CMS Tutorial
WordPress
Securing WordPress: A step-by-step guide to installing an SSL certificate
Securing WordPress: A step-by-step guide to installing an SSL certificate
Aug 31, 2023 pm 02:45 PM
One way to make your WordPress website more secure is to install an SSL certificate.
AnSSL certificate will add https:// to your website's domain, and more importantly, it will enhance security for your users. It will also give you some SEO benefits.
In this tutorial, you’ll learn how to install an SSL certificate for your WordPress website for free using Let’s Encrypt. I’ll show you how to do this using the SiteGround admin screen, cPanel, and plugins.
WordPress Hosting Special Discount
If you need WordPress hosting, check out SiteGround. It comes with an easy installer, free support, and automatic updates. It also includes support for SSL to keep your website secure! Thanks to our partnership with SiteGround, we’re excited to offer a huge 70% discount on self-managed WordPress hosting.
What is SSL?
SSL stands for "Secure Sockets Layer". It uses a key pair to authenticate website access: a public key that anyone can access, and a private key that is private. The relationship between the two means that only the person with the private key (i.e. you, the website owner) can encrypt information transmitted using the public key. This also means that anyone can use the public key to verify that the website is secure.
But don't worry - you don't have to store these keys for your website. Instead, these keys are used by the SSL certificate you install on your site. This means that when your website sends information between the browser and the server, the information is encrypted.
When you install SSL, it changes the look of your website. The https:// at the beginning of the domain name will be changed to https:// and when you visit the website in your browser, a padlock will appear, you can refer to the Tuts website Screenshot of .
#What are the benefits of SSL?
So why bother adding SSL to WordPress? This is extra work after setting up the site and doesn't change the way the site appears to users, so why do it?
There are two main benefits - security and SEO.
SSL and Security
The first and most obvious benefit is website security. By adding SSL, you make it more difficult for anyone to intercept the data being transmitted, and for others to access the information users enter into your website.
So, for example, if you are running an e-commerce store or collecting user information so they can register on a membership site, SSL is crucial. Running any such website without SSL is extremely dangerous and irresponsible.
SSL and SEO
Another benefit of adding SSL to your website is that it is good for SEO.
Google prefers websites with SSL certificates and will rank them higher. Given that adding SSL is free, even if your website doesn’t collect user data, it’s worth installing an SSL certificate for the SEO benefits.
How to add SSL to WordPress for free
In the past, to get SSL, you had to pay for an SSL certificate, and it could cost more than your hosting fee. But now you can get an SSL certificate for free with Let’s Encrypt.
You can add this functionality using a WordPress plugin (also free), or you can easily add SSL to your site using the SiteGround admin tool or cPanel.
Let’s take a look at each method.
Add Let’s Encrypt SSL via SiteGround
To add SSL to your WordPress website in SiteGround, first log into your SiteGround website and click on the Website tab.
Click the Website Tools button to access your website's tools, then click Security > SSL Manager.
In the Select Domain field, select the website to which you want to add SSL. In the Select SSL drop-down list, select the option you want to use.
The three options are:
- Let’s Encrypt — Standard SSL certificate, free, suitable for most websites.
- Let’s Encrypt Wildcard – Wildcard SSL means you can add subdomains to your website and they will use an SSL certificate. This is useful if you have a multisite network using subdomains.
- Advanced Wildcards - Includes extra features for enhanced security. This requires an additional fee.
You can learn more on the SiteGround website’s SSL Certificates page.
For this demonstration, I will choose Let’s Encrypt because it is free and will meet the needs of most WordPress websites.
After selecting the desired option, you will see a notification that your request is being processed.
This may sometimes take a while as your request is sent to the queue and there may be other SiteGround account holders submitting requests at the same time. Once the request is completed, you will see a success message.
If you click on the Configure HTTPS link, you will see information about SiteGround websites, covering a range of website systems. Don’t worry, I’ll tell you exactly how to do that, just skip to the Configuring WordPress Settings to Use HTTPS section below.
Add SSL in cPanel
If you are using a hosting provider that is not SiteGround and also offers Lets Encrypt SSL, or you are using an older SiteGround account that still uses cPanel for SSL, you can use the cPanel interface to install a free Let's Encrypt SSL certificate.
Start by logging into your hosting provider's interface and opening cPanel. Scroll down to the Security section.
Click the Let’s Encrypt link to go to the Let’s Encrypt Manager screen. Go to the Install a new Let’s Encrypt certificate section.
In the Domain field, select the domain to which you want to add the certificate. Then select the certificate type. You have two options:
- Let’s Encrypt SSL - Works with most websites.
- Let's Encrypt Wildcard SSL - Useful for websites with subdomains (such as multisite networks).
Select the one you want and click the Install button.
You will see a success message telling you that your request has been added to the queue. Click the OK button.
First of all, it won't show up in the Manage Let's Encrypt Certificates section, i.e. because your request is queued waiting for another user who has requested the certificate. But it will change soon to reflect this.
Now skip to the Configuring WordPress settings to use HTTPS section below.
Add SSL using plugin
If you are not using SiteGround and your hosting provider does not offer Lets Encrypt, you can install a free plugin to add a free SSL certificate.
In WordPress, install the plugin. Go to Plugins > Add New Plugin.
In the search box, enter SSL. You will see a series of SSL plugins.
Find the SSL Zen plugin. Click the Install Now button, then when it changes to the Activate button, click that button to activate the plugin.
After installing the plugin, you will be taken to the SSL Zen screen. If you don't know or need to go back, click SSL Zen in the admin menu.
Click the Use the free version link at the top of the screen to go to the settings screen.
Check if the domain name and email address are correct, if required check the www option also add https:// and check the terms and conditional options. Click the Next button to continue.
The next step is to verify that you own the domain. Follow the on-screen instructions to upload the files to the new folder. Make sure you add the folders and files to your site's public_html folder, not the root directory. You need to access your website via FTP or use the file manager option in cPanel.
Once you have done this, return to the plugin settings screen and click the Verify button next to each file.
The plugin will check if the file is in the correct location. Once completed, click the Next button.
You can download your certificates if you wish, but you don’t have to – they will also be emailed to your WordPress admin email address. Click the Next button again to complete.
Your website will now have an SSL certificate installed, but you still need to make sure WordPress is using https:// in your browser. We'll cover this in the next section.
Configure WordPress settings to use HTTPS
Now you need to tell WordPress to use https:// instead of http://
In the WordPress admin, go to Settings > General. Find the Site URL and WordPress URL fields.
Edit these two fields so that they contain https:// instead of http://
Scroll down and click the Save Changes button to save your changes.
You need to log in again - this is because your browser has stored a login cookie for the http:// version of your address, and you need to log in again http:// version address, and you need to log in again>https://.
Your website will now use https:// with a padlock icon.
Summary
Adding an SSL certificate to your WordPress website will make it more secure and enhance your SEO. So there's really no reason not to do it.
And you don’t need to spend any money to do it either. No matter which method you use, add an SSL certificate to your website today and you’ll have peace of mind knowing it has better security and will rank higher in search engines.
Set up SSL easily with SiteGround
As you can see, SiteGround makes it very easy to set up SSL for your WordPress website. It also offers an easy installer, free support, and automatic updates, and thanks to our partnership with SiteGround, we can offer up to 70% off self-managed WordPress hosting.
The above is the detailed content of Securing WordPress: A step-by-step guide to installing an SSL certificate. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
How to diagnose high CPU usage caused by WordPress
Jul 06, 2025 am 12:08 AM
The main reasons why WordPress causes the surge in server CPU usage include plug-in problems, inefficient database query, poor quality of theme code, or surge in traffic. 1. First, confirm whether it is a high load caused by WordPress through top, htop or control panel tools; 2. Enter troubleshooting mode to gradually enable plug-ins to troubleshoot performance bottlenecks, use QueryMonitor to analyze the plug-in execution and delete or replace inefficient plug-ins; 3. Install cache plug-ins, clean up redundant data, analyze slow query logs to optimize the database; 4. Check whether the topic has problems such as overloading content, complex queries, or lack of caching mechanisms. It is recommended to use standard topic tests to compare and optimize the code logic. Follow the above steps to check and solve the location and solve the problem one by one.
How to minify JavaScript files in WordPress
Jul 07, 2025 am 01:11 AM
Miniving JavaScript files can improve WordPress website loading speed by removing blanks, comments, and useless code. 1. Use cache plug-ins that support merge compression, such as W3TotalCache, enable and select compression mode in the "Minify" option; 2. Use a dedicated compression plug-in such as FastVelocityMinify to provide more granular control; 3. Manually compress JS files and upload them through FTP, suitable for users familiar with development tools. Note that some themes or plug-in scripts may conflict with the compression function, and you need to thoroughly test the website functions after activation.
How to optimize WordPress without plugins
Jul 05, 2025 am 12:01 AM
Methods to optimize WordPress sites that do not rely on plug-ins include: 1. Use lightweight themes, such as Astra or GeneratePress, to avoid pile-up themes; 2. Manually compress and merge CSS and JS files to reduce HTTP requests; 3. Optimize images before uploading, use WebP format and control file size; 4. Configure.htaccess to enable browser cache, and connect to CDN to improve static resource loading speed; 5. Limit article revisions and regularly clean database redundant data.
How to prevent comment spam programmatically
Jul 08, 2025 am 12:04 AM
The most effective way to prevent comment spam is to automatically identify and intercept it through programmatic means. 1. Use verification code mechanisms (such as Googler CAPTCHA or hCaptcha) to effectively distinguish between humans and robots, especially suitable for public websites; 2. Set hidden fields (Honeypot technology), and use robots to automatically fill in features to identify spam comments without affecting user experience; 3. Check the blacklist of comment content keywords, filter spam information through sensitive word matching, and pay attention to avoid misjudgment; 4. Judge the frequency and source IP of comments, limit the number of submissions per unit time and establish a blacklist; 5. Use third-party anti-spam services (such as Akismet, Cloudflare) to improve identification accuracy. Can be based on the website
How to use the Transients API for caching
Jul 05, 2025 am 12:05 AM
TransientsAPI is a built-in tool in WordPress for temporarily storing automatic expiration data. Its core functions are set_transient, get_transient and delete_transient. Compared with OptionsAPI, transients supports setting time of survival (TTL), which is suitable for scenarios such as cache API request results and complex computing data. When using it, you need to pay attention to the uniqueness of key naming and namespace, cache "lazy deletion" mechanism, and the issue that may not last in the object cache environment. Typical application scenarios include reducing external request frequency, controlling code execution rhythm, and improving page loading performance.
How to enqueue assets for a Gutenberg block
Jul 09, 2025 am 12:14 AM
When developing Gutenberg blocks, the correct method of enqueue assets includes: 1. Use register_block_type to specify the paths of editor_script, editor_style and style; 2. Register resources through wp_register_script and wp_register_style in functions.php or plug-in, and set the correct dependencies and versions; 3. Configure the build tool to output the appropriate module format and ensure that the path is consistent; 4. Control the loading logic of the front-end style through add_theme_support or enqueue_block_assets to ensure that the loading logic of the front-end style is ensured.
How to add custom fields to users
Jul 06, 2025 am 12:18 AM
To add custom user fields, you need to select the extension method according to the platform and pay attention to data verification and permission control. Common practices include: 1. Use additional tables or key-value pairs of the database to store information; 2. Add input boxes to the front end and integrate with the back end; 3. Constrain format checks and access permissions for sensitive data; 4. Update interfaces and templates to support new field display and editing, while taking into account mobile adaptation and user experience.
How to optimize WordPress robots txt
Jul 13, 2025 am 12:37 AM
robots.txt is crucial to the SEO of WordPress websites, and can guide search engines to crawl behavior, avoid duplicate content and improve efficiency. 1. Block system paths such as /wp-admin/ and /wp-includes/, but avoid accidentally blocking the /uploads/ directory; 2. Add Sitemap paths such as Sitemap: https://yourdomain.com/sitemap.xml to help search engines quickly discover site maps; 3. Limit /page/ and URLs with parameters to reduce crawler waste, but be careful not to block important archive pages; 4. Avoid common mistakes such as accidentally blocking the entire site, cache plug-in affecting updates, and ignoring the matching of mobile terminals and subdomains.
