How To Get A Free, Valid SSL Certificate For Your WordPress Website

Become a WordPress Buff
how to get https certificate free
Share on twitter
Share on email
Share on facebook
Share on linkedin
Our team at WP Buffs helps website owners, agency partners and freelancer partners get SSL certificates for their WordPress websites. Whether you need us to manage 1 website or support 1000 client sites, we’ve got your back.

1. What Is HTTPS?

“HTTP” or “HTTPS” appears at the beginning of every website URL in a web browser. HTTP stands for Hyper Text Transfer Protocol, and the S in HTTPS stands for Secure. In general, this describes the protocol over which data is sent between your browser and the website you are viewing.

HTTPS ensures that all communication between your browser and the website you are viewing is encrypted. That means it’s secure. Only the receiving and sending computers can see information in the transfer of data (others could potentially access it but would not be able to read it). On secure sites, the web browser shows a padlock icon in the URL area to notify you.

WP Buffs Secure Encryption SSL HTTPS

HTTPS should be on any website that collects passwords, payments, medical information or other sensitive data. But what if you could get a free and valid SSL certificate for your domain?

2. How Does Website Security Work?

You need to install an SSL (Secure Socket Layer) certificate in order to enable HTTPS. The certificate contains a public key, which is needed to begin the session securely. When an HTTPS connection to a web page is requested, the website will send the SSL certificate to your web browser. Your browser and the site then initiate the “SSL handshake,” which involves the sharing of “secrets” to establish a secure connection between your browser and the website.

Standard vs Extended SSL

If the website is using a standard SSL certificate, you will see a padlock icon in the URL area of the browser (see screenshot). If it’s using an extended validation (EV) SSL certificate, the address bar or the URL will be green. EV SSL standards surpass those of SSL. EV SSL provides identity assurance of the owner of the domain. Obtaining an EV SSL certificate also requires applicants to go through a rigorous evaluation process to confirm their authenticity and ownership.

EV SSL On All Browsers

3. Why Should I Get an SSL Certificate?

Even if your website does not take in and transmit sensitive data, there are a few reasons you might want to have a secure website and pursue a free and valid SSL certificate for your domain.

  1. Performance. SSL may improve the time it takes to load a page.
  2. Search engine optimization (SEO). Google’s intention is for the internet to be a secure and safe experience for everyone—not just those who use Google Chrome, Gmail and Drive, for example. The company has stated that security will be a factor in how they rank sites in search results. For now, it’s a small one. However, if you have a secure website and your competitors don’t, your website could rank higher, which may be the edge needed to get that click from the search results page.
  3. Trust. If your website is not secure and it collects passwords or credit cards, then users of Chrome version 56 (released in January 2017) will see a warning that the site is not secure (see screenshot below). Non–tech-savvy visitors (the majority of website users) may become alarmed upon seeing this and leave your site, simply because they don’t understand what it means. On the other hand, if your site is secure, this could put visitors at ease, making it more likely that they will fill out a registration form or leave a comment on your site. Google has a long-term plan to show all HTTP sites as non-secure in Chrome.

Google Not Secure Warning

4. Where Do I Get a Free SSL Certificate?

You obtain an SSL certificate from a certificate authority. Some reliable free sources are:

  • Let’s Encrypt: certificates valid for 90 days, recommended renewal at 60 days
  • Cloudflare: free for personal websites and blogs
  • FreeSSL: free for nonprofits and startups at the moment; cannot be a Symantec, Thawte, GeoTrust or RapidSSL customer
  • StartSSL: certificates valid for 1 to 3 years
  • GoDaddy: certificates free for open-source projects, valid for 1 year

Type of certificate and length of validity vary by authority. Most authorities offer standard SSL certificates free and charge for EV SSL certificates, if they provide those. Cloudflare offers free and paid plans and various add-on options.

5. What Do I Need to Consider When Getting an SSL Certificate?

Google recommends a certificate with a 2048-bit key. If you already have a 1024-bit certificate, which is weaker, they recommend upgrading it.

You will need to decide if you need a single, multi-domain or wildcard certificate:

  • A single certificate would be for a single domain (e.g., www.example.com).
  • A multi-domain certificate would be for multiple well-known domains (e.g., www.example.com, cdn.example.com, example.co.uk).
  • A wildcard certificate would be for a secure domain with many dynamic subdomains (e.g., a.example.com, b.example.com).

6. How Do I Install an SSL Certificate?

Your web host may install the certificate free of charge or for a fee. Some hosts actually have a Let’s Encrypt installation option in their cPanel dashboard, making it easy to do yourself. Ask your current host or find one that offers direct support for Let’s Encrypt. If your host doesn’t provide this service, your website maintenance company or developer could install the certificate for you.

You should expect to have to renew the certificate every so often. Check the timeframe with the certificate authority.

For the easiest implementation, just partner with a fully managed hosting provider and they will take care of everything for you. One quick support ticket and it’s done!

7. What Else Do I Need to Do?

Force SSL

After obtaining and installing the SSL certificate, you need to force SSL on the site. Again, you can ask your web host, maintenance company or developer to do this. However, if you prefer to do it yourself and your website is in WordPress, you can do this by downloading, installing and using a plugin.

When using a plugin, be sure to check its compatibility with your version of WordPress, the reviews and installation instructions. Two popular plugins for forcing SSL are:

SSL plugins

Be sure to back up your site first and be very careful when executing this. If you misconfigure something, it could have dire consequences:

  • visitors not being able to see your website,
  • images not displaying,
  • scripts not loading, which would affect how some things on your site function,
  • typography and colors not appearing properly.

Set up server-side 301 redirects

You need to redirect users and search engines to the HTTPS pages via 301 redirects in the .htaccess file in the root folder on the server. The .htaccess file is an invisible file, so be sure your FTP program is set to display hidden files. In FileZilla, for example, go to Server > Force showing hidden files (see screenshot).

FileZilla

Before you add the redirects, it would be a good idea to back up your .htaccess file. On the server, temporarily rename the file by removing period (which is what makes it invisible in the first place), download the file (which will be visible on your computer now as a result of removing the period), then add the period back in to the one on the server.

Change Analytics Settings

After taking these steps, you will need to change the preferred URL in your Google Analytics account to show the HTTPS version of your domain. Otherwise, your traffic stats will be off because the HTTP version of the URL is seen as a completely different website from the HTTPS version.

Google Search Console treats HTTP and HTTPS as separate domains too, so add the HTTPS domain in that account.

Keep in mind when you switch from HTTP to HTTPS, if you have social sharing buttons enabled on your site, the number of shares will reset.

And that’s how you go about installing a free and valid SSL certificate for your domain and encrypting your data to keep it safe. SSL certificates are part of the future of WordPress security, so get yours or get left in the stone age.

Want to give your feedback or join the conversation? Add your comments 🐦 on Twitter.

Share this post:
Share on twitter
Share on email
Share on facebook
Share on linkedin
Did you enjoy this post? Subscribe for more

Register for our next live WP AMA event!

🏆Chance to win weekly giveaways

📆 Instant invites to our Weekly WP AMA

🙋 First access to submit questions

💻 Direct links to all of our events

WP Buffs, LLC is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please enter your name and email address above.

You can unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy. By clicking submit above, you consent to allow WP Buffs, LLC to store and process the personal information submitted above to provide you the content requested.

Read about how we increased Rigorous Digital's profit margin by 23% and helped remove all website issues for MEP Publishers and their 3 complex websites.

Case study eBook cover (MEP Publishing)
No thanks, I don't need more profit and I can tackle all my WordPress issues myself.
Case study eBook cover (Rigorous Digital)

WP Buffs, LLC is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please enter your name and email address above.

 

You can unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit above, you consent to allow WP Buffs, LLC to store and process the personal information submitted above to provide you the content requested.

Which care plans best fit your websites (or client sites)?

✔️ White-label site management

✔️ $1,000+ of premium plugins free under our care plans
✔️ 24/7 website edits and priority support
✔️ Ongoing speed and security optimization
✔️ 24/7 website uptime monitoring
✔️ 4x daily cloud backups
✔️ Weekly plugin, theme and core file updates
✔️ Weekly reports detailing any on-site changes

No thanks. I can manage, speed up, secure, fix and grow websites myself.
Questionnaire
No thanks. I can manage, speed up, secure, fix and grow websites myself.

Schedule a private call with our team to discuss our 24/7 WordPress care plans for serious website owners or 24/7 white-label site management for agencies and freelancers

Finally, a WordPress newsletter you'll actually read every single month.

✔️ High-impact news

✔️ Actionable tutorials and videos

✔️ #WordPress Twitter highlights

✔️ Vote on receipient of $200 donation and WP Buffs merch giveaways

✔️ Fully curated so you only receive the best 5% of content

No thanks, I have other ways to stay updated with WP

WP Buffs, LLC is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please enter your name and email address above.

You can unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy. By clicking submit above, you consent to allow WP Buffs, LLC to store and process the personal information submitted above to provide you the content requested.

Finally, get your website 99.9999% secure and loading in under 1 second.

Our free eBooks and easy-to-follow checklists will have your website fully optimized in just a few hours.

No thanks, my website is as fast and secure as I want it.

WP Buffs, LLC is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please enter your name and email address above.

You can unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy. By clicking submit above, you consent to allow WP Buffs, LLC to store and process the personal information submitted above to provide you the content requested.

How to Sell Your Very First Care Plans Cover

Finally, an email list that helps make WordPress simple and effective for you.

Speed & security optimization tips and detailed how-to guides with advice you can implement today.

No thanks, I already know everything about WordPress.
Speed checklist eBook cover

WP Buffs, LLC is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please enter your name and email address above.

 

You can unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy. By clicking submit above, you consent to allow WP Buffs, LLC to store and process the personal information submitted above to provide you the content requested.

Case study eBook cover (Rigorous Digital)
Case study eBook cover (MEP Publishing)
How to Sell Your Very First Care Plans Cover

Honed and proven strategies we've used successfully 500+ times to help you sell your first care plans. Action steps you can implement in minutes.

No thanks, I can already sell as many care plans as I want.
How to Sell Your Very First Care Plans Cover

WP Buffs, LLC is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please enter your name and email address above.

 

You can unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit above, you consent to allow WP Buffs, LLC to store and process the personal information submitted above to provide you the content requested.

No thanks, I'm happy with my MRR

The WPMRR Virtual Summit! A free online conference 100% focused on helping you make monthly recurring revenue work for your WordPress business.

wpmrrvsblue

✔️ Attend every session and panel for free

✔️ Access to live event with all your WP friends

✔️ Free MRR merch giveaways

✔️ WP Buffs donation of $1 per registrant to Lawyers for Good Government

✔️ Make subscription revenue a core part of your business