How to install an SSL certificate on your WordPress website?

It doesn’t take a tech wizard to install an SSL certificate on a WordPress website. It was tedious at one point of time, but not any more.

For a variety of reasons, installing an SSL certificate has become a necessary part of setting up a new website.

Security is an obvious one. SSLs secure and encrypt all information exchanged between your website server and client. This ensures any sensitive information is out of reach for malicious parties. Even search engines now account for SSLs. Websites without a trusted SSL certificate are less likely to get ranked higher in Google search results.

Want to know how to install an SSL certificate on your WordPress website? Here’s a detailed guide that explains how the process works.

What is an SSL certificate?

Before we learn how to install an SSL certificate, it is important to understand how exactly it helps a website.

SSL is short for Secure Socket Layers. When a user visits a website, the browser sends a request to the site server. The server responds with all the data needed to load the website in a browser.

An SSL encrypts all information relayed between a browser and a server. This is crucial if users enter sensitive information on your website such as credit card info, passwords, and so on.

Here’s how an SSL certificate works:

1. When a user requests a website, the browser sends a request to the server. The server is required to identify itself at this point.
2. The server sends a copy of the website’s SSL certificate to the browser.
3. Once the browser ascertains that the SSL is trusted, it signals the same to the server.
4. The server then relays a digitally signed acknowledgment to the browser.
5. An SSL encrypted session then begins between the browser and server.

Even when a user is required to send an input to the server, the latter is first required to validate its identity with an SSL. This ensures all data is encrypted when information is relayed from browser to server and vice versa.

Let’s Encrypt: The most popular certificate authority

Let’s Encrypt is an open certificate authority that issues SSL certificates to website owners. Most hosting companies that offer SSLs generally issue Let’s Encrypt certificates.

Why? To start with, Let’s Encrypt certificates are issued at zero cost. The organization is run by the Internet Security Research Group (ISRG), a non-profit. It is also sponsored by major foundations like Firefox and companies like Cisco & Facebook.

A free certificate thus makes it easier for website owners to switch to secure HTTPS. A Let’s Encrypt certificate is valid for 90 days. Generally, your hosting company would renew the certificate automatically. If it’s not renewed, you can ask your website host for guidance.

Install SSL certificate manually

Without a managed hosting service, you would be required to install an SSL certificate via your website cPanel. When you purchase hosting for your website, you’re given a link and login credentials to access your cPanel.

What is a cPanel? It is basically a simplified interface you can use to manage your website server. Within the cPanel, you can install WordPress, add emails associated with your domain, manage your database, and more.

For the sake of convenience, let’s keep the discussion focused on SSL installation. To get started, login to your cPanel using the credentials your hosting provider has provided. Once you’re in, follow the steps below:

• Navigate to SSL/TLS in your cPanel dashboard.
• Here, you will find the AutoSSL Providers screen that lists out various SSL providers. We’ll work with Let’s Encrypt as it is a reliable certificate authority that issues SSLs for free.
• Select Let’s Encrypt from the list. You’ll next be asked to agree to their terms and conditions. Once you agree, an SSL certificate will be installed for your WordPress website.
• Once the installation is complete, you can check your website and see if the lock icon is appearing in the URL bar.

In case you don’t find Let’s Encrypt listed as a provider on the AutoSSL screen, contact your website host. You would have to ask them to install Let’s Encrypt’s plugin in your cPanel. They may do it for you or provide guidance for the same.

Generally, Let’s Encrypt certificates are renewed automatically when they reach their expiration date. In case it’s not renewed, you can again ask your hosting provider for guidance on SSL renewal.

On a side note, if you’re using a self-managed hosting service like Digital Ocean, you won’t have access to a dedicated cPanel. You would then be required to install an SSL certificate via Shell Access. It is best in such a case to get expert assistance.

Install SSL certificate with Siteground

Installing a certificate through a cPanel can be challenging if you’re new to website management. There are thankfully more managed hosting solutions that take the guesswork out of tasks like SSL installation.

SiteGround is one such hosting service. It is a managed WordPress hosting provider that delivers lightning fast speeds for your site. You can also secure your website with SiteGround.

What’s the advantage of using SiteGround compared to other hosts? Let’s first look at how easy it is to install an SSL certificate on SiteGround to see why it’s a great choice for WordPress hosting.

Here’s how it works:

• Login to your Site Area. This is SiteGround’s equivalent of a cPanel.
• Navigate to Security > SSL Manager.
• Select the domain in which you want to install the SSL certificate and choose the provider.
• Let’s Encrypt is available on SiteGround by default.
• Click on Get to start the installation.
• To ensure all your traffic is routed through secure HTTPS protocol, navigate to Security > HTTPS Enforce.
• Enable the toggle for your website. All your webpages will load via HTTPS.

The simplicity of SSL installation along with the ease of managing other hosting related tasks makes SiteGround ideal for a non-technical website manager.

Install SSL certificate with WP Engine

Like SiteGround, WP Engine is a renowned hosting partner for WordPress websites. It offers simple managed hosting services and always keeps your site fast & secure.

Let’s Encrypt is baked into WP Engine’s platform which means you can easily install a free SSL for your website. Before getting started, your website is setup on WP Engine and your DNS is pointing to the host correctly.

When you’re done, follow the steps below:

• Login to your WP Engine User Portal.
• Choose the WordPress website you’d like to install the SSL certificate for.
• Navigate to Production > SSL.
• Here you will see an option to get a Let’s Encrypt certificate.
• Click on Get Free Certificate.
• Complete your order. You’ll be required to agree to the terms and conditions as well.
• Also secure admin URLs like wp-admin and wp-login.
• Your SSL will be set up in a few minutes.

As you may have noticed, it is easier to complete SSL installation on WordPress if you have a managed hosting provider. It is worth paying more for a managed host in the long run because you get to focus more on running your website rather than getting stuck with site management issues.

In conclusion

No one really thinks about site security until a malicious attack hits their website. Your choice of host plays a big role in securing your site along with other factors like website maintenance, third-party applications, and so on.

One of the most basic places to start with website security is an SSL certificate. Having one secures the data transmitted and received by your server.

This guide shows how to install an SSL certificate on a WordPress website. The process may differ depending on the type of website hosting you have. When in doubt regarding SSL certificates, it is always advised that you contact your hosting provider for assistance.