Before we start setting up a free SSL in WordPress, it’s essential to know that what is SSL, what does it mean, and Why is it so important?
What is SSL?
SSL stands for “Secure Sockets Layer,” but in simple terms, SSL indicates a green padlock at the start of your domain in the browser’s address bar.
If SSL is enabled for your website or blog, then you should see a green padlock like this (like the below screenshot) at the start of your website address in the browser’s address bar.
Moreover, if SSL is enabled on your website or blog, your website address also starts with HTTPS instead of HTTP and your users establish secure connections between your server and the browser. Otherwise, your website is vulnerable to hackers on an insecure connection.
Why is SSL Important?
There are many reasons which indicate the importance of SSL for a website, and I’ll list a few of them below, and I believe they will be more than enough for you to consider SSL and set up a free SSL for your website today.
- Improve Security. SSL (or HTTPS) improves the security of your website. The hackers cannot manipulate the data since the communications between the end-user and the server are protected.
- Boosts Conversions. SSL increases your website trust and boosts conversions. When a user looks at the green padlock, it boosts trust and credibility. Fitness Footwear, the largest footwear retailer in the UK, saw a whopping 13% conversion boost when they enabled the SSL. Do you think non-SSL websites can do wonders? Nope.
- Better SEO Ranking. SSL-enabled websites enjoy better rankings as Google announced in 2014 that HTTPS, aka SSL, would be a ranking factor.
Do I need SSL?
Yes, of course. Due to the reasons I mentioned above, I think every website should have SSL activated, be it a social media website, a forum, an e-commerce store, a membership site, or a simple blog.
Having an SSL certificate will create a positive impression of your brand among your users and audience.
Moreover, your users will feel safe and secure when they land on your website, and if you require users to log in or accept payments on your website, they won’t hesitate to input their important information if SSL is enabled on your website.
But if your website is not using the SSL, then the popular web browsers like Google Chrome and Opera will show “Not Secure” at the start of your website address in the address bar, and you might lose a customer.
How to Get a Free SSL Certificate? Step by Step Guide
Due to the high demand for SSL, almost all popular web hosts started providing SSL certificates for free as part of their services.
Below is the list of some of the popular web hosts that provides SSL for free.
- Liquid Web
If you haven’t bought a web hosting yet, you can check the web host features you want to purchase and make sure that they provide an SSL certificate for free.
But if you have already bought a web host, then you can log in to the cPanel of your web host and search for SSL or Let’s Encrypt to know if your web host provides SSL for free.
How to Setup SSL in WordPress?
There are three ways to set up SSL in WordPress for free.
1 Ask your host.
2 cPanel Let’s Encrypt Method.
3 Cloudflare 15 Years SSL Method.
1 Ask your host
Why bother to setup SSL by yourself when your web host can do it for you with pleasure?
I always believe in making the best use of the products and services I buy.
Nowadays, many popular web hosts offer great support, So if I need to do something with my website at my hosting level, I always get in touch with my web host via live support and ask them to do it for me, and they do it with pleasure.
You can also get in touch with your web host via Call or Live Chat (if they support it) and ask them to setup SSL for you on your website, and they will do it for you.
2 cPanel Free SSL
Log in to your web hosting account’s cPanel, navigate to the “Security” section, find Let’s Encrypt free SSL, and activate it. Ask your host via call or live chat if you face any trouble while activating Let’s Encrypt SSL.
THE free SSL options could also vary depending on your hosting provider. So if you face any trouble finding Let’s Encrypt or free SSL in your cPanel dashboard, then ask your hosting provider about it.
I’m currently using Namecheap hosting, and in my cPanel dashboard, there is an option called “Namecheap SSL.”
I can activate Namecheap free SSL when I click on Namecheap SSL, but I have already activated it.
And you can also see there is already an HTTPS redirect option available, and it’s turned ON, but if you don’t see an HTTPS redirect option in your cPanel, you can do that using a plugin called “Really Simple SSL.”
If you’re using Namecheap EasyWP, an SSL certificate is incredibly easy to enable. Just sign in to EasyWP, and click Manage.
All you need to activate the status of your SSL certificate.
Of course, you can use a custom SSL certificate from any company or even 15 years of free SSL from Cloudflare as shownhave to renew is in section 3.
3 Cloudflare 15 Years Free SSL
Let’s Encrypt SSL gets expired after 90 days, but Cloudflare SSL may not end until you become a father dancing with your two kids 😀
What is Cloudflare? It is a Content Delivery Network (CDN) that makes your website faster and enhances security. In 2021, Cloudflare has become a new source certificate authority that offers you a self-signed certificate meaning it’s a security certificate that is not signed by a certificate authority (CA).
The best part? You don’t need to enable the certificate installation feature on your server as it is the case with Let’s Encrypt where you have to renew it after 90 days.
Don’t have a Cloudflare account? Don’t worry; I’ll guide you.
First of all, sign up on Cloudflare.
Now enter the website name you want to add to Cloudflare.
Choose the free plan and hit Continue.
In your Review your DNS records step, again click Continue.
Here comes the most challenging part of the process, setting the nameservers suggested by Cloudflare.
Don’t worry, your website will not face a down time when you change nameservers.
Depending on your domain registrar, the process of changing name servers might be different for different registrar companies, but the fundamentals remain the name.
I’ll use Namecheap for changing the nameservers. Sign in to Namecheap and click Manage.
Now replace the nameservers of Cloudflare with your existing nameservers.
Don’t worry, your website will not face a downtime.
Don’t forget to hit Save Changes. Wait at least 30 minutes as DNS propagation takes time.
Once Cloudflare is activated on your domain, it’s time to create a free SSL certificate. Go to SSL/TLS > Origin Server > Create Certificate.
You’ll get a pop-up window; select the settings shown in the screenshot.
Private Key Type: RSE
Certificate Validity: 15 Years
And hit Next.
You’ll get two keys:
- Origin Certificate
- Private Key
Now go back to your cPanel and find SSL/TLS.
Click the link “Manage SSL sites” falling under “INSTALL AND MANAGE SSL FOR YOUR SITE (HTTPS)”
Select the domain from the dropdown menu where you’ll install the SSL and paste the Cloudflare values.
Leave the “Certificate Authority Bundle: (CABUNDLE)” empty and click Install Certificate.
Congratulations! You’ve done all the steps necessary to enable the SSL and HTTPS for your website.
But don’t forget to choose “Full (Strict)” to enable HTTPS on your domain on Cloudflare.
Moreover, use the feature “Always Use HTTPS” to make all the HTTP requests to HTTPs requests properly.
Setup redirect from HTTP to HTTPS
If your hosting provider doesn’t provide this feature, then you can use a plugin called “Really Simple SSL” to enable redirection from HTTP to HTTPS, so all your URLs start with HTTPS.
Install and activate Really Simple SSL plugin, and it will check if your site has an active SSL certificate. It will also provide you recommendations based on your content before you activate SSL using it.
Take a backup, and then click on the button “Go ahead, activate SSL” to activate SSL for your site, and BOOM, you’ve successfully activated SSL for your WordPress website or blog.
Once the SSL is activated, make sure that all your URLs start with HTTPS instead of HTTP, and even if one of your URLs begins with HTTP, then web browsers will treat it as non-secure or partially-secure.
The good thing is if you use the Really Simple SSL plugin, then it takes care of that.
I hope this article helped you, but if you face any trouble, you can ask me in the comments section below or contact me directly and I’d be more than happy to guide you through the process. 🙂
If you liked this article, please share it with your friends and subscribe to the How-To WP Newsletter below to get the latest WordPress tips, tricks and how-to tutorials directly into your inbox.
Sharing is Caring
Please share this article to spread the word. 🙂
Frequently Asked Questions (FAQs)
How do I add free SSL to WordPress?
The best places to get free SSL are Cloudflare and Let’s Encrypt. Cloudflare SSL is for 15 years, while Let’s Encrypt SSL is only suitable for 90 days.
How can I get free SSL hosting?
The most common way is to find a hosting that provides free SSL certificates like Siteground, Kinsta, and WP Engine.
How much does an SSL certificate cost?
An SSL certificate from Let’s Encrypt costs $0. It costs anywhere between $60 to $3000 per year for an SSL certificate from any other Certificate Authority.
Does GoDaddy offer free SSL?
Yes, GoDaddy doesn’t offer free SSL certificates, but you can install them using Cloudflare and Let’s Encrypt. And the other way is to use their managed WordPress service to get the SSL certificate.