HAPPY EASTER | Get 30% OFF for 4 Months | Use Promo Code: EASTER22

How to add SSL Certificate to Your WordPress Website in 2022?

Anmol Lohana

How to add SSL Certificate to Your WordPress Website in 2022?

Table of Contents

Are you losing the trust of your website users because of security issues? And you want to gain their trust back and make your website trustworthy.

Are you looking to move your WordPress website from HTTP to HTTPS but wondering how to add SSL Certificate to wordpress website? If yes, then You are in the right place. Here is a guide to quickly installing an SSL Certificate on your WordPress website.

You might already know the significance of HTTPS URLs and their priority in SERPs. Google announced that the Chrome browser would mark all websites without HTTPS/SSL as insecure.

In the previous blog, we discussed SSL and its work in detail. This article will help you learn how to install an SSL certificate on your website.

What is SSL?

SSL is an abbreviation for Secure Sockets Layer. It is a technology that is used to secure data over the internet. When a user tries to communicate with a server, SSL encrypts their information, provides users with security, and helps build clients’ trust.

The main goal of installing an SSL certificate on a website is to provide secure and encrypted data transit between the user’s pc and the website server over the internet.

It’s not just about safeguarding the website; it’s also about ensuring the security of user data through data encryption between the server machine and the user browser. It’s a security protocol that establishes secure connections between the browser and the server.

As a result, server-client communication becomes entirely secure. The SSL certificate secures your website and helps you earn client trust, and improve your search engine ranking.

The security system requires each participant’s authentication and encrypts all messages transmitted back and forth, ensuring that no outsiders can access the conversation.

 

Types of SSL Certificate

There are three different SSL certificates to protect your website with easy management.

how to add ssl certificate to wordrpess

Single Domain SSL Certificates

It is also self-explanatory, valid for a fully qualified domain name (FQDN). This certificate contains only one Single Alternative Name (SAN) field and refers to a single domain name like example.com or www.example.com.

Note: Single Domain SSL Certificate supports both www and non-www URLs. Both URLs will be considered as a single domain.

Multi-Domain SSL Certificates

The goal of this certificate is to make a single SSL certificate for multiple domain names. Subject Alternative Name (SAN) and Unified Communication Certificate are two terms used to describe Multi-Domain SSL (UCC).

A Multi-Domain SSL certificate protects multiple domain names, which might be either top-level domains or subdomains. The Multi-Domain SSL typically includes 250 domain names; however, the exact quantity depends on the certificate authority.

Wildcard SSL Certificate

This certificate protects all subdomain names under a single top-level domain name. It enables users to use a single certificate for a primary domain and all of its subdomains. A wildcard SSL certificate for *.example.com, for example, would secure blog.example.com, store.example.com, www.example.com, and other sites.

Which SSL is suitable for WordPress?

Which SSL certificate is suitable for your WordPress depends on your needs. A single SSL certificate is cost-effective with full security coverage if you have one domain name and no plans to add any subdomains or other domain names.

Multi-Domain SSL is a fantastic choice if you have multiple domain names and want cost-effective security coverage and simple management tools.

If your organization or corporation wants Extended validation, using a wildcard SSL certificate is a little more complicated because a wildcard certificate provides complete coverage of an unlimited number of sub-domain names under one primary domain name without EV validation. Wildcard SSL is the ideal option if you don’t want EV validation and have a separate subdomain associated with a single primary domain name in use.

How to get an SSL Certificate?

There are a few steps you should follow to get an SSL Certificate.

  • Before you apply for an SSL certificate, you need to verify your website’s information.
  • You can verify the website’s information using the ICANN Lookup tool.
  • Then Generate Certificate Signing requests (CSR) via Server or cPanel.
  • Submit the CSR to Certificate Authority (CA) for domain validation.
  • Install the SSL on your website.
How to add SSL certificate to wordpress website?

Different methods are available to install SSL on different servers. Here we will show you how to install SSL via cPanel and Devrims Hosting.

Install SSL Certificate via cPanel

You can install an SSL certificate via cPanel in two different ways.

  1. Let’s Encrypt SSL Certificate
  2. Generate CSR 

Let’s Encrypt SSL Certificate

Follow these steps to install a free Let’s Encrypt SSL Certificate on your cPanel.

  • Go to your cPanel by entering the URL www.example.com/cPanel 
  • Then, click on the Let’s Encrypt SSL icon in the Security section.

Contact your hosting provider if you cannot find the Let’s Encrypt SSL icon in your CPanel security section.

  • Go to the Issue a new certificate section and click on the +issue button for the domain you want to secure.
  • Select your domain (www and non-www) and mail server (example.com) options. Then, choose http-01 as the validation method.
  • Once you are done with all these things, click on the issue button.

It will take a little while for installation.

Certificate Issuance via Generating CSR

To generate CSR, follow these steps.

  • Login to your cPanel and go to the security section.
  • Click on SSL/TSL icon (Upon clicking, you will be redirected to SSL/TLS Manager page).
  • Inside Certificate Signing Request, click “Generate, view, or delete SSL certificate signing requests.”
  • Fill in all the fields like certificate type, domain name, etc.
  • Once all the data is filled, click on Generate button.

The CSR file is generated successfully and will be used for SSL certificate issuance purposes. Certificate Authority (CA) will ask you for some verification factors to confirm the website’s ownership. The public key of the CSR code will be sent to the certificate authority with other required details.

After the validation process completion, CA will issue an SSL certificate for you. You will receive an email to complete the installation.

Once the SSL certificate is installed successfully, you can see a padlock on the browser showing a secured sign. In case no padlock is showing, you need to verify if the SSL is installed successfully or not. To verify, kindly visit Devrims KB on How To Verify After An SSL Is Installed?

How to add SSL Certificate to wordpress with Devrims

Devrims provides a free SSL certificate in one click to secure your website and make it trustworthy. You can install an SSL Certificate with Devrims by following this guideline.

How to Properly Move WordPress from HTTP to HTTPS?

Once the certificate is successfully installed in your website hosting server, now you need to redirect the domain name from default http to https like http://example.com/ to https://example.com/. Without the Https rule, the certificate will not work, and users will still see the insecure domain warning. To protect the data, a secure HTTPS connection is necessary.

Setup HTTPS in WordPress Using a Plugin

It is easy to apply https to your WordPress website domain name. Without difficulty, one who does not have enough coding knowledge can redirect the domain name to https.

Many plugins are available to install WordPress SSL like Really Simple SSL, Cloudflare Flexible SSL, WP Force SSL, etc.

Let’s configure the SSL certificate using one of these plugins. We will do this with Really Simple SSL:

  • You need to install and activate the plugin first.
  • Go to the Plugins section on your WordPress dashboard and click on the Add New
  • Then search for the required plugin and click on the install button.
  • Once installation is completed, click on activate.
  • After activation, go to the SSL option of the settings section on your WordPress dashboard. (Settings >> SSL). It will automatically detect the SSL certificate and set up your website to HTTPS.

This plugin will take care of everything like

  • Checking the SSL certificate
  • Set WordPress to use HTTPS in the URL
  • Taking care of errors
  • Redirects HTTP to HTTPS

Note: The plugin uses the output buffering approach to try to fix mixed content issues. Because it replaces material on the site as the page loads, it may have a detrimental performance impact. This effect is only seen on the initial page load, and if you use a caching plugin, it should not be essential.

While the plugin claims that you can preserve SSL while securely deactivating the plugin, this isn’t entirely true. Because deactivating the plugin will result in mixed content errors, you must keep it running at all times.

Setup HTTP to HTTPS in WordPress Manually

You can manually apply the http to https rule on your WordPress website by editing WordPress files. You can use this method for a permanent solution with more optimization.

If you do not have technical skills, you can go for the first method, or if you want an optimized permanent solution, you can hire a WordPress developer. Let’s start.

  • Go to the Settings >> General section and update the WordPress website URL address. Replace http with https.
  • Remember to click the ‘Save changes’ button to save your changes.
  • WordPress will log you out and ask you to re-login once the adjustments are saved.
  • Then, in your .htaccess file, add the following code to set up WordPress redirects from HTTP to HTTPS.
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

If you’re using Nginx servers (which most people aren’t), you’ll need to add the following code to your nginx.conf file to convert from HTTP to HTTPS and must restart the Nginx after adding the below code:

if ($server_port = 80 ) {
return 301 https://$host$request_uri;
}

Note: Here, I have used mydomain.com as an example. So you need to replace mydomain.com with your actual domain.

WordPress will not load the whole website with https. You need to configure SSL in the wp-admin.php file if you want to force your site to be loaded with https.

Add the following code to the wp-admin.php file.

define('FORCE_SSL_ADMIN,' true);

Your website is now ready to use SSL/HTTPS, but it will show mixed content errors. Stylesheets, images, and other sources are the reason for these errors because they are still loading with HTTP in the URL, which is insecure.

But how will you know if something like that happens? You cannot see the padlock icon in your website address bar. Sometimes you can see the padlock icon in the browser’s address bar with a notification because some modern browsers block insecure and unsafe resources.

If you want to know which resource or script is causing the error, you can use the inspect tool. You will see some warnings in the console with details of mixed content items that show the insecurity errors, as shown in the figure below.

Mixed Content Errors can occur in any part of the WordPress website like database, theme, plugins, etc. The majority of your website’s data, like images, embeds, files, and other data causing the error of mixed content and incorrect URLs, is stored in your WordPress database.

If you are getting these Mixed Content Errors, follow this complete guide on How to resolve mixed content issues of WordPress.

How to renew an SSL Certificate?

Everything is supposed to have an expiry date, so is your WordPress SSL certificate. Let’s see how you can renew an SSL Certificate. Follow the steps given below.

Renew SSL Certificate via cPanel

  • First, sign in to the cPanel dashboard.
  • Go to the security section and click on SSL/TSL or Let’s Encrypt SSL Certificate.
  • You will see Expiring Certificates there. There will be an option “Renew Now” on the expiring certificates page; click on that.

Renew SSL Certificate with Devrims

There is a toggle button for auto-renewal that is auto-enabled by default. It will automatically renew the SSL before it expires. If the toggle button is disabled, you can go to your application and enable it for auto-renew.

Conclusion

Setting WordPress SSL is not as tough as it sounds. We have mentioned steps that you can follow to add SSL to your WordPress website.

I hope this article helped you add SSL and HTTPS to your WordPress website and make your site secure and trustworthy.

Share it!

Share on facebook
Share on linkedin
Share on twitter

Share it!

Share on facebook
Share on linkedin
Share on twitter

Start Creating Web Apps on Managed Devrims Cloud Server Now

Easy Web Deployment for Agencies, Developers and e-commerce Industry.

There's More To Read