How to enable HTTPS and SSL for WordPress sites
This article describes how to enable HTTPS and SSL for WordPress sites. To do this, you must:
- Obtain an SSL certificate.
- Enable WordPress to use secure (HTTPS) connections.
- Test the configuration.
SSL and HTTPS enhance a site's security by providing encryption and authentication. For a general introduction to what these technologies are, and why you might want to use them, please see this article
Step 1: Obtain an SSL certificate
First, you must obtain and install an SSL certificate for your site. There are two options:
- Let's Encrypt SSL certificate: These certificates are free and a popular choice.
- For information about how to obtain a Let's Encrypt certificate for a cPanel-enabled account, please see this article.
- For information about how to obtain a Let's Encrypt certificate for an unmanaged server, please see this article.
- Traditional CA-issued SSL certificate: These certificates are signed by a traditional, “big-name” certificate authority (CA). Unlike Let's Encrypt certificates, which only support domain validation (DV), these certificates support extended validation (EV). They also support wildcard and multi-domain certificates. However, you must pay for them.
For more information about the differences between Let's Encrypt certificates and traditional SSL certificates, please see this article
Step 2: Enable HTTPS on WordPress
After you install an SSL certificate on your site, you are ready to enable HTTPS in WordPress. For information about how to do this, please see this article.
Step 3: Test the configuration
After you install an SSL certificate and enable HTTPS in WordPress, you are ready to test the new configuration. To do this, follow these steps:
- Use your web browser to visit the WordPress site's secure URL.
For example, if your domain name is example.com, and WordPress is installed in the blog directory, then the secure URL is https://www.example.com/blog.
- Look at the browser address bar. You should see a padlock icon that indicates a secure connection.
If you do not see the padlock icon, please continue to the Troubleshooting section below.
Sometimes a browser may not display the padlock icon that indicates a secure connection to the server. Some possible reasons include:
- SSL misconfiguration: The SSL certificate may not be correctly installed, or there may be an issue with the certificate itself (for example, a mismatched domain name).
- Mixed content: Although the connection to the page itself may be secure, the page may contain URLs to other resources that do not use secure connections. For more information about this problem and ways to resolve it, please see this article.
To troubleshoot SSL and HTTPS connection issues, you can visit https://www.whynopadlock.com. Type your domain name in the Secure Address text box, and then click . The site checks your domain for several SSL- and HTTPS-related items, and then provides the results in an easy-to-read format.
Alternatively, you can troubleshoot SSL connections from the command line by using the openssl program. For information about how to do this, please see this article.