You can use free SSL certificate provided by cPanel and Comodo. You can enable it using simple steps explained in this tutorial. Of course, you need to have cPanel hosting with enabled AutoSSL function (newer versions of cPanel).
If your hosting provider did not enable AutoSSL, you can not use free SSL. So, contact your web hosting provider and check for this. Many of them still don’t have enabled, because of that you have to check first. If you want to migrate to new web hosting, I suggest Adriahost web hosting (my affiliate link is in here, if you don’t want to use it, just type Adriahost on Google).
If you have your own server (dedicated or VPS) with a cPanel license, you can enable AutoSSL by reading this article cPanel & WHM’s AutoSSL.
Why you need SSL certificate?
There are several reasons why you need to use it, but at a first place are security and Google. When it comes to security, SSL provides data encryption for you and you customers (passwords, credit card data, private info…). When it comes to Google, this Search Engine reward web sites with SSL certificate installed and you can start from reading HTTPS as a ranking signal.
How to enable SSL on cPanel hosted WordPress?
If you are using right web hosting provider, your certificate is already issued on the server side by AutoSSL module in WHM. All you need to do is to check if your site is work properly. Simply go to your site, and in browser address bar look for green padlock and https:// in your site address instead of http://. Look at this page, you can see that my site address have the green padlock and start with https. That’s mean that my site uses SSL certificate. You can click on the green padlock to see more information about this secured connection.
Ok, if your site doesn’t have any of that, but your hosting provider is confirmed that certificate is issued for your domain, you need to do some edits on your site.
Forse your WordPress to use https:// instead of http://
A simple way to do this is to go to your cPanel, find wp-config.php of your site and add this piece of code on top of your MySQL info:
This is the code you have to add:
define('WP_HOME','https://YOUR-SITE-COM');
define('WP_SITEURL','https://YOUR-SITE-COM');
define('FORCE_SSL_ADMIN', true);
define(‘FORCE_SSL_LOGIN’, true);
Don’t forget to replace YOUR-SITE-COM with your site address. This will force https for your site and WordPress Dashboard access. After you add the code, you can save the file.
Check your .htacces file if don’t work
cPanel has automatically added the rules for SSL, and you probably don’t have to do anything here. This is the default htaccess code without SSL rules:
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
And this is the htaccess code with cPanel rules for free SSL:
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule . /index.php [L]
# END WordPress
You have to see this code also:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^(.*)$ https://YOUR-DOMAIN-COM/$1 [R=301,L]
If you don’t see those rules for SSL in htaccess file, you may add it but I suggest to contact your hosting provider and request the instructions.
If you have additional problems, you can contact me also. There are some things that I can do for you such as create new WordPress site at the web hosting with SSL enabled by default, create WordPress with Divi from Elegant Themes, install WordPress for you, or give you a free Divi theme.