Website security and user experience are two major factors that contribute strongly to traffic generation aside from unique content or services.
Though most web hosting companies now offer free SSL as a compulsory service, there are still hosting plans without an SSL certificate. And because trying to build traffic on HTTP sites can get very frustrating, the best decision is to get a free SSL certificate for your website, if your website doesn’t already have HTTPS encryption.
All of you probably know that having an #SSL certificate is very important. But do you also know that you can get one for absolutely free? Learn how in this article!
Since its release of Chrome 68 in July 2018, Google has begun warning users about HTTP sites by showing the “Not secure” notice in advocacy for the general use of HTTPS encryption.
In the same vein, the search giant disclosed that it is prioritizing HTTPS-encrypted sites over HTTP sites by more than 80 percent. In other words, websites without HTTPS encryption have very insignificant chances of growing organic traffic.
That’s quite a difficult odd to beat, but there’s no cause for alarm if you’re going to read this article till the end.
In the article, you will learn several methods of how to get a free SSL certificate for your WordPress website. And for clarity purposes, I will first define what SSL is, how SSL certificate works, explain the different SSL certificate validation types and give you an estimate of the cost of getting an SSL certificate before diving into the steps on how to acquire a free SSL.
What is SSL (Secure Sockets Layer)
Secure Sockets Layer (SSL) is an internet security protocol or technology that encrypts data transferred between a user’s browser and a web server. This ensures that the information between both parties is not accessible by a third-party app during transfer.
An SSL connection, which starts with https, is a compulsory feature for the transfer of sensitive information such as credit card information, payment details, or login credentials.
Issued by a Certification Authority (CA), SSL certificate information from different CAs is already installed in browsers for identification and trust verification. Also, websites with an SSL certificate not issued by a recognized CA will not show the padlock sign and “https” in the user’s browser address bar.
How SSL works
An SSL connection works through data encryption and decryption by both a website server and the client (browser).
When a user visits a website with an SSL connection, the browser will first verify the SSL certificate validity by referring to the issuer’s information on the browser. This is done by generating a pre-master secret using the public key associated with the SSL certificate as provided by the webserver which the server decrypts using its private key.
After the connection is established, a master key is generated for encrypting and decrypting information sent through the connection. The browser will consistently refer to the generated master key to encrypt every information or request before they are sent out to the server.
Similarly, the server encrypts all data requested by the browser before they are sent and decrypts all information received from the browser using the generated master key.
SSL certificate validation types
The three main types of SSL certificate validation are:
- Domain Validated (DV) SSL certificates
- Organizational Validated (OV) SSL certificates
- Extended Validated (EV) SSL certificates
Others include the wildcard SSL certificates, multi-domain SSL certificates (MDC), and the unified communications certifications (UCC).
The cost of getting an SSL certificate
SSL certificate costs vary according to the validation type and the offering company. The domain validation SSL certificate, which provides basic validation of a domain, is the most affordable since it’s an entry-level solution.
SSL certificate price is also affected by the warranty amount offered in case of any damages caused by system failures from the issuer’s end.
DV SSL certificates cost from $6 per year to around $150 per year for a single website.
Cheap SSL certificates are often offered by re-sellers. Meaning it’s always more expensive to buy directly from CAs.
OV SSL certificates cost between $29 per year and around $350 per year for a single website, or more depending on the issuing company. On top of that, organizational validated (OV) SSL certificates require the SSL certificate issuing authority to verify your company’s identity. Hence, your official documents would be required to purchase this SSL certificate.
The extended validated (EV) SSL certificates are the most expensive and are regarded as the premium SSL certificates. They not only include the usual padlock in the browsers address bar but will include your company’s name to assure clients that the website is highly secure.
EV SSL certificates cost between $70 per year to around $1800 per year, and this type of SSL certificate is mostly used by large corporations. Plus, they include other services such as wildcard, etc..
Due to the requirements for getting SSL certificates that belong to the last two categories listed above, only the DV SSL certificates are available for free.
Now, let’s look at the several options available for getting a free SSL certificate for your WordPress website.
How to get a free SSL certificate
There are several means of acquiring an SSL certificate for your WordPress site. And all the available means can be implemented through two methods: through your website’s cPanel or the domain registrar’s dashboard. Hence, two basic requirements must be met before you can get a free SSL certificate.
Those two requirements are either access to your website cPanel or the domain registration dashboard.
Free SSL from a hosting company
If you haven’t already purchased a hosting plan, there are a handful of hosting companies offering a free SSL certificate that you may want to consider. And while the prices for different hosting plans vary among these companies, they all require no fee for SSL for most of the hosting plans they offer.
Here is a list of the best hosting providers offering free SSL:
How to set up a free SSL certificate received from a hosting company
The procedure for setting up a free SSL certificate from a hosting company differs from provider to provider. But it’s usually automatic and doesn’t require lots of technical knowledge.
For instance, implementing free SSL on Bluehost only requires you to click on the activation toggle in your hosting dashboard.
But in a few scenarios, you will be required to take the following steps to implement free SSL from most hosting companies.
- Go to the SSL/TSL menu under the security section on your cPanel dashboard.
- Check or select the domain name from the list
- Click on the run autoSSL button.
Also, don’t hesitate to contact the hosting company’s support team if you’re not able to activate your free SSL certificate.
30 – 90 days free SSL certificate from vendors
This could be an ideal option if you have plans of buying an SSL certificate from an issuing authority/reseller in the future or just want to see how the security technology works on your website.
The challenge with this option is that the companies will only offer a free SSL certificate for a certain period, usually between 30 to 90 days depending on the issuing SSL vendor.
Here is a list of some SSL vendors offering free SSL certificates:
- ZeroSSL (90 days)
- SSL.com (90 days)
- Comodo.com (30 days)
- GeoTrust (30 days)
- RapidSSLonline (30 days)
How to set up a free SSL certificate received from a vendor
The procedure for setting up a free SSL certificate received from a certificate issuer consists of two steps: generating the certificate on the vendor’s website and installing it on your website domain through the cPanel dashboard.
The first step is always unique and peculiar to the company’s preferred method but the second step, which will be explained here, is the same for all installations.
The first step requires verification that you are the domain owner. To make this happen, some will require you to upload a file in a specific folder on your WordPress website. This is done through the cPanel file manager.
Others will require that you supply a verification code that is sent to an email address related to the domain name, which you will enter during the registration process.
This first step may also require you to generate a certificate signing request (CSR), which done through the SSL/TSL menu.
Steps to install vendor-issued SSL certificates
- Click on the SSL/TSL menu under the security section on your cPanel dashboard
- Under the Install and Manage SSL option for your site, click on the manage SSL sites link.
- Scroll down to the domain dropdown menu and select your domain name.
- Copy the certificate code, private key code, and CA bundle code from the vendor’s website where they are generated or from your email inbox if they were sent to you.
- Paste the individual codes inside the appropriate boxes on your cPanel
- Click on the Install certificate option.
Unlimited free SSL certificate from Cloudflare
Getting a free SSL certificate for your WordPress website from Cloudflare could be the best option if you are not considering buying a hosting plan that includes SSL or if you are working with a small budget.
Unlike the previous method, there is no limited number of days to enjoy free SSL from Cloudflare. However, this method requires that you have access to your domain registration account.
How to set up a free SSL certificate from Cloudflare
Here is a step-by-step guide on how to install a free SSL certificate on your WordPress website using Cloudflare.
1. Create a Cloudflare account
Go to the official Cloudflare website and click on the signup link to register an account. Fill out the signup form and click on the submit button to move on to the next step.
2. Add your domain name
Successful account registration will take you to the Cloudflare dashboard with a prompt to add your domain name. Enter the domain name you’re installing a free SSL on and click on the add site button.
3. Choose the free Cloudflare plan
Next, you will be taken to a pricing page to select a Cloudflare plan for the domain name you added in the previous step. Select the free plan and click on the Next button.
4. Review records of your domain name system
In this step, Cloudflare will scan through your website for existing domain name system records. You literarily have nothing to do here but to scroll down the page and click on the continue button.
5. Change your DNS servers or nameservers
Now, you should be taken to a page showing Cloudflare nameservers that should replace your current nameservers. Open another browser tab and log in to your domain registration account.
The process will differ for different registrars, however, you need to find the nameserver or DNS section on the dashboard to make the change. This section should be under the domain settings or the manage menu.
After you find the section, you need to replace the existing nameservers with those supplied by Cloudflare.
Next, scroll down the page and click on the ‘Done’ button once you complete the step.
6. Turn on the free SSL certificate feature
Having completed the above-mentioned steps, you are now ready to activate a free SSL certificate on your website.
To do so, you will be taken to the security and speed configuration page on your Cloudflare dashboard. Click on the toggle in the always use HTTPS section to turn on the feature, scroll down the page, and finally click on the ‘Done’ button.
What is the best way of getting a free SSL certificate
Your best choice on how to get a free SSL certificate for your WordPress website should depend on your requirements and budget.
If you haven’t already purchased a hosting plan and you found that some the mentioned hosting providers offer budget-friendly services with free SSL, that could be your deal.
Or, if you have plans of buying an SSL certificate in the future but want the HTTPS encryption in the meantime, you could consider the latter two options.
However, there is no difference between a free SSL certificate from Cloudflare and a DV SSL issued by a CA, provided you are not interested in the warranty amount.
But it’s important to note that aside from offering HTTPS encryption for your WordPress website, Cloudflare also reduces the page load time, and improves the overall security of your website.