Installing an SSL certificate in WordPress involves several steps. You should have already purchased or obtained a free SSL certificate from a Certificate Authority (CA) such as Let’s Encrypt, Comodo, DigiCert, etc. Once you have the certificate, you can follow these steps:
1. Install the SSL Certificate on Your Hosting Account:
Firstly, you need to install the SSL certificate on your web server. This step varies depending on your hosting provider, but the process is usually as follows:
- Log into your hosting account.
- Find the SSL/TLS admin area. It’s often in the security section.
- Enter the domain name that you want to secure with the SSL certificate.
- Upload the certificate and private key files that you received from your Certificate Authority.
- The certificate should be installed by your hosting provider.
If you’re unsure about any of these steps, you can usually find specific instructions on your hosting provider’s support site or contact them for help.
2. Update Your WordPress URLs:
After installing the SSL certificate, you need to configure your WordPress website to use HTTPS instead of HTTP.
- Log into your WordPress dashboard.
- Go to Settings > General.
- Update your WordPress and site URL to use HTTPS.
Example:
Change http://yourdomain.com
to https://yourdomain.com
- Save the changes.
3. Force SSL / HTTPS in WordPress:
To ensure that every connection to your site uses SSL / HTTPS, you need to set up a redirect in your .htaccess
file.
- Access your website’s root directory using a FTP client or through your hosting cPanel.
- Edit the
.htaccess
file. If it’s not visible, ensure that you’re set to view hidden files. - Add the following code at the top of the
.htaccess
file:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
- Save and close the file.
4. Configure WordPress to Load Assets (images, scripts, etc.) Over HTTPS:
Even if you have set up a redirect, some elements on your site may still load over HTTP, which can cause mixed content errors. To fix this, you can use a plugin like Really Simple SSL:
- From your WordPress dashboard, go to Plugins > Add New.
- Search for “Really Simple SSL” and install it.
- Activate the plugin and follow the on-screen instructions.
5. Test Your SSL Certificate:
To confirm that your SSL certificate is working correctly:
- Open a new browser tab.
- Enter your website’s URL, starting with
https://
. - Look for the padlock symbol next to the URL. This indicates that the site is secure.
You can also use online tools such as Qualys SSL Labs’ SSL Server Test to test your SSL certificate and configuration.
Remember to update any other configurations that include your old HTTP URL, such as Google Analytics, Google Search Console, CDN settings, etc.
NOTE: Always back up your site before making any changes to the .htaccess
file or changing the URL settings in WordPress, as incorrect changes could make your site inaccessible. If you are not comfortable making these changes yourself, consider hiring a professional or contacting your hosting provider for assistance.