Are you trying to add SSL to WordPress but don’t know where to start? Then this is the guide for you.
Installing an SSL certificate can be a little complicated, but it’s an important step if you are serious about your website and business. Over 70% of WordPress websites worldwide are now using SSL and HTTPS.
With the minimum security requirements always increasing, it’s a good time to make sure you are taking your website security seriously.
Why do I need an SSL certificate?
There are many reasons to activate SSL on WordPress. Fundamentally you need to install an SSL certificate to use HTTPS. Google has stated that having https:// in your URLs can give them higher rankings in search results. And in some cases using HTTPS can make your website load significantly faster.
If you’re on the fence about whether you need SSL or not make sure you read our guide about the full list of benefits of getting an SSL certificate on WordPress. If you’re taking payments online or must stick to the new GDPR laws, then you need to have an SSL certificate to meet the minimum standards.
If you already know why you need an SSL certificate for WordPress then read on for our step-by-step guide for how to install one. But before you jump in I hope it’s OK if I let you know about our managed SSL installation. We will do all of the hard work below for you so you don’t have to stress about it.
If you find the instructions in this guide too difficult or just too time consuming then please know we can help. We can do all this for you and more with our managed SSL service. We believe this is a great value service and will allow you to focus on the important aspects of your website and business while we handle the security.
To get started with our services we offer a simple free security review to see how we can help you. Just send us your web address using this form and one of our security team will get back to you.
OK let’s get started.
1. Choose Your WordPress SSL Certificate
Choosing the right SSL certificate for your WordPress website can be complicated. There are a wide range of free and paid SSL certificates available.
Depending on your business requirements there are 3 types of certificates:
Domain Validation (DV): This is the cheapest and simplest. Security authorities validate that you own your domain name and issue a SSL certificate to show this.
Organisation Validation (OV): This is the middle ground. The authority will check that you own your domain name and your business so your visitors can be sure that they are on the right website.
Extended Validation (EV): This is currently the best coverage available. This allows you to show your company name in the browser bar and is the ultimate trust boost for your website visitors.
For the most part you can get started with Domain Validation and work up as your website grows. That is unless you are taking payments online where it might be beneficial to go for one of the more advanced options.
Once you have decided on the level of coverage, you just need to buy a certificate. We can help you find the right certificate based on your budget with our free security review. Use our contact form to find out more.
Or if you just want to pick your own SSL, check out our comparisons of free SSL certificates and paid SSL certificates for WordPress.
After you have selected and purchased an SSL certificate it’s time to install it onto your web host or server.
2. Generate A New Certificate Signing Request (CSR)
The first part of the process is to create a file that contains all the information about your organisation and the domain you are securing. This file needs to be generated on the server where your SSL certificate will be installed.
The CSR basically tells the certificate authority who and what they will be covering so they can decide whether to issue a certificate or not. This is an instant process for DV certificates and may take a day or longer for higher authentication certificates.
Creating a CSR depends on your server setup. You should be able to get personalised instructions on creating a CSR from your web host, or specific details for your server software. If you have access to cPanel then check out this simple guide to generate a CSR.
3. Generate Your SSL Certificate
Once you have a CSR you can return to the issuer of your certificate. This might be Let’s Encrypt for a free certificate or maybe GoDaddy if you are purchasing one of their SSL certificates.
There should be a simple option for you to provide your CSR to your certificate provider and they can then issue your certificate. Once you have generated your certificate you will get 3 files; a CRT file, a KEY file and probably a CABUNDLE file too. Save these files or just keep them open as you will copying/pasting or uploading them in the next steps.
4. Upload Your Certificate (CRT) To Your Server
Your certificate has now been configured for your server and validated by the certificate authority. It’s time to install the certificate file onto your server. Take the CRT file and upload it using the SSL tools available in your server. Search for CRT instructions from your hosting provider or if you have cPanel you can use these visual instructions.
5. Add Your Private Key (KEY) To Your Server
Some tools may automatically add your Private Key from your Certificate file. Otherwise you again need to upload or copy this file over to your server. If you are using the cPanel instructions this may be automatic, but check with your hosting provider for instructions on KEY files.
6. Add Your Certificate Authority Bundle (CABUNDLE) To Your Server
Depending on your Certificate Authority (CA) the CABUNDLE may load automatically in tools like cPanel. Follow the instructions to add the CABUNDLE with your hosting provider or you can continue to use the cPanel guide linked above.
7. Finalise SSL Installation
Once all 3 files have been uploaded to your server it’s time to complete the installation. Once you click the final button and complete the process the SSL certificate will be installed on your server and you are ready to use HTTPS.
8. Check HTTPS
Now to make sure that the SSL certificate has been installed properly. Navigate to a HTTPS version of your website using a web browser, for example https://www.yourwebsite.com. Unless you have redirects in place your homepage should load over HTTPS.
If your website shows that it is not secure, you may have had an issue with the SSL installation. Use the Qualys SSL Labs tool to check your SSL has been installed properly.
If you are able to access your website over HTTPS the next step is to make sure your WordPress website is configured to use your newly installed security.
Check out our guide on how to change WordPress from HTTP to HTTPS.
If you had any issues or questions with the process feel free to ask in the comments below. We do our best to answer all questions.
Or if you want some more hands on advice feel free to ask us for a free security review. We will go through your website and make recommendations for you. Just tell us your web address using this form to get started.