Website

6 Easy Steps to Add SSL and HTTPS in WordPress

Disclosure: Our content is reader-supported, which means we earn commissions from links on Crazy Egg. Commissions do not affect our editorial evaluations or opinions.

Disclosure: This content is reader-supported, which means if you click on some of our links that we may earn a commission.

Security on the internet is a big deal. It’s been an issue since the internet first emerged and has become a growing concern as it became an integral part of people’s everyday lives. 

This is especially true with the significant shift in remote working. According to a study done by Upwork, over 40% of the American workforce is fully remote. Though that number is expected to drop a bit as companies begin to return to the office, it is anticipated that remote working will be a permanent situation for over 25% of the workforce. 

While we love the idea of doing our jobs from anywhere, it does open the door for more hackers to get in and steal data. Offices often have more secure systems running to keep website information safe, but in the case of remote workers, that no longer exists. That’s why it is more important now than ever to make sure that any websites you run are safe and secure from hackers. You want people who come on your site to feel safe and not worried about information getting stolen. Even if they aren’t inputting personal information onto your website, they want to know they are safe browsing there. 

The best way to do this is by adding an SSL certificate and HTTPS to your WordPress site. Any site that does not have SSL is deemed “insecure” by Google. And that is not something you want for your site. 

So, don’t waste any more time, and don’t risk anyone’s information getting compromised. Add SSL and HTTPS to your WordPress site with the guide below, and your site will be safe, no matter where people are accessing it from.

Why Adding SSL and HTTPS in WordPress is Worth It

The majority of website attacks occur because either passwords have been stolen or due to an unsecured connection. 

And guess what? 

Both of those problems can be solved with HTTPS. 

To ensure that you still get visitors to your website who know that they are safe while on your page, you want to install an SSL certificate. 

Not sure what an SSL certificate is? That’s what we are here for. 

SSL stands for Secure Sockets Layer. An SSL certificate is a digital certificate that provides authentication and allows for an encrypted connection. This certificate lets visitors know that you are the owner of the domain and helps encrypt any passwords or other information visitors may enter. This is key in preventing hackers from stealing private information stitch as credit cards, bank account information, addresses, and more. 

Having this certificate provides trust for visitors to your WordPress site. Trust that you own the website and that you are who you claim to be and that you will keep any personal information shared on the website safe. 

With an SSL certificate, you can get the HTTPS connection for your site. 

In addition to the security factor of SSL and HTTPS, having a secure website has the potential for your website to rank higher in search engines such as Google. This is because Google wants the websites it promotes to be trusted and safe, and the SSL certificate provides this level of safety.

The Investment Needed to Add SSL and HTTPS in WordPress

You can now see why adding SSL and HTTPS to your WordPress site is very important. Though it sounds like a process that will take a lot of time and effort, it is relatively easy. And you have this guide to help you along the way. 

Most people can add this layer of security to their website quickly. A small amount of time has the power to make a world of difference for your website in terms of safety and SEO rankings. 

As for the cost, it varies depending on your hosting provider and the type of SSL certificate you get. Some providers will include an SSL certificate for free, while others charge anywhere from $15 to $800 for an SSL certificate. 

Here are the different types of certificates. 

Domain Validated (DV)

This is the SSL that most bloggers and small website owners use and is ideal for websites that do not have visitors enter any personal information. It is the most basic of SSL certificates, which means it also has the lowest level of security. If there is no personal information gathered, this level of certificate will work fine. 

Organized Validated (OV)

This type of certificate is similar to the DV but is more expensive. This is one step above the DV and is still one that should only be used if your website does not require users to provide any sensitive or personal information. 

Extended Validated (EV)

Like its name hints, this certificate gives you the highest level of security for your website. But that also means that it is the most expensive. When you see the green padlock in the URL bar of a website, that means it has an Extended Validated certificate. This lets people know that the site is highly trusted. 

To make sure that the process of adding SSL and HTTPS to your website goes smoothly, we have created a step-by-step process. 

If you’re interested in following along with the process, read through this guide that will take you from start to finish. Here are the steps: 

  1. Get an SSL Certificate (from your hosting provider)
  2. Install the SSL Certificate
  3. Install the Plugin
  4. Check the Success
  5. Update URL in Google Analytics
  6. Update Links Elsewhere

6 Steps to Add SSL and HTTPS in WordPress

In just six easy steps, you will have security on your website. 

#1 – Get an SSL Certificate

The first part of this process is obtaining the SSL certificate itself. 

There are a couple of different ways you can do this. Some hosting providers offer free SSL certificates for all domain names. This is one reason why Hostinger is at the top of our list of best WordPress hosting sites, with Bluehost as a close second. Both of these hosting providers give free SSL certificates with the purchase of one of their hosting plans. You may have to enable the certificate manually, but most of the time, the SSL will assign automatically and install itself on your domains. 

If your hosting provider does not offer free SSL certificates, there are third-party websites that provide them for free, such as Let’s Encrypt. However, this site only provides a free certificate for 90 days, so you must continue to renew it. Cloudflare is another certificate provider that offers a free plan, as well as other paid plans.

#2 – Install the SSL Certificate

Once you have your SSL certificate and have enabled the certificate on your domain name, it is time to install it on your WordPress website. 

If you have a hosting account with multiple websites, you will need to note which one is getting the SSL. This is typically something that can be done easily from the account admin area on your hosting provider page. See the Bluehost sample page below. 

Some web hosting providers can install the SSL certificate on your website. If you aren’t sure, it is best to call your provider and see what they offer in terms of SSL certificates. And if it turns out that they do not install the certificate for you, you can download a plugin to help. 

Once the certificate is installed, you should be able to see that it’s active by going to https://yourwebsite.com. If the install was down correctly, you should see a small lock icon.

However, some people do not see that lock and instead get something that looks like this: 

Don’t worry if you see this warning. This just means that you need to install a plugin that will make the changes to your website once the certificate has been purchased.

#3 – Install the Plugin

There are several different options for plugins that can help you properly install the SSL certificate, but the best one to use is Really Simple SSL

Often, you get the error message above because your WordPress site has media on it that was added using the HTTP URL, not the HTTPS URL. To avoid manually updating every single piece of media you have on your website, the Really Simple SSL plugin can do it for you. 

The plugin will also update your website’s URL to HTTPS in settings. And it will add a 301 redirect that sends all traffic to your updated HTTPS website. 

Once you have installed the plugin, you will see a message like this: 

You want to click the “Go ahead, activate SSL!” button, and then you will likely be signed out of your WordPress and prompted to sign back in.

#4 – Check the Success

So you think you’ve done all the steps correctly but are not sure how to know if your website is truly secure and whether you installed the SSL certificate correctly. 

There are a couple of different ways you can check. 

You can go to the settings in your WordPress dashboard. Go to Settings > General

If your domain has an HTTPS in front of it, success! You have installed the SSL certificate correctly on your website, and it is now an HTTPS website that is secure. If it still reads HTTP, start over from step #1. 

You also want to head to Settings > SSL to make sure the other SSL settings are updated. You may see something like this. 

This shows that yes, the SSL was activated, but other things need to be taken care of, one of which is updating your settings in Google Analytics and Search Console.

#5 – Update URL in Google Analytics

To have Google see your site as a secure one, you need to update your URL in Google Analytics. This is a quick and easy process. 

First, go to your Google Analytics homepage. Then, click on Admin. Then navigate to Property Settings.

Here you will see the Default URL, which likely reads HTTP, not HTTPS. 

Click on the dropdown and change it from HTTP:// to HTTPS:// 

Then click Save at the bottom to update your website settings.

#6 – Update Links Elsewhere

Congratulations! Your site is now secure with an SSL certificate and now reads as an HTTPS URL. 

Next, you want to update any other links that take people to your WordPress site. This could be social media profiles or other websites that direct people to your WordPress website. 

While this isn’t completely necessary as the page should automatically redirect, it makes the process smoother for people to visit your site without waiting to be redirected. Few things can annoy someone faster than a website that won’t load.

Next Steps

Waiting for websites to load is something many people don’t have the patience for. Something as short as a one-second delay can wreak a lot of havoc on your page views, customer satisfaction, and conversion. In addition to that, a slow loading page can also hurt your ranking with Google. They only want to send people to pages that will load quickly. And 47% of consumers think the appropriate amount of loading time is two seconds or less. Anything longer than that, and sayonara — they are on to another page. 

To keep this from happening, make sure to check out our article that shares 20 ways you can speed up your website and improve conversion. Though this may take some time for you to go through and implement some of (if not all) these tips, it is worth your time. The effect it will have on your conversions and your success will wow you.


Make your website better. Instantly.

Over 300,000 websites use Crazy Egg to improve what's working, fix what isn't and test new ideas.

Free 30-day Trial