◦ Comprehensive security
◦ 24/7 support
WordPress Guide → Security → SSL Certificate
How to install an SSL certificate in WordPress
When you’re building a site, regardless of its purpose, you focus on the things that matter like making it look great and work properly. Sometimes some of the most important facets slip under the radar.
When you load your site for the first time and a security warning pops up, you know you’ve forgotten a basic and crucial element: your SSL certificate.
Keep reading to learn how to install an SSL certificate on WordPress.
Get fast, reliable hosting for WordPress
Power your site with the industry’s fastest, most optimized WordPress hosting
What is an SSL certificate?
An SSL (Secure Sockets Layer) certificate is a digital certificate that encrypts the connection between a browser and the server a site is hosted on. To put it simply, HTTP (hypertext transfer protocol) is a set of rules used to transfer components of a website through the Internet.
The SSL certificate is actually the “s” in “https.” Without it, any information exchanged between your browser and the server would be visible to any and all points of contact between the two.
Additionally, it ensures that the information you’re receiving is actually coming from the website you’re visiting and the server it’s hosted on. Sites without SSL certificates installed could be malicious, and view sensitive data without your permission.
Can you buy an SSL certificate?
You can purchase SSL certificates from various Certificate Authorities (CAs) or their resellers. They also exist in various versions (from single-domain SSL certificates to multi-domain certificates) and with various pricing options.
To be able to buy an SSL certificate, you’ll need to create a CSR and private key. CSR (Certificate Signing Request) is an encrypted version of basic information about your website and its owner, including company name, country, state, etc.
Private key is the second part of the “key pair” that gets created alongside the CSR. It’s the most important component of the SSL certificate, as it authenticates your website to internet users. It helps encrypt the data transmitted to and from the site, as well as prevents others from impersonating your site.
Is it important to install an SSL certificate in WordPress?
The long and short of it is that 85% of people won’t buy from an unsecure website. But there are plenty of reasons why it is important to install an SSL certificate on your WordPress website too. Here are a few.
- Visitors on your website know they’re getting authentic content you’ve shared.
- Visitors and members on your website will know the data they’re sharing with you won’t be intercepted.
- Visitors on your website won’t be scared away by secure connection warnings.
Overall, having an SSL certificate on your WordPress website makes visitors feel secure and confident in their experience.
How to install an SSL certificate on WordPress
If you haven’t installed a certificate yet, you should put your website into maintenance mode to prevent any potential visitors from being unnecessarily potentially scared off.
Once you’ve bought an SSL certificate, do NOT install it in WordPress. This might seem confusing because there are plugins that install SSL on your site — but bear in mind that WordPress is a content management system. Your SSL certificate doesn’t (and shouldn’t) cover just content. What you’re concerned about is securing your connection to the web server.
Once you have an SSL certificate, you need to retrieve the private key that was created with it. Installing your SSL certificate is fairly easy. It’s a couple of steps that include navigating around your admin or portal and clicking a few buttons.
Additional concerns for SSL certificates
Once you’ve installed your SSL certificate and your site is loading over the HTTPS protocol, there are some additional considerations.
Forcing a secure connection
Once you’ve learned how to install SSL on WordPress sites, you’ll want to make sure all the connections made to your site are secure. You can do so by adding one of the following snippets to the top of the .htaccess file for your website:
Mixed content errors
Sometimes when sites are created before the installation of the SSL certificate, links in the WordPress database will still contain the “http://” prefix.
Even though you forced secure connections, some images or external links will still get loaded over the non-secure protocol, causing broken padlocks or other warnings.
The easiest way to update those links would be to use a plugin (like Better Search Replace). If you’re familiar with WP cli, or the terminal in general, you might be more comfortable using wp search-replace command.
- Trust — Visitors are more likely to get a sense of trust when seeing the padlock next to your site’s domain name in their browser’s address bar.
- Data validation — When a browser connects to the server through the HTTPS protocol, there’s a handshake process which validates that the data that was received is the same as the data that was sent.
- Data protection — Any sort of data exchanged through the secure connection will be encrypted and as such, it will be undecipherable to any third parties between the browser and the host server.
- SEO — Google rankings take HTTPS connections into account. As such, sites with SSL certificates installed on them that are forcing HTTPS connections will have higher rankings.
Pros of implementing an SSL certificate
There are many pros and cons of implementing SSL/HTTPS on your website. However, the benefits largely outweigh the disadvantages. Here are some of the top benefits:
How to renew your SSL certificate
If some time has passed since you learned how to install the SSL certificate, the deadline for SSL certificate renewal might be close. If you purchased an SSL certificate, your CA may have reminded you already.
If you’re sticking with the same type of SSL certificate, it’s quite possible they’ll be renewing it on their end using the same CSR. They will just provide you with an invoice and a new certificate which you’ll need to install again.
Otherwise, they’ll provide further instructions. If you’ve decided to go with the free version, such as Let’s Encrypt or AutoSSL, the renewal time will come much sooner, as these certificates are valid for only 90 days. However, renewals are usually handled automatically on the server side as long as your domain is pointed directly to the server it’s hosted on.
Getting started with installing an SSL certificate in WordPress
There are many different Wordpress hosting providers out there, as well as many certificate authorities and resellers you could get the SSL certificates from.
Liquid Web has been leading the industry in WordPress hosting for decades. And if you select managed WordPress hosting, our team of experts will manage server IT for you — so you can focus on growing your brand.
Click below to explore options or start a chat with one of our WordPress hosting experts now to get answers to your questions and further guidance.
Additional resources
Comprehensive guide to securing WordPress with ModSecurity
→
This guide provides a comprehensive overview of how to use ModSecurity to enhance the security of your WordPress site.
SSL Certificate Types: What You Need to Know →
SSL certificates come in three main types: Domain Validated (DV), Organization Validated (OV), and Extended Validation (EV).
Why security matters for WordPress enterprise hosting
→
Use the blog as your guide to attacks to watch out for, security best practices, and steps to improve the WordPress protection you already have.
Amy Myers is a leader of one of the Linux support teams with Liquid Web and Nexcess, with expertise in customer service and Linux support. She considers expanding upon and sharing knowledge as one of life’s top priorities. She is an avid technology and art fan.