How to install an SSL certificate in Wordpress

Published by Ana Rednic on 2018-Oct-25
This article will describe the steps required to implement the SSL certificate in Wordpress
Tutorials Applications install • wordpress • ssl • https • secure • http
Hostico Play


  • In this tutorial, we will present the steps necessary to install an SSL certificate in the WordPress application, through the settings available in the administration part (wp-admin). Once these steps are completed, any unsecured site access (with http: //domain.tld) will be redirected to the secured version (with https: //domain.tld), and all traffic between site and server visitors will be encrypted.
  • As an example, we will use the demo.hostico.ro subdomain.


  • You will need the Wordpress (wp-admin) login data.
  • An SSL certificate installed on the hosting account and on the domain on which the WordPress application is running.


  • First, we will log in to the WordPress administration panel by accessing domain.tld / wp-admin or the preferential address that you have set.

  • Once you log in, you will go to the Settings section of the navigation bar, then click General.

  • The next page will load the interface that includes the general settings of WordPress.
  • Here we are interested in two fields: WordPress address(URL) and Site Address (URL). If the SSL certificate is not implemented in the application, these two fields will contain the unsecured (HTTP) site address.
  • We will change the two links in the fields specified above, from http://demo.hostico.ro to https://demo.hostico.ro

  • After changing the fields, click the Save Changes button at the bottom of the page.
  • From now on, any unsecured site access will be redirected to the secured version. As well as resources (photos, CSS code, JS, HTML, etc.), from the source code of the site, will be loaded through the HTTPS protocol.

  • If redirecting to HTTPS is not done automatically, we can edit the. htaccess file of the domain's root folder and insert the following lines at the end of the file:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

  • The .htaccess file can be edited using File Manager from cPanel.
  • There may be cases where even after these steps, the browser shows warnings that the site is unsecured (a "yellow lock" in the navigation bar or other warning messages).

  • These warning messages are not related to the functionality of the SSL certificate.
  • Warnings are caused by resources in the source code of the site, which are still uploaded through the HTTP protocol. In order for the site to be secure and not to receive any warning, all links in the source code of the site must be uploaded through the HTTPS protocol.
  • Although the application automatically modifies the links in the site's source code to use the HTTPS protocol, some of these cannot be converted. This issue can be caused by a plug-in or a module, the theme used, the code lines added manually to the site files, and so on.
  • To check which of the links remained on the HTTP protocol, we can right-click the site, then select View Page Source. From here, we can search in the site's source code, with the CNTRL + F keys, links containing HTTP: //.
  • The links found will need to be modified manually to use the HTTPS protocol. These links can be found either in the site's PHP code or in the database.

If after reading and following the steps outlined in the article you are unable to successfully complete the described task or action, or if you have additional questions or concerns please do not hesitate to contact Hostico.

AwesomeChat by Hostico

Hostico utilizes, collects and processes cookies for portal functionality, security, analytics and user experience improvements.

more details