How to add SSL and HTTPS to WordPress (in 3 steps)

Make security a priority
Archive Product Disclaimer

This content is outdated and currently under review for accuracy. For the latest up-to-date product information please visit

If there’s one thing more important than your bottom line, it’s the security of your customers’ data. Playing fast and loose with bank details, addresses, and other sensitive information should never be done.

In addition, beginning in July of 2018, Google Chrome 68 will mark all HTTP sites as “Not Secure.” Even if you only have a simple blog or online brochure site, you need HTTPS to prevent that “Not Secure” message from being displayed to website visitors.

Fortunately, technology, such as Secure Sockets Layer (SSL) and Hyper Text Transfer Protocol Secure (HTTPS), exists to protect data entered into a browser as it flows from server to server. These technologies can be complex under the hood, but are simple for WordPress users to implement.

Don’t know how to add SSL and HTTPS to WordPress? Keep reading.

Introducing Secure Sockets Layer (SSL) and HTTPS

URL Display After Adding SSL HTTPS Lock
The green padlock is a key indicator of an encrypted site.

The data that’s passed from server to server when you interact with a website hasn’t always been encrypted and safe from interception. In fact, there’s still a long way to go in that regard. The history of SSL and HTTPS is a little involved, but ultimately both were born out of a need to protect online data.

These two technologies have their own distinct roles to play:

  1. SSL: This is the protocol that provides communications security over a network.
  2. HTTPS: This is essentially a protected version of HTTP, which provides authentication for a website and its associated server.

However, you can’t have one without the other . This means that as soon as they’re both implemented, data transferred between servers is protected as fully as possible.

How to add SSL to WordPress and implement HTTPS

While they’re complex protocols, using Secure Sockets Layer and Hyper Text Transfer Protocol Secure on your site has become much easier over the years. Almost anyone can learn how to add SSL and HTTPS to WordPress these days. Simply follow the three steps outlined below, and you will be up and running in no time.

Step 1: Choose a suitable SSL certificate

While the process of connecting a certificate to your site might be simple, choosing the right certificate is a little more involved. There are many options available depending on your needs, but the most commonly used are one of the following three types:

  • Domain Validation (DV): This certificate simply verifies you as the owner of the domain.
  • Organization Validation (OV): Along with verifying the domain, this certificate also proves that your organization is legitimate.
  • Extended Validation (EV): With this certificate, you offer the highest level of security assurance to your customers. All applicants must pass a strict vetting process.

On the whole, the more sensitive the data you process is, the greater security level you’ll require to protect it. However, keep in mind that higher security comes with an additional cost. The level you need is up to you, but we’d recommend that if you deal with customer banking data, anything other than an EV SSL certificate would be risky.

GoDaddy offers all of these WordPress SSL Certificate solutions, and if you’re a GoDaddy web hosting customer, they’re simple to set up – a single click is all it takes. If you’re not using GoDaddy, encrypted data is still achievable within minutes.

Pro tip: If you decide to choose one of GoDaddy’s Web Hosting annual plans that best suits your needs, you can also get a free domain.

Step 2: Generate a Certificate Signing Request (CSR)

To help validate your website, business, and server, you’ll need a Certificate Signing Request (CSR). In short, this identifies the server and domains you’ll use your certificate with.

The instructions are different depending on the server you’re using, but generally, you’ll need to:

  1. Connect to your server via Secure Shell (SSH).
  2. Run a console command.
  3. Enter your URL and business details.
  4. Copy and paste the text into your account’s SSL request area.

As we alluded to earlier, GoDaddy customers have fewer steps to take to encrypt their data because GoDaddy takes care of this part of the process. However, regardless of your hosting provider, you’ll still need to make some tweaks within your WordPress dashboard once your certificate is ready to go.

Step 3: Configure WordPress to use SSL and HTTPS

The final step is to configure WordPress to use SSL and HTTPS. First, head to your WordPress dashboard and navigate to Settings > General. Scroll down to the WordPress Address (URL) and Site Address (URL) fields, and swap out http:// for https://:

Adding SSL HTTPS Settings Inside the WordPress Admin Panel

Once you’ve saved your changes, you should be all set. However, if you’re implementing SSL on your existing site, you’ll also need to make a change to your .htaccess file. But before you go tinkering with your WordPress core files, you should brush up on your File Transfer Protocol (FTP) skills and back up your website in case something goes wrong.

Then, log in to your site via FTP, find the .htaccess file in your main directory, and add the following code:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$$1 [R,L]

Make sure you replace with your site’s URL, and save your changes. At this point, your site should be encrypted, but navigate to your front end and check out the browser bar to make sure.

Finally, it’s possible your site might only be deemed “partially secure” by the browser. This is a common issue with WordPress sites using third-party certificates. The good news is that you can use a plugin, such as Really Simple SSL, to solve it quickly.

If SEO is a concern, you can run through a handy SSL checklist provided by Search Engine Land that details addition checks you can do to make sure your WordPress website has implemented SSL with SEO in mind. This checklist will provide some additional safeguards to help make sure your website or blog updates all internal links and sitemaps in accordance with search engine optimization.

When it comes to your website, your users’ security should be a top priority. What’s more, influential companies, such as Google and WordPress itself, are pushing for all sites to protect the data they process. This means you need to learn how to add SSL and HTTPS to WordPress and make the change right away.

Image by: Michał GrosickionUnsplash