How to Set up SSL for a WordPress Website

Do you want to protect your website data? Try moving from HTTP to HTTPS by setting up an SSL Certificate. In this article, we will show you exactly how to do it. Let’s take an in-depth look!

How Does SSL Work?

HTTP (Hypertext Transfer Protocol) is a protocol used to view web pages. It connects browsers with the server. However, all information transmitted through HTTP is sent in plain text.

Hence, hackers can easily steal sensitive information within the connection. This can be done through man-in-the-middle attacks, where the data can be intercepted and read while it’s being transferred. Not only do these attacks endanger visitor personal data, but they can also forge and falsify information during the transfer. To avoid this risk, you can encrypt the data by using the safer version of the protocol – HTTPS.

In other words, HTTPS will encrypt information retrieved by HTTP through SSL (Secure Socket Layer). The addition S at the end of HTTPS stands for “secure” – once the SSL certificate is implemented, the transferred data is encrypted. Therefore, sensitive information, like login credentials or credit card information, can be transmitted safely. 

SSL uses public-key encryption to make the information unreadable for any third parties, making sure only the recipient can view it in plain text. Here’s how it works:

  1. When visitors open your website, their browser will seek the site’s identity.
  2. The web server will send a copy of your SSL certificate to show your website’s identity, which also indicates that your site is trustworthy.
  3. Once identified, the browser and the server can create a secure session – all data is encrypted before the transfer, and is decrypted on the browser once it reaches the recipient with the help of the generated key.

A website protected by an SSL certificate will use HTTPS protocol instead of HTTP. It will also show a green padlock next to the site’s address, indicating that it is secure. All popular browsers, like Chrome, Mozilla, and Edge, now label websites that do not use an SSL certificate as “not secure.” So an SSL won’t only protect you and visitors, but also make your site more appealing.

How to Set up SSL on a WordPress Website?

In this section, we’ll show you how to move your website to HTTPS by installing an SSL certificate. First, you should backup your site to avoid losing data if anything goes wrong. Then, you can enable an SSL certificate on your domain – which we’ll cover next!

1. Enable SSL Certificate on Your Domain

There are two ways to get an SSL certificate. First, you can purchase it. As an example, Comodo offers premium SSL certificates, which start from $88/year. They provide benefits like free SSL management tools and free website vulnerability scanning.

Second, you can use a free SSL certificate. It’s easy to apply since plenty of hosting providers – including SiteGround, Hostinger, and Dreamhost are offering Let’s Encrypt’s free SSL certificate on their hosting plans. 

The following steps will show you how to enable a free SSL certificate:

  1. Enter your hosting control panel.
  2. Navigate to Security -> Let’s Encrypt SSL.
  3. Get a new certificate by pressing Issue next to your domain.
  4. Select all the subdomains that you want to include as part of the certificate.
  5. Click the Issue button to finish the installation.

2. Activate SSL on Your Website

Once you’ve enabled the SSL certificate on your domain, it’s time to activate the SSL on your website. There are two methods to do it: use a plugin or add the activation code manually.

Use A Word Press Plugin

Really simple SSL plugin


This method is the easiest way to activate SSL. One of the most popular plugins for this task is Really Simple SSL. True to its name, the setup process is straightforward:

  1. Enter your WordPress admin dashboard.
  2. Navigate to Plugins -> Add New.
  3. Install and activate the plugin.
  4. Click on Go ahead, activate SSL!
  5. The changes will take effect once you’ve logged back in. Now you’ll see a padlock and HTTPS beside your site’s URL on the browser’s address bar.

Don’t forget to add HTTPS as your domain’s new prefix in tools like Google Search Console and Google Analytics. So, your website can still be tracked with the new prefix.

Add Code to .htaccess File

Alternatively, you can activate SSL manually by inserting a code snippet to the .htaccess file. Keep in mind that this method might suit well to advanced users. It’s recommended if you’re already familiar with editing WordPress core files.

Here are the steps to apply this method:

  1. In your WordPress admin dashboard, navigate to Settings -> General.
  2. Enter HTTPS as the new prefix in the WordPress Address and Site Address bar.
  3. Click Save Changes at the bottom of the page.
  4. Access your site’s root directory – you can do so by using FTP client like FileZilla or your hosting’s File Manager. In this example, we’ll use the File Manager.
  5. Enter your hosting control panel. Then, navigate to Files -> File Manager.cpanel file manager
  6. In the public_html folder, open the .htaccess file and insert the following code:
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    </IfModule>
  7. Click Save to apply the change.

That’s it! Now, if you visit your website, the prefix would have changed to HTTPS.

Conclusion

Moving your site from HTTP to HTTPS is essential to secure sensitive information. To do this, you should set up SSL. It will encrypt all the data transmitted between the visitors’ browser and the server.

In this article, you’ve learned how to set up SSL on your WordPress site in two simple steps. Let’s quickly recap:

  1. Enable SSL certificate on your domain – purchase a premium SSL certificate or use a free SSL certificate provided by your hosting. Then, issue the certificate on your domain.
  2. Activate HTTPS on your site – do it by using a WordPress plugin or adding code manually in the .htaccess file.

Above all, don’t forget to backup your site to avoid the risk of losing data. Good luck on securing your website! You can do that with a plugin such as BackupBuddy.

Leave a Reply

Hi there, all comments are reviewed & your email address will not be published. Let's have an awesome conversation.