How to Add a Free SSL Certificate to WordPress Website
Your website security is not being an option anymore and if you want to get more traffic and to be trusted by Google, you need to have your entire website uses HTTPS protocol to encrypt the connection between your website and its visitors. And to do that, you need to have an SSL certificate installed on your domain and server.
In this article, we are going to show you how to add a free SSL certificate to a WordPress website
What is SSL/HTTPS?
SSL is short for Secure Sockets Layer. It’s an encryption method that secures the information transferred between your browser and the site you’re visiting. This makes it harder for hackers to eavesdrop on the connection.
We all transfer information when we browse websites like login credentials, credit card details, and more personal information. So, we need to be sure that our information is safe and secure. From here the idea of SSL appears to transfer HTTP websites to (Secure HTTP) HTTPS.
How Do SSL Certificates Work?
When you visit an SSL-certified website your browser first confirms if the website’s SSL certificate is valid. Then, if it all checks out, it uses that website’s public key to encrypt your information.
The information is then sent to the website you’re visiting here it’s decrypted, or unscrambled, using the public key and a secret private key.
Encryption: is the process of turning the information into code so it’s scrambled and anyone without authorized access can’t read it.
Who May Need an SSL Certificate?
Any individual or organization that uses their website to require, receive, process, collect, store, or display confidential or sensitive information like ( logins and passwords, credit card numbers, bank accounts, personal data, client lists, legal documents, and contracts )
Why Use SSL?
- Recently, if you’re not using SSL on your website Google Chrome will show visitors that your site isn’t secure which can negatively affect your business and the level of trust users have in your website.
- High performance for the site, modern SSL can actually improve page load times.
- Search engines favor HTTPS websites and rank them slightly higher.
- Most online payment services like Stripe, PayPal, Authorize.net, etc require that your website uses SSL/HTTPS before you’re even allowed to receive payments.
How Much Does an SSL Certificate Cost?
In general, Their pricing could be anywhere from $50 to $200 a year. And the good thing is that the best WordPress hosting companies are now offering free SSL as part of their packages. This saves you the hassle of installing your SSL certificate on your own.
These hosting companies are:
- BlueHost
- SiteGround
- HostGator
- WP Engine
- InMotion Hosting
- Liquid Web
- Dreamhost
If your hosting company does not offer a free SSL certificate, then you’ll need to purchase an SSL certificate and install it on your server.
Here we are going to show you how to get an SSL certificate for FREE from Cloudflare:
How could you get a FREE SSL certificate by using Cloudflare?
We always recommend using Cloudflare to get an SSL Certificate. Cloudflare is one of the world’s largest Content Delivery Network “CDN” providers. They are the first Internet performance and security company to offer SSL protection free of charge.
See the steps to get a free SSL certificate from Cloudflare
1- Sign up for a free account on Cloudflare.
Go to cloudflare.com and sign up for a new account or log in to your account if you already have one.
2. Add your domain name to Cloudflare
If this is the first time you use Cloudflare, you will see the following screen and asking you to add a new site. Click Add Site to start adding your domain name.
On the next screen, add your domain name and click the “Add Site” button to start the process of adding your website to Cloudflare and import all DNS records attached to your domain.
A screen appears to you as in the following image showing you the information that the site collects about your domain, you can make sure that it is correct. This screen was found to allow you to add some additional information that is not available through the DNS When everything is checked, press Continue at the bottom of the page.
Here choose the basic plan ( Free Website ) as you can see in the image, and note that one of its advantages is the free SSL certificate.
3. Change your domain name servers (DNS)
As you can see here, the process was completed successfully, and you now have to change the information of the Name Servers on your domain from the hosting site on which your site is to the Name Servers of the CloudFlare site, and this step ensures that the visitor passes to the site through Cloudflare to take advantage of the services it provides You for free (such as protection from cyberattacks, the free SSL certificate that we explain here, etc.) when done, click on Continue.
Now, your website is added to Cloudflare as a CDN and this will make your website faster as well.
Up to this point, we have passed visitors to our Cloudflare site, but we still need to enable the SSL certificate.
4. Enable Cloudflare SSL certificate
From your website’s main screen, click on the “SSL/TLS” link at the top of your screen to switch to SSL settings for your current selected website.
From the SSL/TLS encryption mode section, select Full to use a self-signed certificate on your server.
Now, you have the SSL certificate activated and ready to be used on your website via HTTPS requests. The next step is to force all traffic coming to your website to be redirected to HTTPS instead of HTTP.
5. Force all traffic to go through HTTPS
As you are using Cloudflare now as your CDN, you can manage redirects, cache, and more from there. What is required now is to redirect all traffic that targets HTTP to HTTPS protocol To do that, you need to add a new rule in Cloudflare.
From the top menu, click on “Page Rules” to switch to Cloudflare page rules screen
On the page rules screen, click “Create Page Rule” to add a new redirect rule
Now, create a rule that matches any URL of your domain name by adding * before your domain name to allow the redirect to be applied to subdomains also and add another * after your domain name to apply to all pages and directories under your domain.
This should be the URL to match http://*yourdomain.com/* and from the settings droplist, select “Always Use HTTPS” and click “Save”
You’re done with Cloudflare now and it is time to force your WordPress website to use HTTPS.
6. Force WordPress to redirect to HTTPS
The easiest way to do this is to install the Really Simple SSL WordPress plugin to your website. It’s one of the best WordPress plugins for the job and like the title, it’s super easy to use.
After you’ve activated the plugin it will check to see if your SSL certificate is enabled. Then it will turn on the HTTP to HTTPS redirect which changes your site settings to use SSL/HTTPS.
The plugin will take care of everything including the mixed content errors.
SSL is the backbone of our secure Internet and it protects your sensitive information as it travels across the world’s computer networks. So, it is critical that you properly use SSL on all websites.