Disclosure- Hello there! Before you get started just wanted to be transparent and let you know that Blogging Unplugged is a blog that makes most of its income from affiliate commissions meaning some of the links on this page are affiliate links and if you purchase a product using our link we will make a small commission. Also, the product purchased will not cost you anything extra and in some cases you might get a decent discount using our links. Thank You for listening and Have a good day.
How to install Free SSL certificate on SiteGround
When it comes to securing a WordPress website, the first advice that you will always get is to install an SSL certificate.
Most sites these days use SSL certificates to provide a safe browsing experience to their users and a clear indicator of its use is the padlock in the browser address bar that can be seen before the URL of the page.
I’m sure you have seen this several times and it looks just like the screenshot below.
This padlock shows the website is running over a secure connection (HTTPS) or in other words using an SSL certificate.
Back in the day, when using SSL certificate was not a web standard, it was really easy for hackers to steal sensitive information. But now things have changed.
Installing an SSL certificate is the new normal and on top of that it is a ranking factor. This means if your site is running on HTTPS then you will have an edge over your competitors on SERP’s.
Now, keeping this in mind, these days most web hosting companies offer free SSL certificates, and with just a click of a button, you can activate it on your website.
Having said that,
In this article, we will be discussing this process in detail and will be covering the following topics
- What is SSL
- Why do you need one
- Does SiteGround really offer a free SSL certificate
- How can you easily enable it
See- Difference between a blog and a website
So without further ado lets begin the tutorial
What is a SSL certificate
An SSL is also known as the secured socket layer and it is the standard technology that is used to secure and encrypt the transmission of data between a browser and a server. And running your website on this technology prevents hackers from stealing or modifying sensitive data.
It is important to know, if your website is not using a SSL certificate then the data that is being transferred is in a simple text form. Now, in case of an attack this type of data can be easily tampered with or stolen.
On the other hand, after installing SSL the data is first encrypted and then sent. In this scenario, if a possible attack happens then the information will be completely safe as it will be a nonsensical mix of characters that will mean nothing and very hard to decrypt.
Having said that,
SSL certificate being a wall of protection between a server and a browser and for any transmission of data to taken place, it uses a process known as SSL Handshake.
In this process both client and server authenticate each other through a series of steps and once the process is complete and validation has happened then a secure connection is established through which the communication takes place.
It is important to know, when you install a SSL certificate on your website, the HTTP in front of your domain will change to HTTPS and Not Secure in the browser’s address bar will turn into a padlock.
Why do you need a SSL certificate
Now that you know the basic definition of SSL and how it works, it is important to know its benefits.
Security
Till now we have several times discussed the security benefits of having a SSL certificate on your website. And once more I’m going to just stress on it a bit more.
As discussed before, SSL encrypts the data that is being transmitted which makes it difficult for hackers to snoop.
This means if you are collecting sensitive data such as personal information, credit card info or anything else then, when the user enters the required data, it gets encrypted first and then it is transferred creating a safe communication channel.
SEO
To make the web secure, in 2014 Google declared HTTPS as a ranking factor. This means if you are using an SSL certificate on your website then you will have an edge over your competition in search.
Following this announcement, most sites migrated from HTTP to HTTPS, and these days you will not find any website on the first page of search engines without having an SSL certificate installed.
Trust
When it comes to running a business, be it online or offline, building a trustworthy relation with your audience is of the utmost importance.
Think about a situation where you land on a blog and the address bar says Not Secure in red. Will you be subscribing or clicking on links on such a blog.
For me the answer here is a Big No and I think most of us are on the same page here.
Now, it is important to keep in mind that in today’s day and age, users are tech savvy and know when and which website to trust.
A padlock in the address bar is a symbol of trust and seeing that most visitors feel safe while browsing and engaging with a website.
And you can only get this padlock when you have installed SSL on your site or in other words your site is running on HTTPS.
As you can see there are tremendous benefits of using an SSL certificate and this takes us to the next question which is
Does SiteGround offer Free SSL certificate
A simple and straight forward answer is Yes, SiteGround offers free SSL certificate with all its plans regardless of it being a lower or higher end plan
Also, it is important to know that SiteGround provides SSL certifcates by Let’s Encrypt.
Having said that,
In case you have landed and are yet to start a blog then I will recommend investing in web hosting from SiteGround now.
SiteGround is one of the best web hosting companies in the market today and it currently hosts over 2 million domains. On top of that it is on the recommended list of hosting providers by WordPress.org.
In case you are wondering about the features and pricing, then below is SiteGround’s pricing for its WordPress hosting
Once you are done buying hosting, the next step is to install WordPress on SiteGround
How to enable free SSL certificate on SiteGround
Before we dive into the tutorial, it is important to know enabling Free SSL on SiteGround is a 3 step process
- Activate SSL in SiteGround Site Tools
- Fixing mixed content errors (if any)
- Changing SSL settings in Cloudflare (if applicable)
In this tutorial I will be covering all these steps.
Activate Free SSL in SiteGround Site Tools
To enable SSL in SiteGround site tools, the first step is to log in to SiteGround and it will take you to the dashboard where you need to click Websites in the navigation.
When you click Websites, it will show you all the websites that you have hosted on SiteGround, and in the next step, you need to click Site Tools under the domain on which you want to install free Let’s Encrypt SSL.
On clicking Site Tools, it will take you to the control panel of the website. Here you will have to click Security in the side and then navigate to SSL Manager.
Once you are in the SiteGround SSL Manager, the first setting you will see is the Install new SSL.
Here you will see, the first option lets you select a domain name. By default the main domain name is already selected.
In case this is not the domain name you want to install SSL on then you can select the site from the drop down.
The second option under Install New SSL is Select SSL and as the name suggests it lets you select the SSL certificate that you want to install.
As you can see, you get 3 options to choose from
- Let’s Encrypt– This is the general free SSL certificate offered by SiteGround that you can install on a single domain. This means if your site has subdomains then this certificate is not for you.
- Let’s Encrypt Wildcard– This SSL certificate is for you if your site has a subdomain or multiple subdomains. Also, just like the standard Let’s Encrypt SSL above this one is available for free.
- Premium Wildcard– This SSL certificate offers additional security and to use this certificate you will have to pay extra.
For more details on this see- SSL certificates by SiteGround
In this tutorial, we will be using the standard Free Let’s Encrypt SSL provided by SiteGround. In case your site has subdomains, then install the Free Let’s Encrypt Wildcard SSL instead of the regular one and the rest of the process is just the same.
Having said that,
Once you have selected the SSL certificate, click Get and on doing so you will see a message that your request is being processed.
This process can take a few minutes and after the process is complete you will see a success message just like the screenshot below
Now, as you can see there is a configure HTTPS button below the message, and on clicking it will take you to SiteGround’s Tutorial on the topic we are going to cover next.
Before we move forward, it is important to know after activating SSL, your site will be listed under Manage SSL and there you will be able to see the
- Name of the website
- Type of certificate installed
- Status
- Date of expiry
Once you are done till here, the next step is
How to enforce SSL in SiteGround
This setting might sound a little intimidating at first. However, it is pretty straight forward.
After configuring this setting your website will be forced to load over HTTPS connection as a server level redirect will be implemented ensuring every visitor will land on the secured version of the website.
This can be done in 3 ways
- Site Tools
- SG Optimizer plugin
- Manually
If you are thinking about which route you should choose then let me tell you I prefer doing it through Site Tools as I’m using WP Rocket and not SG Optimizer.
And the reason behind this is WP Rocket is a better cache plugin as compared to SG Optimizer and I have shared a detailed comparison in the above mentioned article.
However, in this tutorial we have shared all ways.
How to enforce HTTPS in SiteGround using Site Tools
To enable HTTPS enforce in SiteGround, the first step is to navigate to Security in the Site Tools sidebar then select HTTPS Enforce.
Doing this will take you to the HTTPS Enforce settings.
Alternatively, you can visit this setting by clicking the kebab menu (3 dots) under Actions in Manage SSL.
Once you are in the Enforce HTTPS settings, all you have to do is click the Toggle button to enable it. See the below screenshot for reference.
And that’s it, you have successfully activated HTTPS Enforce on your domain.
How to enable HTTPS Enforce using SG Optimizer plugin
As mentioned before, SG Optimizer is a cache plugin by SiteGround only for websites and blogs hosted on it.
See- Difference between a blog and a website
And to enable HTTPS Enforce using SG Optimizer, the first step is to download and install the plugin. For this you need to Log in to your WordPress dashboard and then head over to Plugins and select Add New.
Doing this will take you to the WordPress repository and there you need search for SG Optimizer. Once found install and activate it.
After you are done installing the plugin, the next step is to navigate to SG Optimizer settings and select Environment Optimization.
Here you will find the setting Enable HTTPS and all you have to do is enable this setting.
Once you activate this, you will notice another setting will appear and that is Fix Insecure Content.
As the name suggests, using this option you can get rid of any mixed errors on your site.
Now, if you are not familiar with mixed content errors then let me tell you when you enable SSL on your site there are chances that some resources on your website might load over HTTP or insecure connection. And this will lead to mixed content errors.
When you enable this setting, it will dynamically rewrite the insecure URL’s to go through HTTPS.
To activate Fix Insecure Errors you just need to click the toggle button and it will be enabled.
In most cases, using any of the above-mentioned methods will force URLs to load over HTTPS. However, if it doesn’t then you will have to either contact SiteGround support or add a code snippet to your website.
How to redirect HTTP to HTTPS on SiteGround manually
First things first before we dive into this method it is important that you take a backup of your site and for that, you can use UpdraftPlus plugin.
Once you are done taking backup, the next step is to head over to Settings in WordPress and then select General.
Here you will find 2 URL fields
- WordPress Address (URL)
- Site Address (URL)
In case you find HTTP in any of the URL’s then you will have to replace it with HTTPS and save the changes. At times this can cause an error where it will keep logging you out.
Now, in the next step you will have to redirect HTTP URLs to HTTPS by adding a code in the .htaccess file.
If you are wondering where is this .htaccess file located then let me tell you it is located in the root directory of the website.
And you can find it by logging in to your SiteGround dashboard then visit Site Tools. Once there you will see a Site option in the sidebar and under it, you will see the File Manager.
When you click File Manager, it will show you all the files and folders related to your website and also the public_html folder.
Now, this is the folder that contains the .htaccess file.
Alternatively, if you are using an SEO plugin then you can easily edit the .htaccess file by following the paths listed below.
Rank Math
If you are a Rank Math user then you can edit .htaccess by navigating to Rank Math General settings.
Yoast SEO
If you are using Yoast SEO then you will have to visit Tools in Yoast and select File editor. On doing so it will show you the .htaccess file and you can edit it
Once you have located the file, the last step is to add the code snippet mentioned below.
<IfModule mod_rewrite.c>
RewriteEngine On RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
And save the changes you have made. After implementing this all the URl’s of your site will load over HTTPS.
Another thing I would like to mention here is that in case your WordPress admin is still not loading over a secured connection then you will have to add the following code in the wp-config.php file.
define('FORCE_SSL_ADMIN', true);
Adding this code snippet will fix the issue.
Once you are done till here, the next step is to visit your website and check if the padlock is visible in the browser address bar.
If you have a new website or you have redirected the URLs manually then chances are rare that you will find any mixed content errors.
However, if you have an older website then you might encounter this error.
Fix mixed content errors
As mentioned above, these errors occur when your website loads over HTTPS but some of the resource still load on HTTP.
To fix this error you need to update all links from HTTP to HTTPS.
Now, doing this manually can be a time-consuming process and for this, we will be using SSL Insecure content fixer plugin.
In order to fix mixed content errors using this plugin, the first step is to download and install the plugin.
And in the next step you need to visit Settings in your WordPress dashboard and click SSL Insecure Content. Doing this will take you to the plugin’s dashboard.
Here you will see the plugin offers different levels of fixing and suggests trying the Simple level first.
Select the level depending on your requirements and scroll down to the bottom where you will find the HTTPS detection setting.
Here by default Standard WordPress function is selected and this will work for most sites.
Once you are done selecting, save the changes you have made and after doing this you will see a padlock in the address bar.
Also, you can fix mixed content errors using other plugins as well such as Really Simple SSL and Better Search and Replace.
After this the next step is to
Change SSL settings in Cloudflare
For you to activate SSL settings in Cloudflare, the first step is to create an account on Cloudflare and then install it.
As SiteGround offers free Cloudflare CDN integration with every hosting plan, this makes it very easy to enable it on your WordPress site.
For doing this you can follow our tutorial on How to enable Cloudflare on SiteGround
Once you are done activating, the next thing is to navigate to Cloudflare under Speed settings in Site Tools.
This will take you to the Cloudflare CDN settings in SiteGround and here you will have to navigate to SSL.
In case you have not integrated Cloudflare through SiteGround then you will have to log in to your Cloudflare account and then navigate to SSL/TLS and you will see the same settings. (Scroll down a bit for complete settings)
Having said that,
In SSL Support you will get 4 options
- Off- If you select this then SSL Support from Cloudflare’s end will be turned off and no encryption will be applied
- Flexible- Selecting this option will enable encryption between Cloudflare and the browser. However, the traffic between the server and Cloudflare won’t be encrypted.
- Full- When you select this option it will enable end to end encryption using a self signed certificate. This means the communication channels between the server and Cloudflare and Cloudflare and browser will be encrypted.
- Full (Strict)- This is very similar to the full option we have discussed above. But the only difference is, this option requires a certificate from a trusted certificate authority or Cloudflare’s origin certificate authority on the server.
Keeping this in mind, it is recommended that you either select Full or Full (Strict) in this option after activating the SSL in SiteGround.
Also, it is important to know, there are additional settings on that main Cloudflare’s website that you will have to configure.
And for that, you need to visit Cloudflare.com and log into your account. When you log in it will show you all the properties that you have integrated with Cloudflare.
In the next step you need to select the property that you have enabled SSL on SiteGround and then click SSL/ TLS tab in the main navigation
On selecting SSL / TLS, it will take you to overview where you will see the encryption mode you have selected.
In the next step you need to select Edge Certificates and the first option you will see is Managing Edge Certificates.
Here you will be able to see
- Name of the hosts
- Type of certificates
- Status
- Date of expiry
Now, it is important to keep in mind, Cloudflare offers free Universal SSL Certificates and it is used to encrypt traffic between the browser and Cloudflare.
In case you haven’t activated the free SSL certificate in SiteGround then selecting Full or Full (Strict) encryption modes will cause 521 or 5xx errors as origin server is missing encryption. (more on this later in this article)
Moving forward,
After this, you need to scroll down and the second setting that you will encounter is Always use HTTPS
Here all you have to do is enable this feature by clicking the toggle button.
In the next step you need to scroll down a bit and find minimum TLS version.
By default TLS 1.0 is selected and the setting will remain unchanged.
Below this you will find, the Opportunistic Encryption setting and you need to enable it.
Enabling this will allow the use of HTTP/2 which will improve your site’s performance.
The next setting on the list is TLS 1.3
And activating this option will ensure that the traffic to and from your website will be will be served over TLS 1.3 whenever supported. This will boost the security and performance.
The last setting that you have to configure in this section is Automatic HTTPS Rewrites.
When you enable this setting it will automatically fix mixed content errors by changing HTTP to HTTPS.
And that’s it you have successfully configured all the SSL related settings in Cloudflare.
In this tutorial previously I have mentioned that you can also get an SSL certificate from Cloudflare as well.
Now, it is important to keep in mind that it is recommended that you enable SSL in SiteGround first and then configure SSL settings in Cloudflare for end to end encryption.
However, you can also get an HTTPS to show on the browser just by using Cloudflare as well. And I have seen it in a few times now.
In this scenario, you are not required to activate the SSL in SiteGround and instead of Full or Full (Strict) encryption mode, you need to enable Flexible SSL.
What this does is, it will encrypt the connection between the browser and Cloudflare leading to visitors seeing a padlock on the address bar. However, the connection between the server and Cloudflare will not be secure.
As you can see the biggest drawback of this is the connection is partially secure. And hence we DO NOT recommend using this method.
On the other hand, Cloudflare also, lets you generate Origin certificates for free that you can upload on your hosting server and the connection will be end to end encrypted.
For this you can follow our tutorial on How to get Free SSL certificate from Cloudflare for End to End encryption.
Having said that,
This concludes everything you need to know on How to install SSL certificate on SiteGround
I hope you will find this article helpful and are able to easily enable free SSL on SiteGround. In case you have any queries then feel free to reach out via the comment section and social media.
Also, don’t forget to share this post with your friends on social media.
Before you leave, feel free to check the best deals and discounts on Blogging tools and our Blogging and WordPress Glossary. Also, to stay up to date with our content, join our Facebook group, sign up for our newsletter, and follow us on social media
Hey, thanks for this. I literally migrated to siteground not long ago and haven’t done this yet. Appreciate it!
Hi April
You can bookmark this article. We will be posting more tutorials for SiteGround in the coming days.
Thank You
Jasmeet