How To Install an SSL on your WordPress Website


Using HTTPS rather than HTTP may give a much-needed boost to your rankings so how do you implement it on your site?

This brief tutorial will guide you through the process of purchasing and installing an SSL Certificate on a cPanel/WHM (WebHost Manager) server.

Google recently announced earlier this month that websites using HTTPS rather than HTTP (i.e. those with SSL certificates) will be given a small boost to rankings, so we’d advise all clients to implement HTTPS on their websites.

1. Ensure The Domain Is On A Dedicated IP Address

In order to install the SSL Certificate correctly, you’ll need to place the website on a Dedicated IP within WHM.

1.1) Enter The WHM Dashboard

Within the WHM dashboard, navigate to ‘IP Functions’, click ‘Change a Site’s IP Address’, then select the domain/account in question:

WHM Change site IP address

IMPORTANT: After changing the IP address of a website, it is normal to experience some disruption whilst the global DNS servers list your new IP. This will usually mean you see the ‘Default Website Page’ for a few hours.

Default Website Page - Apache Server

If the website you’re installing an SSL on experiences high traffic, or it is important for it to be up and running within office hours, you should schedule the change of IP with your hosting provider at a time when your website receives the least traffic (usually overnight).

2. Buy The SSL Certificate

Depending on your needs, there are a range of different SSL certificates available, from many different registrars. In this case, we’ll be using Namecheap.

For our clients, we use the Positive SSL (by Comodo). Choose an SSL certificate, then complete the checkout process.

Keep this tab open, as we’ll be coming back here shortly.

3. Generate A CSR (Certificate Signing Request) Within WHM

Now that you’ve purchased the SSL, you’ll need to generate a CSR within WHM.

To do this, login to your WebHost Manager dashboard (if you don’t already have it open), click on ‘SSL/TLS’, then click ‘Generate an SSL Certificate and Signing Request’.

Once done, you should receive an email from your server with the subject “CSR Generation for”.

Open this email and copy the block of random characters.

Certificate Generation Request email Namecheap

4. Activate And Install The SSL Certificate

Now go back to your Namecheap account (or other registrar), Click activate. Then paste in the CSR you copied from the email in the previous step.

Namecheap SSL Order Form CSR

Click ‘Next’, then finish the process.

4.1) Select ‘SSL/TLS’

From The Main WHM Dashboard, Click ‘SSL/TLS’ Then Select ‘Install an SSL Certificate on a Domain’

WHM Install an SSL on domain

4.2) Install ‘SSL Certificate on a Domain’

4.3) Fill Out The Required Details

This includes information such as the domain, certificate, Private Key, and CA bundle. You can copy and paste these from the .zip file attached to your activation email.

  • Certificate –
  • Private Key –
  • Certificate Authority Bundle (CA Bundle) (optional) –

5. Enable HTTPS Site-Wide And Add HTTP To HTTPS Redirects

As mentioned in Google’s announcement, a ranking ‘boost’ will be done on a page-by-page basis, so only pages with HTTPS enabled will benefit. This means you should enable HTTPS site-wide to ensure all of your website benefits.

The first step here is to change your site’s URL from within the WordPress admin area.

5.1) Log In To WordPress Admin Area

You’ll need to log into your WordPRess admin area, which is usually your domain URL with /wp-admin added.

5.2) In The Left Sidebar, Hover Over ‘Settings’, Then Click ‘General’

WordPress Admin Area Settings

5.3) Change http:// In Both URLs To https:// Then Save Changes

WordPress Settings - Site URL HTTPS

5.4) Redirect Any Standard HTTP Requests

You’ll need to redirect any standard HTTP requests to HTTPS. You can do this by adding this small chunk of code to your .htaccess file:

RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

6. Update Google Webmaster Tools

Since the HTTPS version of a site is essentially a new site, you’ll need to add it to your Google Webmaster Tools as a new website. Simply follow these steps:

6.1) Add The New Website (Starting With https://) To Webmaster Tools

6.2) Check Your Sitemap And Resubmit To Google

Google Webmaster Tools - Resubmit sitemap

6.3) Run ‘Fetch As Google’

In order to check everything runs as expects, run ‘Fetch as Google’ to ask Google to index the site:
Google Webmaster Tools - Fetch as Google

6.4) Delete The Old HTTP Account

Once the new HTTPS version of the website has started to collect and present data, you can delete the old HTTP account.

Congratulations! You’re all done!

If you have any questions, feel free to leave a comment below and we’ll do our best to help.