Install SSL on WordPress

Switch your WordPress site to HTTPS and fix mixed content warnings in a few easy steps.

Before You Begin

You will need these three files from your SSL certificate download:

certificate.crtYour SSL certificate
private.keyYour private key - keep this secure
ca_bundle.crtCA bundle (intermediate certificates)

Installation Steps

  1. Install SSL via your host

    Log in to your hosting control panel and locate the SSL or Security section. Paste your certificate.crt, private.key, and ca_bundle.crt contents and save.

  2. Update WordPress URLs

    In WordPress admin, go to Settings > General and change both WordPress Address and Site Address from http:// to https://.

  3. Install Really Simple SSL

    Install and activate the Really Simple SSL plugin. It handles HTTPS redirect and mixed content fixes automatically.

  4. Verify and clear caches

    Visit your site in a private browser window. Check for the padlock. Clear your WordPress cache and CDN cache if any images or resources still load over HTTP.

Common Issues

Mixed content warnings after switching to HTTPS
Hardcoded http:// URLs in posts, theme files, or widgets still load over HTTP. The Really Simple SSL plugin fixes most cases automatically. Use your browser's DevTools Network tab to find remaining HTTP resources and update them manually.
Admin locked out after URL change
If you changed the site URL and can no longer access the admin, connect via FTP and add these two lines to wp-config.php: define('WP_HOME','https://yourdomain.com'); and define('WP_SITEURL','https://yourdomain.com');
SSL activated but site still shows "Not Secure"
Your host may need a few minutes to propagate the newly installed certificate to all servers. Wait 5–10 minutes, then hard-refresh the page (Ctrl+Shift+R) or test in a private window.

Frequently Asked Questions

Yes, Let's Encrypt certificates expire in 90 days. Many hosts offer AutoSSL or a built-in Let's Encrypt integration that renews automatically. If you generated your certificate on SSLs For Free manually, set a reminder to renew and reinstall before expiry.

Switching from HTTP to HTTPS can cause mixed content warnings for hardcoded HTTP links in posts, themes, or widgets. The Really Simple SSL plugin resolves the majority of these cases automatically without any manual edits.

Google has used HTTPS as a ranking signal since 2014. Modern browsers also display a "Not Secure" warning on non-HTTPS login pages. SSL is essential for any WordPress site that collects user data, processes payments, or cares about SEO.

Certificate Installed? Set Up Expiry Monitoring.

Get an email reminder 14 days before your certificate expires - free, no account needed.