Although you can purchase an SSL certificate from the Certifying Authority (CA) and add it to your WordPress website, you will have to spend some money to buy and renew the certificate yearly.
This guide looks at two methods to set up a free SSL certificate on WordPress.
Why You Should Get a Free SSL Certificate for WordPress
What is SSL exactly, and why do you need it? A Secure Socket Layer or SSL certificate helps secure the connection to your WordPress site. It prevents attackers and hackers from accessing or modifying the information transferred from your web server to the user’s web browser and vice-versa.
When visitors visit your site, they see a padlock icon next to the URL in the address bar, indicating an SSL-secured website.
You can use the Cloudflare free account to add SSL to your WordPress site and make it secure without spending a single buck. It’s easier and can be done in a few minutes after setting up a Cloudflare account. You may also install the certificate and set up SSL on your WordPress site using Let’s Encrypt.
Below, we have explained both methods to help you set up free SSL on a WordPress site.
How to Set Up a Free SSL Certificate on WordPress With Cloudflare
Setting up an SSL or other website security certificates and securing your unsecured HTTP site to HTTPS using Cloudflare is much easier, convenient, and more secure.
Also, you don’t need to renew the certificate as it’s done automatically. And in case you are still unsure whether to enable SSL or not, there are plenty of other reasons your site needs an SSL certificate.
To set up your WordPress site’s SSL certificate on Cloudhe steps are as follows:
1. Add Site To Cloudflare
Your site may become inaccessible for a while as you update the nameservers and point the site to Cloudflare. However, this is temporary, and your site will be online after a few seconds or minutes.
2. Enable SSL in Cloudflare
Once the A and CNAME records are added, go to the SSL/TLS section and choose Full or Flexible. Do not choose Full (Strict).
This will force the site to HTTPS mode. However, to ensure your WordPress site loads with HTTPS, you need to make a few changes to the WordPress site.
3. Enable SSL on the WordPress Site
To ensure your WordPress site is secured and loads with an HTTPS connection, log in to your WordPress site as an administrator and follow these steps:
At this stage, you have successfully enabled SSL encryption and enabled an HTTPS connection to your site. Next, visit your site URL with an HTTPS prefix—for instance, https://abc.com. Your WordPress site will load with an HTTPS connection.
How to Set Up a Free SSL Certificate on WordPress With Let’s Encrypt
If you don’t want to use Cloudflare for HTTPS and want to enable SSL on your original web server for complete encryption, you can follow the instructions below to set up Let’s Encrypt SSL.
If you use managed WordPress hosting, check with your web hosting service provider for Let’s Encrypt. Many provide built-in options to enable, disable, and manage Let’s Encrypt SSL.
However, if you use an unmanaged Linux server hosting for your WordPress site or the Let’s Encrypt option isn’t provided by the hosting provider, you can manually install and configure the Let’s Encrypt SSL certificate on the WordPress site with an Apache server by following these steps:
Which Should You Use: Cloudflare or Let’s Encrypt?
When you use Cloudflare for HTTPS, the connection from your web server to Cloudflare is not secure. However, users accessing your site will not see any HTTPS warning. This is because the data served or received by your web server isn’t secured completely, as there’s no end-to-end encryption.
On the other hand, Let’s Encrypt allows you to enable end-to-end encryption for your WordPress website. But, this is a highly advanced and complex process involving editing your web server files and services. If you are not experienced with web servers, avoid this method and use Cloudflare for WordPress SSL.
Installing an SSL certificate is one way to improve your WordPress site’s security. In addition, it might be worth installing some plugins to secure your website from hackers.
This content was originally published here.