Cybersecurity WordPress

How to Install an SSL Certificate On WordPress?

Wondering how to install SSL Certificate on your WordPress site?

Well, for starters, it is quite simple to do so, especially if you use a plugin.

And the benefits are enormous!

Search engines like Google will rank your website higher if your site link initially starts with the “HTTPS.’ It is because the protective socket layers that encrypt the transmission of data make it harder for hackers to commit any kind of fraud.

Install SSL Certificate on WordPress Website

Choose to safeguard users in your website and improve the search ranking of your pages. This article will discuss how to get SSL Certificate WordPress and show you the easiest way to install it on WordPress using plugin.

How to Choose the Right Certificate?

You will find three main types of SSL Certificates.

1] Domain validated certificates (High Risk)

This type of certificate is the cheapest, and it is checked against a domain registry. But since it does not identify organizational information, it is not safe to use this certificate for commercial purposes.

2] Organization validated certificates (Secure)

It is a trusted certificate conforming to the X.509 RFC standards. The organizations are validated by real agents against business registry databases hosted by governments. You can securely use it on a commercial and public website.

3] Extended validation (Very Secure)

The most trusted and secure certificate, it is used by most of the world’s leading organizations. You can opt for this certificate if you want to increase online transactions and boost customer confidence.

As you can see, OV and EV certificates are more secure, and they verify that your business is legitimate. If you want to gain the trust of your users and rank high on the search engine, avoid the free WordPress SSL Certificate or even the DV certificate. OV and EV certificates will cost you more than DV certificates, but they will offer your money’s worth.

If you even have a contact form on your site and still use a cheap or free SSL certificate, the browser will display red lock warning users landing on your website like in the image below.

Your Connection is Not Private

Furthermore, there are also Wildcard SSL certificates that will authenticate and protect all the sub-domains of your site.

Purchasing an SSL Certificate

Many web hosting providers, including WordPress, can link you with a Certificate Authority to buy an SSL certificate.

You can to get Cheap SSL Certificate from ClickSSL for WordPress without spending a hefty amount. It has partnerships with renowned brands, including RapidSSL, Comodo, GeoTrust, Thawte, and Symantec.

Types of SSL Certificates offered by ClickSSL.

  • Single Domain SSL Certificates.
  • Domain Validated Certificates.
  • Organization Validated Certificates.
  • Extended Validation Certificates.
  • Wildcard SSL Certificates.
  • SAN / Multi-Domain Certificates.
  • Exchange SSL Certificates.
  • Code Signing Certificates.

Another good thing about buying SSL Certificates from ClickSSL is that the certificates are backed by a 30-day 100% money-back guarantee in case you are not satisfied with the products.

Installing SSL Certificates on WordPress

Assuming that you have an SSL certificate now, let’s learn how to install it on WordPress. But before that, if you have a hosting account with unlimited domains and own more than one website, you’ll need to decide which is getting the new SSL.

1) Installing SSL Certificate Using a Plugin

It is the easiest way to install an SSL Certificate on WordPress. The web host offers a number of free plugins. You can use Really Simple SSL plugin or opt for Cloudflare Flexible SSL, the two popular free plugins.

Really Simple SSL plugin

If you use Really Simple SSL plugin, you won’t need additional setup outside of installation and activation. You don’t have to manually make changes to the .htaccess file. Further, you can see the configuration settings.

Really Simple SSL plugin

(Image Source)

Simply go to “Plugins Add New’’ in the WordPress backend. You will find “Really Simple SSL” ready to be installed.

Add Really Simple SSL plugin

After activation, go to “Settings → SSL” to view your current status. You won’t have to configure anything.

Really Simple SSL - Activate

When the plugin verifies that you have an SSL certificate, WordPress will start loading HTTPS instead of HTTP. The web host will also set redirects from HTTP webpages and try to correct those still loading with HTTP.

Remember to keep the plugin active at all times. In case you deactivate it, you will be facing issues with content errors.

2) Cloudflare Flexible SSL Plugin

If you opt for Cloudflare for your SSL, this plugin will make all necessary changes once it has been installed and activated.

It will enable Flexible SSL on WordPress and prevent infinite redirect loops when loading WordPress sites.

Cloudflare Login

To begin, log into your Cloudflare account, go to Crypto from the top menu bar, and choose Flexible SSL in SSL option.

Cloudflare Flexible SSL

You will have to wait a minimum of 10-15 minutes to activate Flexible SSL. When it is activated, it will show green ACTIVE CERTIFICATE as shown in the above picture.

To prepare WordPress for Cloudflare’s Flexible SSL, leave your WordPress Address (URL) and Site Address (URL) as HTTP in your WordPress backend.

The next step is to install the Cloudflare Flexible SSL Plugin. Visit the ‘Plugins’ section in your wp-admin dashboard and click on ‘Add new’. Look for the ‘Cloudflare Flexible SSL’ and install it. It will enable the Flexible SSL and avert the infinite redirect loop which may occur.

Cloudflare Flexible SSL Plugin

Using a plugin can simplify the use of SSL for your site. Many plugins will automatically make the essential changes once you buy the certificate. Some will even set up the site simply by activating the plugin. You won’t have to do anything.

However, there’s one major setback of installing an SSL certificate with plugins. It may not permanently fix old content, and the website loading times might be not very fast. So, is possible, try to opt for the other route, the one where you have to take a few steps on your own. All your efforts will be worth it in the end.

3) Installing SSL Manually

Though installing SSL manually is not easy, it is a more permanent than doing it using a plugin.

It is better to do this on a staged website in case something goes wrong. You can also use online backup in case you need to restore any changes. Since you will be editing core WordPress files, a mistake could ruin your website.

First, go to WordPress back-end and follow “settings general.” Edit your WordPress address and site address from HTTP to HTTPS and save your changes.


Next, force your site to redirect HTTP traffic to HTTPS. Open an FTP client to see your .htaccess file in the root directory.

Redirect HTTP traffic to HTTPS

Insert the codes below:

[mks_toggle title=”Redirect HTTP to HTTPS” state=”open”]
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

You’ll need a different snippet if you use nginx servers. Not sure which you’re using? You need to call up your web hosting provider.

The configuration file below is for nginx servers.

[mks_toggle title=”Redirect HTTP to HTTPS” state=”open”]server {
listen 80;
return 301$request_uri;

Insert your domain name in place of “”

Since your WordPress will be using HTTPS instead of HTTP now, you can force it to use SSL.

Go to FTP client and find “wp-config.php” in “public_html” where your database information will be stored.

FTP client

The above line reads “that’s all, stop editing,” add the following code:

define(‘FORCE_SSL_ADMIN’, true);

Now your website will be forced to use SSL and HTTPS.

Note that your website will still get mixed content errors.

You can correct it using a plugin.

Install the Better Search Replace plugin and go to “toolsBetter Search Replace” to open the menu.

Better Search Replace plugin

Insert your old URL, “,” in the “search for” field. Insert your new URL, “” in the “replace with” field.

Choose all your tables in the section below to scan everything.

First, you can check the “run as a dry run” box to search through your database without updating any files. Next, unmark that setting and let the plugin go to work.

After that, you are all set with your SSL certificate.

Final Thoughts

Though people often think of setting up a WordPress SSL certificate is a tricky and complicated task, it is not so. You can follow the easy steps shown above to install it with the plugin.

Not only does an SSL certificate helps in gaining the trust of your website users, but it can also rank your site on top in search engines. Investing in an SSL certificate is a cost-effective plan for your business.

Spread the love

About the author

Michael Austin

Michael Austin is a Internet Entrepreneur, Blogger, Day Dreamer, Business Guy, Fitness Freak and Digital Marketing Specialist. He also helps companies to grow their online businesses.