to your WordPress dashboard and navigate to Settings > General.
  • Make sure both the WordPress Address (URL) and Site Address (URL) fields start with `https://` instead of `http://`.

 Now, just save the changes.

Check Your Site for Security

Once everything is set up, you should test your site finally so as to know it’s running securely over HTTPS.

Visit your website using `https://yourdomain.com` and look for the same padlock symbol in the address bar.

If you run into any issues, Cloudflare’s support team can help guide you through troubleshooting, or you can use their community forums for additional tips.

It’s optional: Use “Full” or “Full (Strict)” SSL.

If your hosting provider supports SSL and you want a higher level of security, you can switch from Flexible SSL to Full or Full (Strict) SSL in Cloudflare. 

For example, in the case of Hostinger, we get free SSL. So, we can turn it on for more security. 

Here are the differences between them: 

Full SSL: 

Encrypts traffic between Cloudflare and your server but does not verify if your SSL certificate is valid.

Full (Strict) SSL: 

Encrypts traffic between Cloudflare and your server and ensures your SSL certificate is both valid and trusted.

You can switch to these options in the same SSL/TLS section of your Cloudflare dashboard. 

Wrap Up: 

If you’re reading this blog while you still haven’t invested in a hosting provider for your new website. Then, you must choose a hosting provider that is already giving you a free SSL certificate, so you won’t have to install any plugins or do technical things. 

If your service provider doesn’t offer it, then it’s fine to use the Full-SSL option. 

We at USDigitarget always use Cloudflare for our clients. 

Why? Because then we don’t have to use plugins to make any changes to the database nor mess with the “.htaccess” file. 

Plugins have the potential to slow down your website. Plus, you also get free CDN for your WordPress website to speed it up with Cloudflare. It also gives robust protection.  

If you’re concerned about your website security and speed, check out how USDigitarget can help you speed up your website with security without breaking the bank.

Leave a Reply

Your email address will not be published. Required fields are marked *