How to Install SSL Certificates on WordPress

WordPress

How to install an SSL certificate on a WordPress website + HTTP to HTTPS migration guide

There are 5 steps involved to install an SSL certificate on your WordPress website-if you have bought it from a third-party supplier like us ( i.e. it isn’t bundled with your hosting account).

  • Step 1: Generate the CSR
  • Step 2: Install the SSL in the hosting server
  • Step 3: Enable SSL in WordPress with the help of a plugin or manually
  • Step 4: Fix Mix Content Warning in WordPress (if any)
  • Step 5: Update Google Analytics & Submit A New Sitemap to Google 

Step 1: Generate the CSR

The CSR generation mechanism differs depending on the type of server. The CSR generation process for the most common platform, cPanel, has been covered.

  • Navigate to the Security portion of your cPanel account. Over there, choose SSL/TLS Manager.
  • Under Certificate Signing Requests, choose ‘Generate, display, or remove SSL certificate signing requests’ (CSR).
  • Only alphanumeric characters may be used in the fields Domains, City, State, Nation, Company, Company Division, E-mail, Password, and Description.
  • Select Generate from the drop-down menu.

Your private and public keys have now been successfully developed. The public key is included in the CSR code, which will be submitted to the certificate authority (CA, or certificate provider company) along with other necessary information, as directed by the CA.

The CA will verify your credentials against the sort of validation you need after you submit the necessary information and your public key to the CA. The CA will ask you to take a few actions to show that you own the domain (and additional steps for OV and EV SSL certificates). Here’s where you can learn more about the Validation Process.

Once the validation process is complete, the CA will give you an SSL certificate. They’ll send you the files you’ll need to finish the certificate installation via email.

Step 2: Install the SSL on the hosting server

The installation process varies depending on the web host and server. We’ve gone over how to instal cPanel, one of the most popular servers. The installation process for all other kinds of servers is more or less the same. Tap here for more details if you’re using a particular server.

To begin, consider the following:

Go to cPanel

Part 1

Under Protection, select SSL/TSL.

Click Generate, Open, Save, or Remove SSL Certificates to generate, view, save, or delete SSL certificates. Certificates can be found in the Certificates section (CRT)

  • Find out where Under ‘Upload a New Credential,’ paste the certificate into the text box below. Copy and paste the code from the *yourdomain*.crt file you got in an email from the Certificate Authority. You can also import it directly from your account. Include the header and footer of the code (—–BEGIN CERTIFICATE—– and —–END CERTIFICATE—–).
  • Select Save Certificate or Upload from the drop-down menu.

OR

Click on ‘Choose File’ under ‘Choose a certificate file (*.crt)’ and import the.crt file that CA sent you via email. Select ‘Upload Certificate’ from the drop-down menu.

Part 2

Return to the previous menu now.

  • Under ‘Install and Manage SSL for your domain (HTTPS),’ choose Manage SSL pages.
  • From the drop-down menu, choose the domain for which the SSL was given.
  • The system can now retrieve and fill the Certificate: (CRT) and Private Key (KEY) fields automatically.
    CA’s CA Bundle (chain of intermediate certificates) can be copied and pasted into the box labelled Certificate Authority Bundle (CABUNDLE)
  • Select “Install Certificate” from the drop-down menu.
  • And that’s the end of it! On the server, the SSL certificate has now been installed.
  • Switching the site URLs from HTTP to HTTPS is the next step in enabling SSL in WordPress.

Step 3: How To Enable SSL in WordPress with the help of a Plugin

Very Simple SSL Plugin is one of the best plugins for installing SSL in WordPress.

  • Navigate to the WordPress dashboard.
  • To add a new plugin, go to Plugins > Add New.
  • Look for the Very Simple SSL Plugin and mount it.
  • Go to Plugins, find ‘Really Simple SSL Plugin,’ and choose Settings from the drop-down menu.
  • Select “Go ahead and trigger SSL!” from the drop-down menu.
  • Your website would be switched from HTTP to HTTPS provided there are no mixed content errors.
  • Scroll down to stage 4 if there are any mixed material mistakes.

Alternatively, you should manually instal SSL on WordPress (Not recommended)

Part 1

  • Got to Settings
  • Select General.
  • Replace HTTP with HTTPS in the WordPress Address (URL) and Site Address (URL) address fields with your domain name.
  • Changes can be saved.
  • In WordPress, log out and re-login.

Part 2: Apache Redirect

  • Locate the.htaccess file in the WordPress site’s root directory. (To see these hidden files, you can need to enable the display hidden files option in your FTP client.)
  • This code should be added to the.htaccess file.
<IfModule mod_rewrite.c> 
RewriteEngine On 
RewriteCond %{HTTPS} off 
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] 
</IfModule>
  • Add the following code to wp-config.php file to add HTTPS to WP Admin
define('FORCE_SSL_ADMIN', true); 

Redirect in Nginx

If your WordPress site is running on Nginx, write following code in the Nginx config file.

server { listen 80; server_name yourdomain.com www.yourdomain.com; return 301 https://yourdomain.com$request_uri; } 

Don’t forget to replace yourdomain.com with your actual website name.

If there are mixed content errors, scroll down to step 4. 

Step 4: Fix Mix Content Warning in WordPress (if any)

If all (all pages, videos, scripts, and stylesheets) do not load over HTTPS when migrating from HTTP, the browser displays a Mixed Content Alert.

When using absolute referring for pictures, scripts, stylesheets, and other things, for example:

This sites are also using HTTP to point to your domain name, but your site is now using HTTPS. Since your website’s address is HTTPS, it is attempting to load content using unreliable HTTP urls. As a result, the system displays the mistake.

You can either change the coding and upgrade all of the connections to HTTPS manually, which is time consuming.

OR

Better Search Replace is a good example of a plugin. Put your HTTP domain in Search for and your HTTPS domain in Replace with under the Search/Replace tab.

When you click Run Search/Replace, all of the total reference HTTP urls will be replaced with HTTPS.

Step 5: Update Google Analytics & Submit A New Sitemap to Google 

Let the search engine know that your website will be on HTTPS instead of HTTP. Part 1

Part 1

  1. Go to Google analytics
  2. Go to Admin
  3. Property
  4. Property Settings.
  5. In Default, URL field update your domain name with HTTPS
  6. Save

Part 2 

  1. Go to Google Search Console
  2. Click on ‘Add a property’ on top right side
  3. Add your website’s new HTTPS address in the popup
  4. Google will ask you to select a method to prove your authenticity
  5. Choose among the options.
    • HTML file upload
    • HTML tag
    • Google Analytics
    • Google tag manager
  6. Google will walk you through the step-by-step verification process.
  7. For older version

For newer version Congratulation! You have successfully installed the SSL certificate on your WordPress and also did all the needed additional steps that are crucial for SEO ranking!

How to choose the right type of SSL certificate for a WordPress site?

Once you’ve determined where to purchase your certificate, you’ll need to figure out the form of SSL is better for your WordPress account.

  • A Domain Validated SSL certificate is appropriate for informational websites, journals, and personal websites.
  • Organization Validated (OV) or Extended Validated SSL is recommended if the WordPress platform provides eCommerce, paying memberships, paid subscriptions, or supports contributions or charity, OR if your visitors need to fill out certain forms or log in information such as email ids, passwords, etc.
  • Multi–domain SSL is used if the WordPress platform has several domain names, such as myblog.com, myblog.net, and mysite1.ca.
    A wildcard SSL certificate is necessary to encrypt all subdomains on websites with subdomains, such as “blog.mysite.com,” “mail.mysite.com,” and so on.
  • Multidomain Wildcard SSL is preferred for websites with both subdomains and multi-domains.

After you’ve decided on an SSL provider and determined the form of SSL is best for your WordPress platform (and suits under your budget), you can buy it and begin the installation process. You don’t need to think about any more measures if you purchased SSL installation services from your SSL provider, and you can exit the article right now!

How can I get a WordPress SSL certificate?

Compare rates from other SSL vendors when purchasing an SSL certificate from your web hosting firm. The price gap can be mind-boggling at times. (Make sure your hosting company requires you to use a third-party SSL certificate.)

Melina Richardson is a Cyber Security Enthusiast, Security Blogger, Technical Editor, Certified Ethical Hacker, Author at Cybers Guards & w-se. Previously, he worked as a security news reporter.