How to install an SSL Certificate (WordPress Tutorial)

What is SSL?

SSL (Secure Socket Layer) is a method for increasing security between a website and its end users.  SSL, also known as TLS (Transport Layer Security), is widely referred to as SSL or TLS / SSL and has become the standard for website security. Without SSL, your user’s information can be easily compromised during data transport.

SSL works by encrypting information passed between a site’s server to the browser rather than having it remain viewable in plain-text, meaning text would be arranged in a seemingly random string of illegible letters and numbers rather than in human-readable words.

When Should You Use SSL?

  • If your site requires users to log in or provide personal information (such as their name, address, credit card details, etc), you need SSL protection. 
  • When adding enhanced security translates to added comfort to your website visitors.

Last year Google announced giving search ranking boosts to sites using SSL. Over time the search engine plans to increase this boost, but in the meantime you’ll only see about a 1% increase, giving everyone a chance to switch over. 

How do you Install an SSL Certificate?

Although the installation of an SSL Certificate is very simple and straightforward in today's world, ensuring that your site is 100% covered by the certificate is not so straight forward.  After you have an active SSL Certificate, you can run a simple check to see if the site is 100% secure.  There are several websites that can help you verify the installation, and that will also let you know which parts are not coded correctly.

One such site is: https://www.whynopadlock.com

After clicking the above link, insert your website's URL into the search field.  As you are probably most familiar with your old url (that uses http://)you must make sure that you also include https:// in the search field.  The end result would look similar to https://yourdomain.com, where yourdomain.com is replaced with your actual domain.

How do you Activate an SSL Certificate on WordPress?

We realize that these steps are probably very straight forward to some, and also seem very complicated to others.  For those who are new to the process, we also offer SSL installation service.  This will make your experience 100% hands off. 

** Please make sure that you have a recent backup of your WordPress installation before performing the following steps!!! **

Installation Steps:

  1. Ensure that your SSL certificate has been installed and applied to your domain, in your cPanel dashboard. (http://yourdomain.com/cpanel -> Security Section -> SSL/TLS)
  2. Login to your WordPress dashboard (http://yourdomain.com/wp-admin)
  3. Plugins menu -> Add New
  4. Perform a Plugin Search for "Really Simple SSL" -> Install -> Activate (After activation, the page will refresh)
    1. You'll find several SSL plugins.  We recommend Really Simple SSL, because of its ease of installation and use.
  5. On the top of the page, you should now see a "Go ahead,  activate SSL!" button.  Click on that button.
  6. Success!  You have now activated SSL on your WordPress website.

Still Seeing Mixed Content Warnings?

You'll find that there are times when hard coded URLs are not always updated from http to https.  When that happens, we'll need to take a few more steps to make sure that we've updated all of the URLs in your database.  There might only be a few or there might be several hundred.  Since we really don't know, using a Search & Replace plugin is the easiest method to replace those remaining URLs.

*Even if you are not seeing mixed content warnings, it is still recommended to take these following steps.  You might find that your site is passing SSL checks, but you might find something change down the road.  We find it easiest to take all of these steps upon initial installation of your SSL certificate, to avoid having to revisit the installation process again.

  1. Login to your WordPress dashboard, if you aren't still logged in.
  2. Plugins -> Add New
  3. Search for "Better Search Replace" -> Install -> Activate
  4. In your Tools menu, you'll find the Better Search Replace plugin.  Click on the link.
    1. If you have any additional questions, not covered here, the Help tab will most likely answer any other questions
  5. In the "Search for" field, you'll want to enter your OLD url:  http://yourdomain.com
  6. In the "Replace with" field, you'll want to enter in your NEW, HTTPS url:  https://yourdomain.com
  7. You'll need to select ALL of your database tables in the next section. 
    1. Click on the FIRST item on the list
    2. Scroll down to the bottom of the list
    3. Hold the SHIFT button on your keyboard
    4. Click the LAST item on the list (while still holding the shift button)
    5. You should now be ready for your dry run! 
  8. Click on the "Run Search/Replace" button, on the bottom of the page (you can watch the searching progress if you scroll down the page)
  9. A notification will appear, informing you of how many instances of the OLD url were found in the database
  10. Uncheck the "Run as dry run?" checkbox
  11. Click on the "Run Search/Replace" button once more
  12. Your entire site is now secure and has been updated to HTTPS!

Am I done?

Sometimes, and especially on older websites, there are actually more URLs that you'll want to Search/Replace for.  An example would be if www. URLs were used.  To make sure that you've cleaned up 100% of your database, we're going to run Search/Replace 2 more times. Various plugins use different type of URL references.  The following steps will ensure that you're 100% covered, no matter what plugins are installed or how old your website is.
*In the URLs below, b & c use a different type of coding. The \/ is a left slash \, followed by a right slash /. 
**Please note, there is a chance that the following steps will result in ZERO changes.  You really won't know until you run the script.  

  1. Jump back up to #5, but this time you're going to search for the following URLs:
    1. http://www.yourdomain.com
      1. You're still going to be using https://yourdomain.com in the "Replace with" field for http://www.yourdomain.com
    2. http:\/\/www.yourdomain.com
      1. For b & c, you'll use http:\/\/www.yourdomain.com in the "Replace with" field, to match the current formatting of the database
    3. http:\/\/yourdomain.com
      1. For b & c, you'll use http:\/\/www.yourdomain.com in the "Replace with" field, to match the current formatting of the database
  2. And you've successfully searched for and replaced any and all http:// instances within your WordPress database

 

  • ssl certificate, https
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

What is a domain?

A domain is a human-readable name assigned to an IP address to make accessing websites much...

What is a subdomain?

A subdomain is a subsection of a main domain, in this format: subdomain.maindomain.com...

How do I create a subdomain?

Login to cPanel. Locate and click on the "Subdomains" icon under the "Domains" category....

How do I create a redirect?

Login to cPanel. Locate and click on the "Redirects" icon under the "Domains" category....

What is a redirect?

A domain redirect is an instance where a visitor is redirected to a different page when they try...