How to Install SSL Certificate to WordPress Website?

As per the new Google and other search engine ranking factors, website security has become an increasingly prioritized ranking signal. This means that if your website does not begin with the “HTTPS:” prefix, it will be rated less favourably by search engines than websites that do feature a secure socket layer (SSL) encryption.

The goal of installing an SSL certificate is to protect the integrity and privacy of data transmission by establishing an encrypted link between a web server and a browser, thus, fending off possible interception by criminal elements. Beyond ensuring data integrity and privacy through encryption, HTTPS also provides site authentication, that is, it signals to the visitor that the site they are visiting is indeed the site they intended visiting.

If you own a WordPress website with an eCommerce element, or a WordPress site that stores confidential data, sensitive personal information, or features data uploads or downloads, knowing how to install an SSL certificate to your WordPress website will make all the difference in strengthening security and even consolidating search engine rankings.

Install an SSL Certificate to WordPress Website

While for certain types of websites an SSL certificate may be an optional addition (e.g. personal blogs), in other cases (e.g. eCommerce sites, banking sites, online payment processors, etc.) an SSL certificate is an industry requirement.

Before we get into the details of how to add an SSL certificate to your WordPress website, first, let’s consider the yearly costs of an SSL certificate.

Purchasing an SSL Certificate

As with everything, the cost of the SSL certificate too will be influenced by some factors like the hosting provider offering it, the number of sites that need to be secured, and the nature of sites that need to be secured (personal website or eCommerce website). For example, a basic SSL for a single domain costs $36.75/year at, while the costs for multi-domain SSL packages vary anywhere between $140/year and $320/year.

Some hosting providers may offer free SSL certificates with some of their hosting plans (e.g. InMotion Hosting offers a free SSL certificate with their Business hosting plans), so before you rush to buy an SSL certificate for your WordPress site, you may want to check if your host hasn’t already set you up with one.

If an SSL certificate is not provided for free by your web host or you require a different type of SSL certificate than what is offered by your host (for example, your host may be offering a domain validated SSL for free, but you may need an extended validation SSL), you can purchase one from a third-party provider and import it.

You can ask for help with the installation of the SSL certificate from your web host, as many hosts will install the SSL certificate to your server for you. Alternatively, you can use a WordPress plugin to help with the installation of an SSL certificate.

Adding the SSL Certificate

If you have a hosting package with multiple domains, you need to select the domain that will be getting the SSL certificate. One of the easiest ways to get an SSL certificate installed on your WordPress site is to use plugins.

There are various SSL plugins that will make the necessary changes for you without any input on your part. Simply purchase the SSL and activate the plugin.

Here are some WordPress SSL plugins that can greatly simplify the installation of an SSL certificate:

WP Force SSL

If you don’t want to touch any code while installing an SSL certificate to your WordPress website, the WP Force SSL will help redirect HTTP traffic to HTTPS. Thus, all traffic of your site will be automatically redirected through secure HTTPS.

Really Simple SSL

Once the Really Simple SSL plugin is installed and activated, it will automatically detect your SSL on your site and will make the necessary changes to the .htaccess file automatically, and will configure your website to run over HTTPS.

CTW SSL for Cloudflare

This plugin is designed to make CloudFlare Flexible SSL ready to use with your WordPress website and avoid redirect loops. Once installed and activated, the CTW SSL will automatically make the necessary changes for you.

Changing WordPress Settings

After buying the SSL certificate and installing and activating the SSL plugin of your choice, it’s time to prepare your new WordPress site for SSL. To do this, go to Settings -> General -> WordPress and site URL address fields and update your URLs to make sure it shows the prefix “HTTPS”.

If you’re adding an SSL to an existing site, you can manually modify the .htaccess file to redirect WordPress SSL from HTTP to HTTPS. To do so, you can add the following lines to the .htaccess file:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$$1 [R,L] </IfModule>

Adding an SSL certificate to your WordPress website is a worthwhile investment that will strengthen your site’s security and credibility both in the eyes of your clients and in that of search engines.

If you’re having troubles with installing an SSL certificate to your WordPress website, you can ask for help from your hosting provider. Most hosts will routinely offer SSL installation help or help with importing third-party SSL certificates as part of their customer service activity.


Since the security ramifications of HTTP are considerable, making way for eavesdroppers and hijackers to compromise the safety of data transmissions, switching your WordPress website to HTTPS is not only a significant improvement on security, but could also mean a boost in SEO rankings.

An SSL certificate ensures a secure protocol for exchanging information on the internet, and while you may not want to install one for your WordPress website just yet, Google’s “HTTPS everywhere” directive is in the works of making HTTPS important for any website not just banks and online stores.

Installing an SSL certificate to your site can be done in just a few steps, and it can do a great deal in strengthening the security of your site and visitors, helping you establish an authoritative online presence and avoid being penalized by search engines.


David Cross

David is the chief editor at WebHostingMedia right from the beginning. He has a great passion for building and managing websites and creating helpful content. He is also interested in programming - currently learning python.