How to Setup a Free SSL In WordPress (Visual Guide)

WordPress Tutorials
pThis post may contain affiliate links, read our disclosure for more info.

Written by Shakeel Anjum
Last updated on May 1, 2021

Before we start setting up a free SSL in WordPress, it’s essential to know that what is SSL, what does it mean, and Why is it so important?

What is SSL?

SSL stands for “Secure Sockets Layer,” but in simple terms, SSL indicates a green padlock at the start of your domain in the browser’s address bar.

If SSL is enabled for your website or blog, then you should see a green padlock like this (like the below screenshot) at the start of your website address in the browser’s address bar.

Moreover, if SSL is enabled on your website or blog, your website address also starts with HTTPS instead of HTTP and your users establish secure connections between your server and the browser. Otherwise, your website is vulnerable to hackers on an insecure connection.

Technology That Encrypts Communications Between The End User And The Server.
Green Padlock Indicating SSL is Enabled

Why is SSL Important?

There are many reasons which indicate the importance of SSL for a website, and I’ll list a few of them below, and I believe they will be more than enough for you to consider SSL and set up a free SSL for your website today.

  • Improve Security. SSL (or HTTPS) improves the security of your website. The hackers cannot manipulate the data since the communications between the end-user and the server are protected.
Download 2
  • Boosts Conversions. SSL increases your website trust and boosts conversions. When a user looks at the green padlock, it boosts trust and credibility. Fitness Footwear, the largest footwear retailer in the UK, saw a whopping 13% conversion boost when they enabled the SSL. Do you think non-SSL websites can do wonders? Nope.
SSL Boosts Conversions
Https Ranking Factor
Google Announced HTTPS / SSL a Ranking Factor in 2014

Do I need SSL?

Yes, of course. Due to the reasons I mentioned above, I think every website should have SSL activated, be it a social media website, a forum, an e-commerce store, a membership site, or a simple blog.

Having an SSL certificate will create a positive impression of your brand among your users and audience.

Moreover, your users will feel safe and secure when they land on your website, and if you require users to log in or accept payments on your website, they won’t hesitate to input their important information if SSL is enabled on your website.

But if your website is not using the SSL, then the popular web browsers like Google Chrome and Opera will show “Not Secure” at the start of your website address in the address bar, and you might lose a customer.

Ssl Certificate Not Active
This “Not Secure” sign will hurt your brand image, and it will also reduce the user’s trust in your website.

How to Get a Free SSL Certificate? Step by Step Guide

Due to the high demand for SSL, almost all popular web hosts started providing SSL certificates for free as part of their services.

Below is the list of some of the popular web hosts that provides SSL for free.

  • SiteGround
  • HostGator
  • BlueHost
  • DreamHost
  • Liquid Web
  • GreenGeeks
  • WPEngine

If you haven’t bought a web hosting yet, you can check the web host features you want to purchase and make sure that they provide an SSL certificate for free.

But if you have already bought a web host, then you can log in to the cPanel of your web host and search for SSL or Let’s Encrypt to know if your web host provides SSL for free.

How to Setup SSL in WordPress?

There are three ways to set up SSL in WordPress for free.

1 Ask your host.

2 cPanel Let’s Encrypt Method.

3 Cloudflare 15 Years SSL Method.

1 Ask your host

Why bother to setup SSL by yourself when your web host can do it for you with pleasure?

I always believe in making the best use of the products and services I buy.

Nowadays, many popular web hosts offer great support, So if I need to do something with my website at my hosting level, I always get in touch with my web host via live support and ask them to do it for me, and they do it with pleasure.

You can also get in touch with your web host via Call or Live Chat (if they support it) and ask them to setup SSL for you on your website, and they will do it for you.

2 cPanel Free SSL

Log in to your web hosting account’s cPanel, navigate to the “Security” section, find Let’s Encrypt free SSL, and activate it. Ask your host via call or live chat if you face any trouble while activating Let’s Encrypt SSL.

Let'S Encrypt Ssl
Let’s Encrypt SSL.

THE free SSL options could also vary depending on your hosting provider. So if you face any trouble finding Let’s Encrypt or free SSL in your cPanel dashboard, then ask your hosting provider about it.

I’m currently using Namecheap hosting, and in my cPanel dashboard, there is an option called “Namecheap SSL.”

Namecheap Ssl
Namecheap SSL.

I can activate Namecheap free SSL when I click on Namecheap SSL, but I have already activated it.

Namecheap Ssl Active
Namecheap SSL active.

And you can also see there is already an HTTPS redirect option available, and it’s turned ON, but if you don’t see an HTTPS redirect option in your cPanel, you can do that using a plugin called “Really Simple SSL.”

If you’re using Namecheap EasyWP, an SSL certificate is incredibly easy to enable. Just sign in to EasyWP, and click Manage.

Manage Ssl In Namecheap 1
Namecheap EasyWP Manage Option to Enable Free Positive SSL

All you need to activate the status of your SSL certificate.

Ssl Certificate
Active SSL Status

Of course, you can use a custom SSL certificate from any company or even 15 years of free SSL from Cloudflare as shownhave to renew is in section 3.

Custom Ssl
Custom SSL Certificate in Namecheap EasyWP

3 Cloudflare 15 Years Free SSL

Let’s Encrypt SSL gets expired after 90 days, but Cloudflare SSL may not end until you become a father dancing with your two kids 😀

Father Dancing With Two Kids Funny
Funny GIF

What is Cloudflare? It is a Content Delivery Network (CDN) that makes your website faster and enhances security. In 2021, Cloudflare has become a new source certificate authority that offers you a self-signed certificate meaning it’s a security certificate that is not signed by a certificate authority (CA).

The best part? You don’t need to enable the certificate installation feature on your server as it is the case with Let’s Encrypt where you have to renew it after 90 days.

Don’t have a Cloudflare account? Don’t worry; I’ll guide you.

First of all, sign up on Cloudflare.

Sign Up Step 1 Cloudflare
Cloudflare Sign up Page

Now enter the website name you want to add to Cloudflare.

Enter The Site You Want To Add
Adding a Site to Cloudflare

Choose the free plan and hit Continue.

Free Cloudflare Plan
Free Plan of Cloudflare

In your Review your DNS records step, again click Continue.

Dns Record Step Hit Continue
DNS Records Overview by Cloudflare

Here comes the most challenging part of the process, setting the nameservers suggested by Cloudflare.

Cloudflare Nameservers 1
Cloudflare Steps to Change Nameservers

Don’t worry, your website will not face a down time when you change nameservers.

Depending on your domain registrar, the process of changing name servers might be different for different registrar companies, but the fundamentals remain the name.

I’ll use Namecheap for changing the nameservers. Sign in to Namecheap and click Manage.

Namecheap Domains
Namecheap Domain Management

Now replace the nameservers of Cloudflare with your existing nameservers.

Don’t worry, your website will not face a downtime.
Change Name Servers 1
Replacing the Cloudflare Namesevers to Namecheap

Don’t forget to hit Save Changes. Wait at least 30 minutes as DNS propagation takes time.

Dns Propagation
Visual Presentation of DNS Propagation

Once Cloudflare is activated on your domain, it’s time to create a free SSL certificate. Go to SSL/TLS > Origin Server > Create Certificate.

Create A Certificate In Cloudflare
Cloudflare Origin Server Section

You’ll get a pop-up window; select the settings shown in the screenshot.

Private Key Type: RSE

Certificate Validity: 15 Years

And hit Next.

15 Free Years Ssl Cloudflare
Cloudflare 15 Years of SSL Generation

You’ll get two keys:

  • Origin Certificate
  • Private Key
Origin Certificate And Private Key
Origin Certificate and Private Key Provided by Cloudflare

Now go back to your cPanel and find SSL/TLS.

Ssl Tls In Cpanel
SSL \ TLS Feature of cPanel

Click the link “Manage SSL sites” falling under “INSTALL AND MANAGE SSL FOR YOUR SITE (HTTPS)”

Manage Ssl
Manage SSL Sites in cPanel to Install SSL

Select the domain from the dropdown menu where you’ll install the SSL and paste the Cloudflare values.

Crt And Key 1
Installing the SSL Keys

Leave the “Certificate Authority Bundle: (CABUNDLE)” empty and click Install Certificate.

Install Certificate Finally
Install Certificate Button

Congratulations! You’ve done all the steps necessary to enable the SSL and HTTPS for your website.

But don’t forget to choose “Full (Strict)” to enable HTTPS on your domain on Cloudflare.

Ssl Tls Full
Selecting the option “Full (Strict) – Encrypts end-to-end, but requires a trusted CA or Cloudflare Origin CA certificate on the server”

Moreover, use the feature “Always Use HTTPS” to make all the HTTP requests to HTTPs requests properly.

Always Use Https
Always Use HTTPS Cloudflare Feature to Make HTTP to HTTPS Requests

Setup redirect from HTTP to HTTPS

If your hosting provider doesn’t provide this feature, then you can use a plugin called “Really Simple SSL” to enable redirection from HTTP to HTTPS, so all your URLs start with HTTPS.

Install and activate Really Simple SSL plugin, and it will check if your site has an active SSL certificate. It will also provide you recommendations based on your content before you activate SSL using it.

Take a backup, and then click on the button “Go ahead, activate SSL” to activate SSL for your site, and BOOM, you’ve successfully activated SSL for your WordPress website or blog.

Active Ssl Using Really Simple Ssl Wordpress Plugin
Activating SSL using Really Simple SSL WordPress Plugin.

Once the SSL is activated, make sure that all your URLs start with HTTPS instead of HTTP, and even if one of your URLs begins with HTTP, then web browsers will treat it as non-secure or partially-secure.

The good thing is if you use the Really Simple SSL plugin, then it takes care of that.

I hope this article helped you, but if you face any trouble, you can ask me in the comments section below or contact me directly and I’d be more than happy to guide you through the process. 🙂

If you liked this article, please share it with your friends and subscribe to the How-To WP Newsletter below to get the latest WordPress tips, tricks and how-to tutorials directly into your inbox.

Sharing is Caring

Please share this article to spread the word. 🙂

Frequently Asked Questions (FAQs)

How do I add free SSL to WordPress?

The best places to get free SSL are Cloudflare and Let’s Encrypt. Cloudflare SSL is for 15 years, while Let’s Encrypt SSL is only suitable for 90 days.

How can I get free SSL hosting?

The most common way is to find a hosting that provides free SSL certificates like Siteground, Kinsta, and WP Engine.

How much does an SSL certificate cost?

An SSL certificate from Let’s Encrypt costs $0. It costs anywhere between $60 to $3000 per year for an SSL certificate from any other Certificate Authority.

Does GoDaddy offer free SSL?

Yes, GoDaddy doesn’t offer free SSL certificates, but you can install them using Cloudflare and Let’s Encrypt. And the other way is to use their managed WordPress service to get the SSL certificate.




Master the Art of WordPress

Get exclusive access to how-to WordPress tips, tricks, and tutorials.

Thanks. You have successfully subscribed.

Shakeel Anjum

Master the Art of WordPress

Get free access to exclusive how-to WordPress tips, tricks, and tutorials that I may not publish here because of lack of time but will definitely send them to my awesome subscribers.

Thanks. You have successfully subscribed.