Did you know that Google shows all non-SSL websites as “Not Secure”. This means that if you are not using a SSL certificate on your website, then you’ll lose customers trust.
Because SSL certificate helps protect your website data, it’s actually a requirement for accepting payments online.
Normally, paid SSL certificates are quite expensive. If you are just starting a blog or making a DIY business website, then you likely want to keep costs low.
Luckily, there are multiple ways to get a free SSL certificate to reduce your website cost. In this article, we will show you how to easily get a free SSL certificate for your WordPress website and set it up all by yourself.
We will also cover the following topics:
- What is an SSL Certificate?
- Why You need an SSL certificate for Your WordPress Site
- How does SSL certificate work to keep information secure
- How much SSL certificates cost
- How you can get a free SSL certificate
- How to Install a free SSL certificate in WordPress
Ready? Let’s get started.
What is SSL?
SSL stands for Secure Sockets Layer. It is an internet protocol for securing data transfer between a user’s browser and the website they are visiting.
Every internet user transfers information when they visit websites. This information can often be sensitive like payment details, credit card information, or login credentials.
Using the normal HTTP protocol means this information can be hijacked by hackers. This is where SSL or HTTPS comes in.
Websites need an SSL certificate issued by one of the recognized certificate issuing authority. This certificate is verified and highlighted in the user’s browser address bar with a padlock sign and HTTPS instead of HTTP.
Do I Need an SSL Certificate for My WordPress Website?
SSL / HTTPS is recommended for all websites on the internet. However, it is absolutely required for all websites that collect user information like login details, payment information, credit cards, and more.
If you are running an e-commerce store, a membership website, or require users to login, then you need to get an SSL certificate right away.
Most online payment services require your website to use SSL/HTTPs before you can receive payments.
Apart from security, SSL certificate also creates a positive impression of your brand among your users. Google also recommends using SSL, and research shows that SSL-enabled websites rank slightly higher in search results.
Last but not least, if your website is not using an SSL certificate, then Google Chrome will show your users that your website is not secure.
This icon affects your brand image and user’s trust on your website.
How Does SSL Certificate Work?
Now that we have explained what is SSL and why is it important, you might be wondering how does an SSL certificate actually works?
SSL protects information by encrypting the data transfer between a user’s browser and the website.
When a user visits an SSL/HTTPs website, their browser first verifies if the website’s SSL certificate is valid.
If everything checks out, then the browser uses the website’s public key to encrypt the data. This data is then sent back to the intended server (website) where it is decrypted using the public key and a secret private key.
How Much Do SSL Certificates Cost?
Cost of SSL Certificates differs from one certificate authority to another. Their pricing could be anywhere between $50-200 / year. Some providers offer add-on services with their certificates which may also affect the cost of your SSL certificate.
If you are going to purchase an SSL certificate, then we recommend GoDaddy. They are the largest domain name registration service in the world, managing more than 77 million domains.
They offer simple SSL certificate plans starting from $74.99 / year. After you have purchased an SSL certificate, you can ask your hosting provider to install it for you.
But before you do that, you should check to see if you can get the SSL certificate for free.
How Can I Get an SSL Certificate for Free?
A lot of website owners are reluctant to use SSL due to the additional cost. This left many small websites vulnerable to data and information theft.
A non-profit project called Let’s Encrypt decided to fix this by establishing a free certificate authority.
The purpose of this certificate authority is to make it easier for website owners to get a free SSL certificate. Internet becomes a safer place if more and more websites start using SSL.
Due to the significance of the project, it quickly earned the support of major companies like Google, Facebook, Shopify, WordPress.com and many others.
The challenge is that installing the free SSL certificate by Let’s Encrypt for a beginner user is quite difficult because it requires coding knowledge and server systems knowledge.
Thankfully, all of the best WordPress hosting companies are now offering free SSL certificate with all their hosting plans (some are using Let’s Encrypt).
Choosing one of these providers will save you from the hassle of installing the free SSL certificate on your own.
Here are the top WordPress hosting companies that offer free SSL certificate with their hosting plans.
If you are already using one of these companies, then you can turn on your free SSL certificate from your hosting dashboard. Simply login to your hosting account’s cPanel dashboard and scroll down to the ‘Security’ section.
Bluehost users will find the free SSL option by visiting My Sites » Manage Site page. From here, you can switch to the security tab and turn on free SSL certificate for your website.
Depending on your hosting company, your web hosting control panel may look different than the screenshot above. If you are having trouble locating the free SSL option, then you can ask your hosting provider to enable it for you.
If your web hosting company does not offer free SSL, then you can easily follow our guide to switch your hosting and move your sites to one of the companies above.
Installing Free SSL Certificate and Setting up WordPress
Once you have enabled your free SSL Certificate, you will need to set up WordPress to start using HTTPS instead of HTTP in all your URLs.
The easiest way to do this is by installing and activating the Really Simple SSL plugin on your website. For more details, see our step by step guide on how to install a WordPress plugin.
Upon activation, the plugin will check to see if your SSL certificate is enabled. After that, it will turn on HTTP to HTTPS redirect and change your website settings to start using SSL/HTTPs.
To make your website completely secure, you need to make sure that URLs of your website are loading using the HTTPS protocol. Really Simple SSL plugin does that automatically by fixing the URLs when the page loads.
Even if a single URL still loads using the insecure HTTP protocol, then browsers will treat your entire website as not fully secure.
To fix these URLs, you will need to use your browser’s inspect tool to find them and then replace them with the correct HTTPs URLs. For more on this, see our tutorial on how to fix mixed content error in WordPress.
Really Simple SSL Plugin makes it super easy to set up free SSL certificate in WordPress. That’s why we recommend it for all beginners.
However, it catches insecure URLs when the page loads, which increases your page load time a little bit. This is why advanced users who are concerned about WordPress speed uses the manual method to setup their free SSL certificate.
We have created detailed step by step instructions to help you properly switch WordPress from HTTP to HTTPS (which shows both the manual method and the plugin method).
We hope this article helped you learn how to get a free SSL certificate for your WordPress site. You may also want to see our step by step guide on how to create free business email address for your WordPress site.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.