How to enable HTTPS and SSL for WordPress sites

This article describes how to enable HTTPS and SSL for WordPress sites. To do this, you must:

  • Obtain an SSL certificate.
  • Enable WordPress to use secure (HTTPS) connections.
  • Test the configuration.
SSL and HTTPS enhance a site's security by providing encryption and authentication. For a general introduction to what these technologies are, and why you might want to use them, please see this article.

Step 1: Obtain an SSL certificate

First, you must obtain and install an SSL certificate for your site.

There are two options:

  • cPanel SSL certificate: These certificates are free, and a popular entry-level choice.
    • For information about how to obtain a cPanel certificate for a cPanel-enabled account, please see this article.
    • For information about how to obtain a free certificate for an unmanaged server, please see this article.
  • Traditional CA-issued SSL certificate: These certificates are signed by a traditional, “big-name” certificate authority (CA) such as DigiCert, RapidSSL, or GeoTrust. Unlike cPanel SSL certificates, which only support domain validation (DV), these certificates support extended validation (EV). They also support wildcard and multi-domain certificates. However, you must pay for them.
For more information about the differences between cPanel certificates and traditional CA-issued SSL certificates, please see this article.

Step 2: Enable HTTPS on WordPress

After you install an SSL certificate on your site, you are ready to enable HTTPS in WordPress. For information about how to do this, please see this article.

Step 3: Test the configuration

After you install an SSL certificate and enable HTTPS in WordPress, you are ready to test the new configuration. To do this, follow these steps:

  1. Use your web browser to visit the WordPress site's secure URL.
    For example, if your domain name is example.com, and WordPress is installed in the blog directory, then the secure URL is https://www.example.com/blog.
  2. Look at the browser address bar. You should see a padlock icon that indicates a secure connection.
    If you do not see the padlock icon, please continue to the Troubleshooting section below.

Troubleshooting

Sometimes a browser may not display the padlock icon that indicates a secure connection to the server. Some possible reasons include:

  • SSL misconfiguration: The SSL certificate may not be correctly installed, or there may be an issue with the certificate itself (for example, a mismatched domain name).
  • Mixed content: Although the connection to the page itself may be secure, the page may contain URLs to other resources that do not use secure connections. For more information about this problem and ways to resolve it, please see this article.

To troubleshoot SSL and HTTPS connection issues, you can visit https://www.whynopadlock.com. Type your domain name in the Secure Address text box, and then click Test Page. The site checks your domain for several SSL- and HTTPS-related items, and then provides the results in an easy-to-read format.

Alternatively, you can troubleshoot SSL connections from the command line by using the openssl program. For information about how to do this, please see this article.

Get WordPress Web Hosting

Article Details

Other Articles in This Category

Show More

Did you find this article helpful? Then you'll love our support. Experience the A2 Hosting difference today and get a pre-secured, pre-optimized website. Check out our web hosting plans today.

We use cookies to personalize the website for you and to analyze the use of our website. You consent to this by clicking on "I consent" or by continuing your use of this website. Further information about cookies can be found in our Privacy Policy.