WPBeginner - WordPress Tutorials for Beginners

Trusted WordPress tutorials, when you need them most.
Beginner’s Guide to WordPress
WPB Cup
25 Million+
Websites using our plugins
16+
Years of WordPress experience
3000+
WordPress tutorials
by experts

How to Get a Free SSL Certificate for Your WordPress Website (Beginner’s Guide)

By Nouman Yaqoob | | Reader Disclosure

Shares 1.4k ChatGPT Perplexity X LinkedIn WhatsApp

The first time I saw the ‘Your connection is not secure’ message on my site, it seemed like a major problem.

I immediately worried that visitors would see the warning and leave, or that it would destroy my search engine rankings. But it turns out this problem is really common, and all I had to do was get a free SSL certificate to solve it.

In this guide, I’ll share the exact process I used to get a free SSL certificate and remove this warning from my site. You don’t need any technical knowledge – you just need to follow a few simple steps.

Getting a free SSL certificate for your WordPress site

Simply use the quick links below to jump straight to the section you want to learn about first:

Ready? Let’s get started.

What Is SSL?

SSL (Secure Sockets Layer) is a security protocol that encrypts the connection between a user’s web browser and your website. This ensures sensitive data stays private, like login details or credit card information.

You can easily spot when a website’s protected by SSL, because its URL will start with HTTPS instead of HTTP. You’ll also see a padlock icon in the address bar.

Example of a secure website showing padlock icon

To enable this SSL protection, you need an SSL certificate from a trusted authority. This certificate verifies your site’s identity and keeps all your data transfers encrypted.

Do I Need an SSL Certificate?

Every WordPress website needs an SSL certificate, especially if you collect any user information.

If your site has user logins or a contact form, then SSL is essential. In addition, many payment services won’t even let you accept payments without a valid SSL certificate.

But SSL isn’t just about security. It also builds trust with your visitors. When users see that your site is secure, they’ll feel more confident about entering their personal information.

Plus, sites with HTTPS tend to perform better in search results.

Without an SSL certificate, Google Chrome will show a ‘Not Secure’ warning next to your site’s URL, which can make visitors leave your website.

Not Secure label

How to Get a Free SSL Certificate

The easiest way to get a free SSL certificate is to choose a WordPress host that includes one with its plans. Many top hosts now offer this feature, saving you the hassle of installing the SSL certificate manually.

Here are the best WordPress hosting companies that provide free SSL certificates:

If you’re already using one of these companies, then you can easily turn on your free SSL certificate from your hosting dashboard.

Simply log in to your hosting account’s cPanel dashboard and scroll down to the ‘Security’ section. Then, select ‘Let’s Encrypt’.

Enable free SSL certificate from cPanel

Bluehost users will find the free SSL option a little differently.

In your Bluehost dashboard, you’ll need to visit the ‘Websites’ section and click on the ‘Settings’ button below your site.

Bluehost site settings

From here, select the ‘Security’ tab.

If the SSL Certificates card shows as ‘Not secure,’ click the three-dotted icon and then select ‘View SSL logs.’

How to protect your Bluehost website with an SSL certificate

Bluehost will now redirect you to cPanel’s SSL/TLS Status section.

Here, select the domain name you want to protect and click the ‘Run AutoSSL’ button.

How to install a free SSL certificate

Depending on your hosting company, your web hosting control panel may look different than the screenshots above. If you’re having trouble finding the free SSL option, then you can ask your hosting provider to enable it for you.

If your web hosting company doesn’t offer free SSL, then you can easily follow our guide to switch your hosting and move your sites to one of the companies above.

⚠️ Looking for a Free SSL Without Your Host? A non-profit project called Let’s Encrypt provides free SSL certificates.

While this is a great option for experienced users, it can be tricky for beginners as it requires technical knowledge. That’s why I always recommend using a host that provides a free SSL, as you can avoid a complicated manual installation.

How to Set Up Your Free SSL Certificate in WordPress

Once you’ve enabled your free SSL certificate, the next step is to update your WordPress settings to use HTTPS. This involves changing your site’s main URLs from http:// to https:// and making sure all other links follow suit.

The easiest way to do this is by installing and activating the Really Simple SSL plugin on your website. For more details, see our step-by-step guide on how to install a WordPress plugin.

Pro Tip: For most users, I recommend the Really Simple SSL plugin since it’s the easier method. However, it does catch insecure URLs when the page loads, which increases your page load time a little bit.

If you’re an advanced user who’s concerned about WordPress speed, then you may prefer to switch WordPress from HTTP to HTTPS using a manual method to avoid hurting your site’s speed.

Upon activation, Really Simple SSL will check to see if your SSL certificate is enabled.

After that, it will turn on the HTTP to HTTPS redirect and change your website settings to start using SSL/HTTPS.

SSL enabled in WordPress

To make your website completely secure, you need to ensure your website URLs are loading using the HTTPS protocol. Really Simple SSL plugin does that automatically by fixing the URLs when the page loads.

Even if a single URL still loads using the insecure HTTP protocol, then browsers will treat your entire website as not fully secure.

Connection not fully secure

To fix these URLs, you’ll need to use your browser’s inspect tool to find them and then replace them with the correct HTTPS URLs.

For information on how to do this, see our tutorial on how to fix mixed content errors in WordPress.

Video Tutorial

Subscribe to WPBeginner

Free SSL Certificates: FAQs

After helping countless users secure their websites, I’ve noticed a few questions about SSL certificates come up again and again.

To help, I’ve put together a list of the most common FAQs and provided simple, straightforward answers to help you understand everything you need to know about SSL certificates.

What exactly is an SSL certificate? 

An SSL certificate is a digital file that creates a secure connection between your website and your visitors. It keeps sensitive information, like passwords and credit card numbers, safe from hackers. Without an SSL certificate, that data is sent as plain text, making it easy to steal.

An SSL certificate works by scrambling the information, so only your website and the visitor’s browser can read it.

How do I tell if a site has an SSL certificate? 

The easiest way to check if a site has an SSL certificate is to look at its URL. If the site is secure, you’ll see HTTPS at the beginning of the address instead of HTTP, along with a padlock icon in your browser’s address bar. These are clear signs that the connection is encrypted and protected.

Do I need an SSL certificate for my WordPress website?

The short answer is a ‘yes, definitely.’ An SSL certificate is absolutely essential for any website, especially if you collect any kind of user information.

If you have an online store or site where visitors can log in, submit a contact form, or make a purchase, then an SSL certificate is non-negotiable. In fact, many payment processors won’t even let you accept payments without an SSL certificate.

Without this protection, sensitive data such as login details, personal information, and credit card numbers is transmitted in plain text, making it incredibly vulnerable to hackers.

How does an SSL certificate work?

An SSL certificate works by encrypting the data transferred between a user’s web browser and your website, keeping all information private and secure.

When a visitor lands on your site, their browser first checks to see if you have a valid SSL certificate.

If you do, then the browser uses your site’s public key to encrypt the data. This scrambled data is then sent to your website’s server, where it’s decrypted using a combination of the public key and a secret private key.

How much do SSL certificates cost?

The cost of an SSL certificate can vary, but it typically ranges from $50 to $200 per year, depending on the provider and any added features.

Before buying an SSL certificate, check to see if you can get one for free. Most hosting providers now offer a free SSL certificate with their plans.

If your host doesn’t provide a free option, I recommend using Namecheap.

They’re one of the most popular domain name registration services and offer simple SSL plans starting from just $11 per year. These certificates come with a $10,000 security warranty and a TrustLogo site seal. Plus, most SSL certificates renew at a reasonable rate.

After you’ve purchased an SSL certificate, you can ask your hosting provider to install it for you.

Additional Resources to Secure Your WordPress Website

WordPress is quite secure right out of the box. However, as your site grows, you’ll want to take extra steps to make sure it stays secure.

This will keep your data safe, help you avoid costly accidents, and build trust with your users.

Below are some additional security steps I use on all my own WordPress websites to make them rock-solid:

I hope this article helped you learn how to get a free SSL certificate for your WordPress site. You may also want to see our step-by-step guide on how to create a free business email address for your WordPress site and our expert picks of the best business phone services.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

Popular on WPBeginner Right Now!

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us. Here's our editorial process.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit - a collection of WordPress related products and resources that every professional should have!

Download Now

Reader Interactions

76 CommentsLeave a Reply

  1. So the free SSL certificates that web hosting providers like Bluehost and SiteGround are offering is by Let’s Encrypt. WOW, now that makes sense.
    Let’s Encrypt are the real heroes.

    Reply

  2. It’s great to see that more and more hosting companies are offering free SSL certificates with their plans. This makes it even easier for website owners to make sure their sites are secure. I got a free one from my hosting plan on Hostinger too. But then, I’m curious to know if there are any differences in the level of security offered by free SSL certificates compared to paid certificates.

    Reply

    • There are some differences for very specific advanced needs but for a most sites you can use a free SSL without worrying :)

      Reply

      Admin

      • Thanks for the response. Not that I know what it means but I believe my small website doesn’t belong in the “very specific advanced needs” category. I’ll do just fine with this free version.

        Reply

  3. A few years ago, only a few websites in the Czech Republic had an SSL certificate and it was very expensive. Thanks to the fact that Lets Encrypt started offering free certificates, practically every shared web hosting in the Czech Republic already includes SSL in the price and is free. It’s a great project. At the same time, Google also contributed to this when it started promoting websites with https and thus began to put enormous pressure on all providers to deploy SSL.

    I have a website on my own VPS and today even installing the LE certificate on the server is very simple, e.g. using certbot. After installation, certbot verifies the certificate itself and automatically renews it after 3 months. It’s really easy even for beginners like me.

    Reply

  4. It may take a short time from enabling SSL certification to the complete switch to the HTTPS protocol. However, if you have gone through the process correctly, the issue will be automatically resolved after a few minutes.

    Reply

  5. Great post! Glad to know my Bluehost account has a free SSL certificate option! Whew, saved me some money. Thanks so much.

    Reply

  7. nice tutorial
    and i have a problem that is :: Oops! That page can’t be found.
    It looks like nothing was found at this location. Maybe try searching?::
    when i search my website .what is its reason

    Reply

    • You would sadly need to check with those in charge of your intranet for what is available.

      Reply

      Admin

  9. Hi
    Clearly explained thanks. Can you buy SSL certificate from a different provider than the one who’s hosting the website?

    Reply

    • If you do not see the option to add it, you would want to reach out to your hosting provider for assistance.

      Reply

      Admin

  12. hi
    if I have SSL enabled from hosting company and also really simple SSL plugin, this is bad in some way for my site? I had to put really simple SSL too because SSL from hosting company still says its not completely secure

    Reply

  15. Thank you for helping peoples all around the world through this website and this article is really informative specially for beginner entrepreneurs. So keep sharing your knowledge with us .

    Reply

  16. That not secure notification has been bugging me since I launched my blog. Followed this step by step and I got it fixed. Thank you!

    Reply

  17. Hmm, I am on Bluehost, and it tells me “Free SSL Certificate – Unavailable”
    I will figure it out but seems like I must do it some other way, not like you`ve shown here.
    Anyway, thanks for the article. I had no idea that I could get SSL for free.

    Reply

    • You may want to reach out to BlueHost, it could also be an issue on their end if there is trouble with their SSL certificate procedure. Glad our article could help :)

      Reply

      Admin

  18. Which hosting platform do you think is better–Hostgator or Bluehost ? What do you find to be the pros and cons of each, especially with regard to features, pricing, and support. Thanks for your feedback!

    Reply

    • That would depend on your specific hosting, if you reach out to your hosting provider they should let you know what they accept

      Reply

      Admin

  21. Hey,
    Do you guys know why when I added my website to CloudFlare to get that SSL, my mp3 from the website are acting like live stream? doesn’t work anymore to “browser” on them anymore..

    Any help would be appreciate it.
    Thanks

    Reply

  22. the hosting service I’m using claims free SSL certificate but requires the purchase of a dedicated IP, whatever that is. Sounds like false advertising.

    Reply

  23. I have Hostgator and they want $39.99. I need help. I can not keep spending money. Can you show me in the customer portal what to do. Maybe I need to change hosting.

    Reply

    • You would want to reach out to their support about their free SSL to ensure they don’t think you are requesting something else.

      Reply

      Admin

    • Dear Jim, i was reading your comment, i also faced the same issue, i have recently switched my hosting to hostgator of my website and my free ssl was not installing, i contacted their tech support through hostgator account accound and asked to person to install it, the tech person installed it on the website, so you can also try the same. i hope it will work for you.

      Reply

  24. Wow! You are terrific! Just last week I went through the installation of a free SSL and manual conversion of some 4 HTTP’s to HTTPS’. GoDaddy does not allow Let’s Encrypt so all my work of free SSL install was a total waste and since I did not know anything about Wordpress and web hosting, Lets Encrypt SSL install took me four full 8-hour-days for nothing. Then I installed Cloudflare SSL which was easy. Really Simple SSL is fantastic but I am not sure if I need to keep it on my site after my all of my HHPT’s are converted into HTTPS’ and I see a padlock on address bar for every page of my website.

    Do I need to keep Really Simple SSL plugin on my site or can I remove it?

    Reply

  27. My domain is registered with Blue Host, but I’m using an independent company for hosting who started offering SSL a year ago for $100 as an add-on, which I declined. Do I need to migrate my blog over to Bluehost for hosting to get the free SSL? I’d rather not pay an extra $100 with my current host but am really annoyed and concerned about losing traffic with the “Site Not Secure” message visitors see. Please advise. Thanks.

    Reply

    • Hi Angela,

      To get the free SSL, you can either migrate back to Bluehost or use any of the other companies we mentioned in the list that offer free SSL. Most good WordPress hosting companies are now offering free SSL, and if your provider is not, then it’s time to switch :)

      Reply

      Admin

    • If your current host does not allow free SSL, you would likely want to look into transferring to a host such as BlueHost for the free SSL.

      Reply

      Admin

  28. I love the simple language words and detailing in your articles…
    Can I use your page link in my wordpress blogs. So that user can refer to your site for details for some difficult glossary words

    Reply

  29. Thank you so much for this tutorial. I’m just getting back to blogging after a year’s break and was very unhappy to see the not secure prefix to my web address. As my site is already hosted by Bluehost, I was able to get my certificate free. I installed the Really Simple SSL plugin in just a couple of minutes and now have the https prefix. And it was incredibly easy!!!

    Reply

  30. This was so incredibly helpful, thank you!! I spent so much time designing a beautiful website I definitely didn’t want that pesky not secure msg appearing before my URL. I thought fixing that issue would be a whole ordeal but you made it so seamless. Thank you again!

    Reply

  32. I have no input tags, just a bunch of static pages. Near as I can tell, it is thinking my own login to my site is what’s causing the not secure error message – I don’t know…

    I have a managed word press site through goDaddy and I already called them and they wanted to sell me a cert for $200. Not interested.

    I am not selling anything, I have no input tags, nothing…

    Any advice would be appreciated.

    Reply

  33. I have an old Wordpress site 3.4.2 and want to put an SSL on it, any ideas how to go about this please?

    Reply

  34. I am totally lost with this. I have only just noticed that it says that my site is not secure and have no idea what to do about it, so I am reading….and I do not have any ssl on my wordpress site or in the panel…..??? What shall I do?? Any help would be much appreciated.

    Reply

    • Hi Viola,

      Please contact your WordPress hosting provider and they may be able to setup Free SSL certificate on your website. After that you can install the Really Simple SSL plugin to make your site secure.

      Reply

      Admin

  35. My WordPress site is hosted by Bluehost. I have just tried to enable my “free” SSL certificate on Bluehost’s site, but when I follow the instructions as per your advice above I am prompted to “choose a certificate” – and it seems that the only options on offer have a monthly fee attached, ranging from $4.17 to $24.92 per month: see
    Plus there is also a notice that “A Dedicated IP is required to add a SSL certificate. If you do not have one, click “Add” on any of the SSL certificates, and a Dedicated IP will be added automatically for $5.99/mo.”
    I thought Bluehost were meant to be offering SSL certificates for free for sites hosting with them?

    Reply

    • Hi Sharon,

      Please login to your Bluehost hosting panel. Take your mouse to your WordPress site and click on manage site button. On the next page, click on the Security tab. From here, you can tun on free SSL certificate by just clicking on a button.

      Reply

      Admin

  37. Great info! Budding web designer with siteground account. Cool that’s there’s no extra cost for SSL. Does that mean that the certificates never expire?

    Reply

Leave A Reply

Copyright © 2009 - 2025 WPBeginner LLC. All Rights Reserved. WPBeginner® is a registered trademark.

Managed by Awesome Motive | WordPress hosting by SiteGround

The WordPress® trademark is the intellectual property of the WordPress Foundation. Uses of the WordPress®, names in this website are for identification purposes only and do not imply an endorsement by WordPress Foundation. WPBeginner is not endorsed or owned by, or affiliated with, the WordPress Foundation.

I need help with…

Popular searches:

Starting a Blog WordPress SEO WordPress Performance WordPress Errors WordPress Security Building an Online Store