An SSL certificate is helpful in protecting your websites from cyber attackers and hackers. It builds a level of trust with your website visitors.
SSL is an abbreviation for Secured Socket Layer. It’s an encrypted layer of data transmission between two systems. A server requires an SSL certificate before it can establish an SSL connection.
While most SSL certificates are usually expensive to acquire, there are a few ways to get an SSL certificate at zero cost for your WordPress site.
This is what we will show you in this step-by-step guide but first of all, let’s talk about why your WordPress website needs an SSL Certificate.
Why Your WordPress Website Needs An SSL Certificate
An SSL certificate is required for every website that collects payments online or personal information because it prevents hackers from intercepting the data in its encrypted format.
When you visit a website that is not secure — especially on the Chrome browser — Google sends a warning automatically that ‘’the website is not safe to visit”.
Even search engine optimization buffs are seeing that secured websites are ranked higher in search results than those that are not secured.
How an SSL Certificate Works
Now that you understand that having an SSL certificate for your WordPress website is essential. You want to know how an SSL certificate works in reality.
When a user visits a website with an SSL certificate installed, their browser first varies if the installed certificate is valid.
It verifies the certificate by ensuring that the certificate is not expired, that the certificate is issued from a trusted authority, and matches the domain name.
If the certificate meets all the requirements and is considered valid, the visitor’s browser generates a session key that is encrypted with the public key of the website’s SSL certificate.
The server confirms the encryption after decrypting the symmetric session key sent by the browser.
The communication between the browser and the web server then becomes fully encrypted.
What is Let’s Encrypt
Let’s Encrypt is a certificate authority that gives a free certificate for TLS encryption through an automated process.
TLS stands for Transport Layer Security. It is a type of encryption that evolved from SSL and this type of encryption is widely used today.
Due to the high cost of acquiring an SSL certificate, Let’s Encrypt, a nonprofit organization decided to fix this challenge by establishing a free certificate authority.
But here lies the challenge, Installing the SSL certificate by Let’s Encrypt requires a good knowledge of coding and server systems.
However, most hosting companies that offer WordPress hosting as a service also provide free SSL certificates.
Scalahosting users also have the SSL certificate already enabled automatically
How To Activate Free SSL In WordPress
After enabling an SSL certificate for your WordPress, we will go ahead to activate it on the website.
This activation updates your URL from HTTP to HTTPS indicating that the website is now secure. The SSL certificate won’t work, even after it has been enabled, until the URL is updated.
To activate the free SSL in WordPress, log in to your WordPress administration dashboard
Next, go to the Settings option
Click on General
Change your WordPress URL and Site URL to HTTPS
Click Save
This process works well if your website is new. However if you have a website already indexed on Google, some of its pages might still load as HTTP and others as HTTPS. This might become worrisome as a website administrator.
Thankfully, there is an easy way out. A few WordPress plugins like ‘Really Simple SSL’ and ‘SSL Insecure Content Fixer’ help to detect website’s SSL status and run all pages on HTTPS
How To Update Your Website URL Using Plugins
Log in to your WordPress Administrator dashboard
Go to the plugin option
Click on Add New Plugin
Click on Upload Plugin
Upload the downloaded plugin file, Click on Install Now
After installing the plugin, click on Activate
The activated plugin, automatically detects HTTP pages and runs them on HTTPS.
Conclusion
Your Scalahosting account comes with a Let’s Encrypt certificate preinstalled for free. So you don’t have to worry about generating or installing a free SSL certificate in the beginning.
However, you might need extra encryption if you’re creating subdomains. You can get an SSL certificate for those specific needs, here.
If you ever need a hand with your SSL certificate installation, our support is always available to help you get it done on time.
