hosting.com
Knowledge Base
Hosting Panel

Enabling HTTPS and SSL for WordPress sites

Learn how to help secure your WordPress site with an SSL certificate and HTTPS connections. Just follow our easy step-by-step guide.

Suggest Edits

This article describes how to enable HTTPS and SSL for WordPress sites. To do this, you must:

  • Obtain an SSL certificate.

  • Enable WordPress to use secure (HTTPS) connections.

  • Test the configuration.

📘

Note

SSL and HTTPS enhance a site's security by providing encryption and authentication. For a general introduction to what these technologies are, and why you might want to use them, please see this article.

Step 1: Obtain an SSL certificate

First, you must obtain and install an SSL certificate for your site.

There are two options:

  • cPanel SSL certificate: These certificates are free, and a popular entry-level choice.

    • For information about how to obtain a cPanel certificate for a cPanel-enabled account, please see this article.

    • For information about how to obtain a free certificate for an unmanaged server, please see this article.

  • Traditional CA-issued SSL certificate: These certificates are signed by a traditional, "big-name" certificate authority (CA) such as DigiCert, RapidSSL, or GeoTrust. Unlike cPanel SSL certificates, which only support domain validation (DV), these certificates support extended validation (EV). They also support wildcard and multi-domain certificates. However, you must pay for them.

Step 2: Enable HTTPS on WordPress

After you install an SSL certificate on your site, you are ready to enable HTTPS in WordPress. For information about how to do this, please see this article.

Step 3: Test the configuration

After you install an SSL certificate and enable HTTPS in WordPress, you are ready to test the new configuration. To do this, follow these steps:

  1. Use your web browser to visit the WordPress site's secure URL.

    📘

    Note

    For example, if your domain name is example.com, and WordPress is installed in the blog directory, then the secure URL is https://www.example.com/blog.

  2. Look at the browser address bar. You should see a padlock icon that indicates a secure connection.

    📘

    Note

    If you do not see the padlock icon, please continue to the Troubleshooting section below.

Troubleshooting

Sometimes a browser may not display the padlock icon that indicates a secure connection to the server. Some possible reasons include:

  • SSL misconfiguration: The SSL certificate may not be correctly installed, or there may be an issue with the certificate itself (for example, a mismatched domain name).

  • Mixed content: Although the connection to the page itself may be secure, the page may contain URLs to other resources that do not use secure connections. For more information about this problem and ways to resolve it, please see this article.

👍

Tip

To troubleshoot SSL and HTTPS connection issues, you can visit https://www.whynopadlock.com. Type your domain name in the Secure Address text box, and then click Test Page. The site checks your domain for several SSL- and HTTPS-related items, and then provides the results in an easy-to-read format.Alternatively, you can troubleshoot SSL connections from the command line by using the openssl program. For information about how to do this, please see this article.

Related Articles

Updated about 9 hours ago