How to Install Free SSL Certificate on Bluehost and Migrating to HTTPS

After you start a WordPress blog with Bluehost, the next important step is to secure your blog or website against third party attacks and malware. You can protect your website and provide users with the privacy they deserve with the help of SSL certificate.

In this tutorial, we will discuss how to enable a free SSL certificate on Bluehost.

Bluehost is one of the recommended hosting providers by WordPress.org and free SSL certificates are a part of the hosting plan.

Before we begin let’s first understand

What is an SSL certificate?

SSL is termed as a secured socket layer. This is a certificate that adds an extra layer of protection on your website against any man-in-the-middle attacks. These certificates are also known as digital certificates.

When a user visits a website over a non-secure connection, the data is transferred in simple text form. This data can be easily stolen or compromised by hackers.

To secure the connection and transfer of data you need the SSL certificate. When the SSL has successfully installed on any website the protocol changes from HTTP (Hypertext Transfer Protocol) to HTTPS, the S stands for Secure.

This also activates a green padlock on the website showing the website is secured using SSL.

Adding SSL certificate not only protects your website but it also builds trust with the users. Having a padlock on your address is a security signal. According to research

While we are discussing the benefits of installing SSL certificates, it is important to know it acts as a ranking factor on the search engine. Google has made several announcements regarding securing the web by moving to https and it will be considered as a ranking signal.

With that said, it is important to know there are different types of SSL certificates. These certificates are classified based on 2 factors

Based on Trust Level there are 3 types of certificates

Domain Validation – Domain Validation certificate is the most common and basic SSL certificate. These certificates are available for cheap and mostly used on blogging websites.

– Domain Validation certificate is the most common and basic SSL certificate. These certificates are available for cheap and mostly used on blogging websites. Organizational Validation – These certificates are somewhat similar to domain validation certificate. The difference being you obtain this certificate you have to provide additional documentation to prove your companies identity.

– These certificates are somewhat similar to domain validation certificate. The difference being you obtain this certificate you have to provide additional documentation to prove your companies identity. Extended Validation– This certificate is the most robust and displays the name of the company on the address bar letting the visitors know about the authenticity.

Paypal is a very famous website that uses an Extended Validation certificate and you can see the name of the organization in the address bar.

Based on the domains and subdomains

Single Name Certificate – You can only use this certificate to secure a single hostname or subdomain.

– You can only use this certificate to secure a single hostname or subdomain. Wildcard Certificate – If you have multiple subdomains on your website. Then you require a Wildcard SSL certificate to secure them.

– If you have multiple subdomains on your website. Then you require a Wildcard SSL certificate to secure them. Multi-Domain/ SAN Certificate– Using this certificate you can secure multiple domain and subdomain names or in other words, you can secure the main domain and other SAN (Subject Alternative Domain Names) domain names using one certificate.

These certificates are either available for free or at a very low cost. If you are a blogger you can use the free certificates that are included in the hosting plans.

With that said, let’s install the free SSL certificate on Bluehost.

In this article, we will be covering 3 things

Installing a free SSL certificate on Bluehost. Migrating your website from HTTP to HTTPS Activating SSL on Cloudflare CDN

Before we start this guide, you need to make sure you disable your domain privacy. Once the process is over you can activate it again.

Also, don’t forget to take a backup of your website. I personally use and highly recommend using the UpdraftPlus plugin.

You may like to read- How to install a WordPress plugin

How to Enable a free SSL certificate on Bluehost for WordPress

Activating the SSL certificate

To begin the process, log in to your Bluehost dashboard and then go to My sites >> Manage site. To find the manage sites button hover over the hosted website and you will find it.

When you click Manage site it will take you to a new screen where you need to click on the Security Tab.

On clicking the security tab it will to a new screen where you will find the Free SSL certificate toggle button. Move the button to yes.

After completing these steps you may receive a message saying it may take a few hours to set up SSL. And in the meantime, you’ll receive an email from Bluehost with the billing receipt of the SSL certificate.

It took nearly 15-20 minutes for the site to show the SSL certificate.

How can you check if SSL is active on your site

This can be done easily with the help of the SSL checker tool. You can add the website link in the box and hit check SSL. The tool will then return you a report similar to the screenshot below.

When you enable the SSL, the website link is automatically changed to HTTPS. You can check this change from your hosting dashboard.

To check this you can click on the settings tab and see the address has automatically updated.

Once you have secured your website the next step is enforcing the HTTPS and making a smooth transition to HTTPS by fixing the mixed content issues.

Redirecting HTTP to HTTPS using .htaccess

After you install the SSL certificate, there are 2 versions of your website that exist.

http :// example . com https :// example . com

Due to the difference in the protocol, search engines consider both of them as separate websites. In order to redirect your traffic to the secured version, this step is necessary.

To implement this redirection you need to edit the .htaccess file. This is a very important file on your server and can be accessed through the Cpanel, Yoast plugin, or FTP client such as FileZilla.

The .htaccess file is generally hidden by default so if you are using Bluehost Cpanel. Go to Advanced >> file manager.

When you click on file manager a new page will open in a separate tab which is the Cpanel file manager. On the right, you will see the settings button. Click on it. A popup will appear which will have the option to show the hidden files.

Select the relevant option and save the settings.

You will find this file in the root directory which is public_html or Public_html

Now if you are using the FileZilla FTP client, you need to establish a connection to the server and then click on the server and select force show hidden files.

Once you have found the .htaccess file, you need to edit the file and add a few lines of code to it.

Rewrite Engine on Rewrite Cond %{HTTPS} off RewriteRule (.*) https ://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

You can paste this code at the start of the .htaccess or at the end. After adding the code you are done redirecting the HTTP version to the HTTPS version.

Redirecting using Really simple SSL plugin

Really Simple SSL plugin will also help to redirect all the URLs from HTTP to HTTPS. This plugin will automatically detect settings and will configure your website to run over HTTPS.

Download and install the plugin using this link. After the plugin is installed the first screen you see will be like the screenshot below.

Click the “Go ahead, activate SSL!” button. You will get a message that says “SSL activated, Don’t forget to change your settings in Google analytics and webmasters”

Now you have used a plugin and implemented code to redirect HTTP to HTTPS. This will ensure that neither the visitors nor the bots land on an insecure page.

Updating HTTP URLs to HTTPS

To update all the HTTP URLs to HTTPS we will be using the Better Search Replace plugin. It will make your life so much easier when updating links.

You can download and install the plugin using this link. After installing and activating the plugin, head over to Tools section in the WordPress dashboard. Hover your mouse over Tools and you will see a new menu item Better Search Replace

Click on Better Search Replace. The next screen you will see is the dashboard of the plugin. Enter the details as shown in the screenshot below.

Select the tables in the selection and click Run Search/ Replace button.

After the processing is complete you will get a message similar to this.

The process is almost over and its time to activate SSL on Cloudflare CDN.

Activating SSL on Cloudflare

Cloudflare is one of the best CDN providers in the market and they offer both free and paid plans. On GeekyPlug we are currently using the free plan.

To activate SSL on Cloudflare, login to your Cloudflare CDN dashboard and click on Crypto.

Now in the SSL section, you will have 4 options in the drop-down menu.

Off Flexible Full Full (Strict)

Select Full

After selecting Full, you need to scroll down a little and you will see Always Use HTTPS section and it has a toggle button. Move the toggle button towards On.

You are almost done here. Like we earlier fixed the mix content issue. You have to perform the same action here. You need to scroll down a bit more until you find the Automatic HTTPS Rewrites. This section also has a toggle button. Move the button to On.

And that’s it You have successfully activated SSL on your WordPress blog.

Final Words

Before you begin the process of installing SSL on your website make sure you take a backup of your website. Once you the SSL is enabled, scan and rescan your website for any broken links. Search engines consider HTTP and HTTPS as two different versions of the website. Make sure you submit the website in search console after it is secured. Also, update your Google Analytics profile. Next thing you need to do is change all the links on social media and anywhere else you have registered. Check robots.txt of your website to check if the secured version is not blocked.

And that is it

You may like to read next

I hope you find this guide helpful and share it with others on social media. If you have any queries feel free to contact us. To stay up to date with our content subscribe to our newsletter.