GrabURL.com
WordPress
wordpress
ssl
https
security
website encryption

WordPress SSL/HTTPS Setup: Complete Guide

SSL (Secure Sockets Layer) encrypts data between visitors and your server. Google considers HTTPS a ranking factor, browsers warn users about non-secure sites, and many features require it. Setting up...

Bibin WilsonAuthor
January 31, 2026
4 min read
0 views
Introduction

SSL (Secure Sockets Layer) encrypts data between visitors and your server. Google considers HTTPS a ranking factor, browsers warn users about non-secure sites, and many features require it. Setting up SSL on WordPress is essential for every modern website.

Why SSL Matters
Benefits
  • Security: Encrypts sensitive data
  • Trust: Padlock builds confidence
  • SEO: Google ranking signal
  • Requirements: Many APIs require HTTPS
  • Browser warnings: Chrome marks HTTP as "Not Secure"
What SSL Does
  • Encrypts data in transit
  • Verifies website identity
  • Prevents man-in-middle attacks
  • Protects form submissions
Getting an SSL Certificate
Free Options

Let's Encrypt:

  • Free, automated certificates
  • 90-day validity (auto-renews)
  • Most hosts support
  • Industry standard

Cloudflare:

  • Free SSL included
  • Flexible, Full, Full Strict modes
  • Additional security features

When to Consider:

  • Extended validation (EV)
  • Warranty requirements
  • Organization validation
  • Multiple domains

Providers:

  • Comodo/Sectigo
  • DigiCert
  • GlobalSign
Installing via Hosting

Most Hosts (One-Click):

Cloudways:

  1. Application > SSL Certificate
  2. Select Let's Encrypt
  3. Enter domain
  4. Click Install

SiteGround:

  1. Site Tools > Security
  2. SSL Manager
  3. Install Let's Encrypt

cPanel:

  1. Security > Let's Encrypt
  2. Select domain
  3. Install
Configuring WordPress for HTTPS
Update WordPress URLs

Method 1: Dashboard

  1. Settings > General
  2. Change WordPress Address to https://
  3. Change Site Address to https://
  4. Save

Method 2: wp-config.php

define('WP_HOME', 'https://yourdomain.com');
define('WP_SITEURL', 'https://yourdomain.com');
Force HTTPS Redirect

Via .htaccess:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Via wp-config.php:

if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'http') {
    header("Location: https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
    exit();
}

Old http:// links cause mixed content warnings.

Using Plugin:

  1. Install "Better Search Replace"
  2. Search: http://yourdomain.com
  3. Replace: https://yourdomain.com
  4. Run on all tables

Or use Really Simple SSL plugin:

  • Handles redirects
  • Fixes mixed content
  • Simple setup
Fixing Mixed Content
What Is Mixed Content?

HTTPS page loading HTTP resources (images, scripts, styles).

Identifying Mixed Content

Browser DevTools:

  1. Open site
  2. F12 > Console
  3. Look for mixed content warnings

Online Tools:

  • Why No Padlock
  • SSL Labs
Fixing Methods

Database Search-Replace:

  • Better Search Replace plugin
  • WP-CLI search-replace

Hardcoded in Theme:

  • Edit theme files
  • Change http:// to https:// or //

External Resources:

  • Update embed codes
  • Use HTTPS versions
  • Self-host if necessary
SSL Plugin Options
Really Simple SSL

Features:

  • One-click HTTPS
  • Mixed content fixes
  • Redirect handling
  • Free version sufficient for most

Setup:

  1. Install plugin
  2. Click "Activate SSL"
  3. Done
SSL Insecure Content Fixer

For stubborn mixed content:

  • Multiple fix levels
  • Captures dynamic content
  • Good troubleshooting tool
Cloudflare SSL
SSL Modes

Flexible:

  • Cloudflare to visitor: HTTPS
  • Cloudflare to origin: HTTP
  • No origin SSL needed

Full:

  • HTTPS end-to-end
  • Self-signed OK
  • More secure

Full (Strict):

  • HTTPS end-to-end
  • Valid origin SSL required
  • Most secure

Recommendation: Full (Strict) with Let's Encrypt on origin.

Setting Up
  1. Cloudflare > SSL/TLS
  2. Select mode
  3. Enable Always Use HTTPS
  4. Enable HSTS (optional)
Advanced SSL Configuration
HSTS (HTTP Strict Transport Security)

Forces HTTPS for future visits:

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

Caution: Difficult to undo. Test thoroughly first.

Certificate Transparency

Modern certificates include CT. Most Let's Encrypt certificates comply automatically.

Multi-Domain SSL

For multiple domains:

  • Wildcard certificates (*.domain.com)
  • SAN certificates (multiple specific domains)
Troubleshooting
ERR_TOO_MANY_REDIRECTS

Cause: Redirect loop

Fix:

  • Check .htaccess
  • Check wp-config.php
  • Check Cloudflare settings
  • Disable redirect plugins temporarily
Mixed Content Warnings

Fix:

  • Run search-replace
  • Check theme hardcoding
  • Update plugin settings
  • Check external embeds
SSL Not Working

Check:

  • Certificate installed correctly
  • Domain matches certificate
  • Certificate not expired
  • Intermediate certificates included
Redirect Not Working

Check:

  • .htaccess rules
  • Plugin conflicts
  • Server configuration
  • Cloudflare settings
Verifying SSL Setup
Tools

SSL Labs Test:

  • ssllabs.com/ssltest
  • Comprehensive analysis
  • Aim for A or A+ rating

Browser Check:

  • Padlock icon visible
  • No warnings
  • Click padlock for certificate info
Frequently Asked Questions
Do I need paid SSL?

For most sites, free Let's Encrypt is perfect. Paid only for EV certificates or specific requirements.

Will SSL slow my site?

Negligible impact. Modern SSL is fast. Benefits far outweigh tiny overhead.

How often do certificates renew?

Let's Encrypt: 90 days (auto-renews). Paid: 1-2 years.

What about SSL and CDN?

Configure SSL on both origin and CDN. Use Full (Strict) mode.

Key Takeaways
  • SSL is required for modern websites
  • Free Let's Encrypt works for most sites
  • Update WordPress URLs after installing
  • Fix mixed content for full security
  • Force HTTPS redirect
  • Use Full (Strict) mode with Cloudflare
  • Test with SSL Labs
  • Really Simple SSL simplifies setup
Next Steps

Install SSL certificate via your host. Update WordPress URLs. Fix any mixed content. Enable HTTPS redirect. Test thoroughly with SSL Labs.

Meta Description: Complete guide to WordPress SSL/HTTPS setup. Learn certificate installation, WordPress configuration, mixed content fixes, and troubleshooting.

Keywords: wordpress ssl, https setup, ssl certificate, wordpress security, encrypt website

Frequently Asked Questions

Find answers to common questions about this topic

For most sites, free Let's Encrypt is perfect. Paid only for EV certificates or specific requirements.
Negligible impact. Modern SSL is fast. Benefits far outweigh tiny overhead.
Let's Encrypt: 90 days (auto-renews). Paid: 1-2 years.
Configure SSL on both origin and CDN. Use Full (Strict) mode.

Related Articles

Continue reading with these related posts

Success Stories & Case Studies
Domain Success Stories and Case Studies: Learning from Real Investor Journeys 2025
Success is not about the domains you own, but the value you create, the relationships you build, and the person you become along the way. Learn from those who came before. Apply their lessons. Cre
Nov 30, 2025
Education & Resources
Domain Education and Learning Resources: Complete Guide to Continuous Learning 2025
The best investment you can make is in yourself. Spend 10% of your time learning, and you'll outperform 90% of investors who don't. Start learning today. Your future self will thank you.
Nov 30, 2025
Professional Development & Networking
Domain Industry Networking: Complete Guide to Building Connections and Relationships 2025
Remember: Your network is your net worth. Invest in relationships as seriously as you invest in domains. The ROI is immeasurable.
Nov 29, 2025

Ready to Invest in Premium Domains?

Browse our curated marketplace of high-quality domains and find your perfect investment