Certyfikat SSL dla WordPressa – poradnik
Kamil Porembiński
Kamil Porembiński

SSL certificate for WordPress – a guide

We have already written many times that WordPress is the most popular CMS system in the world; we have already mentioned many times that it should be properly secured to minimize the risk of a cyber attack. One of the fundamental safeguards of WordPress is an SSL certificate. Check how to enable SSL in WordPress and why it is worth it at all.

Why use SSL?

Whether you intend to use a free or paid SSL certificate, WordPress will appreciate it. Each version of the certificate encrypts the https connection, not only making it harder for cybercriminals to attack your site and steal data from it, but also allowing you to speed up the loading time of your site.

Moreover, installing SSL certificate in WordPress will make your website more trustworthy for Internet users and your potential customers and contractors, which will directly translate into increased conversion.

Read it too: First steps after installing WordPress.

The SSL certificate in WordPress will also affect the website’s higher ranking in the search engine SERP. Google awards sites that have implemented a certificate encrypting the connection.

It is also worth adding another important aspect – if you don’t have an SSL certificate on your website, it is quite likely that most browsers will warn their users about an unsecured connection, which will dramatically reduce traffic to your website.

Check: How does a free SSL certificate differ from a paid SSL certificate?

Manual installation of SSL in CMS

Manual installation of SSL certificate in WordPress is a recommended, correct and slightly more difficult way to provide your website with encrypted connection. If you are afraid to edit on your own in the WP settings and in the .htaccess file, you always have to install the SSL certificate using the plugin.

Check: How does WordPress get hacked?

How to manually install SSL certificate on WordPress?

Step 1: Update the page address in WordPress settings

The first step is to manually update the page address in WordPress settings. To do this, go to the cockpit of your WP, select the Settings tab and then General. In the General Settings window, in the WordPress Address (URL) and Site Address (URL) fields change the http prefix to https and confirm the changes.

Step 2: Create 301 redirection in the .htaccess file

The next step is to create a 301 type redirection from http to https in a .htaccess file. To do this, go to the FTP client, which you will find in your hosting cPanel and then find the main folder where you have WordPress installed. In this folder, find the .htaccess file, back it up on your computer (in case you dig something up) and then open the file in the FTP client with a notepad.

To add a redirection in the .htaccess file, add the rule below at the very beginning:

RewriteEngine On
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

If you are using Let’s Encrypt certificate, add the following rule:

RewriteEngine On
RewriteCond %{REQUEST_URI} !.well-known/acme-challenge
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Step 3: Update the links in the database

The third and final step when installing an SSL certificate in WordPress, is to replace the links in the database. If you do not do this, the so-called Mixed Content problem will arise.

Updating links in the CMS database can be done using the Better Search Replace plug-in, which will quickly convert all links in WordPress from http to https.

After installing the plug-in, you will find its options in the Tools section of the WordPress cockpit. In the Search for field enter the address of your site with the prefix http://, and in the Replace with field enter the URL of the site with the prefix https://. Then uncheck Run as dry run? and click Run Search/Replace button.

Read it too: Useful plugins for WordPress

SSL installation via WordPress plugin

A very popular way to enable SSL in WordPress is to install a certificate using a plug-in. This method is simple and fast, but it is certainly not optimal or even more efficient.

However, if you want to know how to install SSL certificate on WordPress using the plug-in, the whole process comes down to choosing the plug-in, installing it and running its scripted algorithm. The most popular plugin to activate SSL certificate in WordPress is Really Simple SSL plugin.

Remember, however, that installing an SSL certificate in WordPress can significantly slow down your website and can unnecessarily load your server or hosting.

This may also interest you: