Installing an SSL certificate on your WordPress website can be a daunting task if you haven’t done it before. Even if you have done it, depending on how you go about it, things can get a little sticky.
In this article, we’ll cover some of the basic methods on how you would go about doing it and the different ways that you can implement it and fix insecure content on your WordPress website.
Why do you need an SSL certificate?
In this article, we covered the ins and outs of SSL certificates, but to summarize, an SSL (Secure Sockets Layer) certificate is a security protocol for encrypting data between the client and server. It’s used to secure information on forms, credit card transactions, and logins among other things on your website.
If you don’t have it in place on your website then every time someone types in their personal information or go to check out, an insecure connection is being used.
This opens up the possibility of having their information stolen by nefarious people looking for data to sell on the black market. If you already have it in place, however, then your users are protected from this type of activity and can rest easy knowing that everything they submit is encrypted and safe.
How do I get an SSL Certificate for my website?
There are three main ways that you can go about getting an SSL certificate for your WordPress website.
The first way is to get it through your hosting provider.
In this case, they will install one for you automatically and give you the necessary information on how to use it with WordPress or cPanel (or however their control panel works).
The second way would be to do it yourself.
This usually requires a little more technical know-how but isn’t too difficult these days either if you have some experience working with websites already.
We recommend checking out Let’s Encrypt, they offer free certificates that you can implement on your site.
The third way is to buy an SSL certificate from a separate company.
This can be used if you don’t have to host with cPanel or Plesk, but it will mean having to do everything manually when installing the certificate which means even more work for your end!
However, this option gives you complete control over what type of certificates are being issued so that might appeal to some people who know exactly what they want and need in terms of security protocols.
How do I force WordPress to use the SSL Certificate?
As mentioned above there are three main methods in how you would implement an SSL certificate into WordPress each has its own benefits depending on how much technical knowledge you have about setting up websites already.
Option One – Using A Plugin
The plugin Really Simple SSL is a quick and easy solution to force WordPress to use your certificate once if it has already been installed on your site.
Option Two – Using Let’s Encrypt with WordPress
Using Let’s Encrypt is a free and easy way to get an SSL certificate for your WordPress website.
Before we go any further it is important to note that this method of installing the certificate will only work if you have cPanel or Plesk installed on your hosting provider because these companies use what is known as AutoSSL which means they do all the hard work for us when getting certificates issued.
If you’re not using either one, then check out Option Three below instead.
Assuming everything has been set up properly though (which there are tutorials online covering how to do), then here’s what needs doing:
– Head over to your cPanel dashboard by logging into your account through whichever domain name you want to enable SSL for.
– Find the Let’s Encrypt section, select the domain you wish to have an SSL active on, and click on ‘Enable’ or ‘Install’.
– When prompted to choose between enabling it either only for your primary domain or all subdomains, we recommend choosing yes so that you can use it across any WordPress site hosted on this server! This will be helpful in case you decide to start a new website later down the line with WordPress as well.
There is a plugin to help with this if the manual installation is just not worth the time, WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content.
Option Three – Using an external service provider such as Comodo if Plesk/cPanel is not available
An alternative method of implementing a certificate into WordPress would be using an external company instead of going through c or Plesk which means everything needs to be done manually.
This will require a little more work on your end, but if you’re used to WordPress already then it shouldn’t feel too difficult! Here’s what needs doing:
– Head over to the Comodo website and choose who is issuing the certificates (the individual or company) as well as which type of certificate you want applied for (in this case we’ll go with Domain Validation). Then select ‘Get Started Now’ at the bottom of that page.
– Follow all steps required until you get to step six where there are two options available; either using cPanel/Plesk or not having access. If you do have these control panels then option one below otherwise continue onto option two.
If you are installing it manually, you might need to add some extra code snippets to your core files to force it to use the SSL. You can read more about it on this page: https://wordpress.org/support/article/administration-over-ssl/.
If you don’t have access to the site’s core files then please ask someone who does (like one of your web hosting support agents).
How do I force WordPress to fix insecure content?
This can be done in a few different ways depending on your website and what you would like to do.
For instance, if you have a WordPress site that is already using SSL encryption but insecure content still remains then you can install the SSL Insecure Content Fixer plugin.
This plugin will force HTPPS and fix insecure content automatically!
Now that everything has been fixed it’s time to show off all of your hard work by promoting your site where your users can find it and you can focus on other tasks related to growing your business!
Work well on WPmu
Work well on WPmu ( only super Admin dash x setting, so no need to run after any site, many solution to stop, redirect and sort maliciuos, and not, visits
very easy and simple – works right out of the box.
Great Security Plugin
Very easy and comprehensive.
The best security plugin