How to Install an SSL Certificate
Recently I was installing an SSL certificate on this website and I thought it would be useful to share with you how it went and how to do it properly. First of all I’d like to mention why it is important to have HTTPS instead of HTTP in front of your URL. It is known that Google is giving a slight ranking boost to HTTPS websites. Moreover, from July 2018, Google Chrome, the most widely used web browser, is marking all HTTP websites as “not secure”. So if you don’t want to see a “not secure” badge next to your URL, you should get an SSL certificate.
Also, all blogs on the wordpress.com platform are on HTTPS already (not self-hosted wordpress.org websites like this one). If you have an ecommerce store or if you accept payments through your website, you should definitely get an SSL certificate for better security for your customers.
And where do I recommend you to get your SSL certificate from? In the past I used to purchase the SSL certificates from NameCheap, where I register most of my domains, too. You can get the Comodo PositiveSSL from them for $9 per year. However, this way you will have to renew it every year and pay $9 yearly as well. You will also need to reinstall it on your hosting account (you will need to generate a Certificate Signing Request and then install the certificate in your cPanel) every year.
I find all these processes a little too difficult and useless, because there exists a much easier solution. The solution is to simply use SiteGround for your hosting and get your SSL certificate from them for free. Yes, they offer free SSL certificates (from Let’s Encrypt) for all your domains that you will host with them. If you wonder why I use particularly SiteGroud for my hosting, it is because of the speed of their servers (you can read more about this in my other article). And I’m using them, too, because I can save money spending on buying SSL certificates.
Moreover, with SiteGround you even don’t have to reinstall your certificate every year. You just enable in once for your domain in your cPanel with one click and that’s it. It will be renewing automatically. I already moved 3 of my websites to SiteGround (including this one) and their speed is much better now.
Now I will explain the steps that you need to take if you already have a website that is currently HTTP and you want to make it HTTPS. If you are using a different web host, I would recommend you to move your website to SiteGround. If you buy a new SiteGround hosting account (this doesn’t apply to the cheapest StartUp plan), their support will transfer your website to them for free (or you can of course do it yourself as well if you prefer).
So, the first step is to activate the SSL certificate in the SiteGround cPanel for your domain.
The next step is to change the URLs of your website to HTTPS in your WordPress general settings.
After that, I also recommend turning on the “HTTPS Enforece” option. This will make sure that all non-HTTPS traffic to your website will be automatically redirected to HTTPS. This way you neither need to install any SSL WordPress plugins (that could be slowing down your site) or use a .htaccess redirect. SiteGround will take care of this for you.
Now, the last thing that you need to do is to change all URLs of your website’s files (all your images, scripts, etc.) that are still HTTP to HTTPS. If some of your files are still HTTP, this can cause mixed content issues and your website will not show as “secure” with the green padlock symbol. However, there is a really easy solution to this problem. The solution is to use the free WordPress plugin called Better Search Replace. So just install and activate this plugin. Then in your WP admin panel go to: Tools > Better Search Replace. Before making any changes, make a backup of your database.
When you do this, you can check if all is OK using a free online tool like this one.
And voila, now you should be ready and should see a green padlock with the “Secure” sign next to your URL. If anything went wrong, please try reading this whole tutorial again and make sure you did all the steps mentioned in it correctly. If you did and it still does not work, you can try contacting the SiteGround support (their support rocks).
Also, if you are a more advanced WP user and you had manually inserted any redirects into your .htaccess file, make sure they are now redirecting to HTTPS URLs. So don’t forget to change them appropriately.
If you follow all the steps that I’ve mentioned above, you should not lose your natural traffic from Google that you have.
I hope you will find this tutorial useful.