Secure your WordPress site with SSL certificate provided by Let’s Encrypt® and force SSL / HTTPS sitewide, check your SSL score, fix insecure content & mixed content issues easily. Enable HTTPS secure padlock on your site within minutes.
WP Encryption plugin registers your site, verifies your domain, generates SSL certificate for your site in simple mouse clicks without the need of any technical knowledge.
A typical SSL installation without WP Encryption would require you to generate CSR, prove domain ownership, provide your bussiness data and deal with many more technical tasks!.
1M+ SSL certificates generated — Switch to HTTPS easily
PHP 5.4 & tested upto PHP 8.0, Linux hosting, OpenSSL, CURL, allow_url_fopen should be enabled.
FREE SSL PLUGIN FEATURES
- Verify domain ownership and generate free SSL certificate
- Secure webmail and email with HTTPS
- Download generated SSL certificate, key and Intermediate certificate files
- Force HTTPS / Enable HTTPS 301 redirection sitewide in one click
- HTTPS redirection includes redirect loop fix for Cloudflare, StackPath, Load balancers and reverse proxies.
- SSL Health page – Track your SSL score and control various SSL & Security features like HSTS strict transport security Header, HttpOnly secure cookies, etc,.
- Enable important security headers including X-XSS-Protection, X-Content-Type-Options, Referrer-Policy
- Enable mixed content / insecure content fixer
- SSL monitoring & Automatic email notification prior to SSL certificate expiration
(Optional) Running WordPress on a specialized VPS/Dedicated server without cPanel? You can download the generated SSL certificate files easily via “Download SSL Certificates” page and install it on your server by modifying server config file via SSH access as explained in our DOCS.
PRO FEATURES WORTH UPGRADING
- Automatic domain verification
- Automatic SSL certificate installation
- Automatic SSL renewal (Auto renews SSL certificate 30 days prior to expiry date)
- Wildcard SSL support – Install Wildcard SSL certificate for your primary domain that covers ALL sub-domains. Automatic DNS based domain verification for Wildcard SSL installation (DNS should be managed by cPanel or Godaddy)
- Multisite + Mapped domains support – Supports SSL installation for domains mapped with MU domain mapping plugin
- Automatic Content Delivery Network(CDN) to boost your site performance (Annual Plan Only)
- Blocks SQL injection, XSS, Shellshock, Remote File Inclusion, Apache Structs Exploits, Local File Inclusion attacks.
- Blocks common web application vulnerabilities and common WordPress attacks.
- Blocks invalid user agents, unknown user agents, CSRF, Convicted bot traffic, Spam & abuse, Probing & forced browsing, Brute force attacks.
- Top notch one to one priority support – Live Chat, Email, Premium Support Forum
- SSL installation help for non-cPanel sites
Switch to HTTPS in seconds
Secure HTTPS browser padlock in minutes.
Free domain validated (DV) SSL certificates are provided by Let’s Encrypt (A non profit Global certificate Authority).
SSL encryption ensures protection against man-in-middle attacks by securely encrypting the data transfer between client and your server.
Why does My WordPress site need SSL?
SEO Benefit: Major search engines like Google ranks SSL enabled sites higher compared to non SSL sites. Thus bringing more organic traffic for your site.
Data Encryption: Data transmission between server and visitor are securely encrypted on a SSL site thus avoiding any data hijacks in-between the transmission(Ex: personal information, credit card information).
Trust: Google chrome shows non-SSL sites as ‘insecure’, bringing a feel of insecurity in website visitors.
Authentic: HTTPS green padlock represents symbol of trust, authenticity and security.
Many thanks to the generous efforts of our translators.
If you would like to translate plugin to your language, Feel free to sign up and start translating!
Show Your Support
- Rate Plugin – If you find this plugin useful, please leave a positive review. Your reviews are our biggest motivation for further development of plugin.
- Submit a Bug – If you find any issue, please submit a bug via support forum.
WP Encryption plugin uses LetsDebug API to pull error details upon domain verification failure to show better insights on why you are not able to generate SSL certificate for your domain.
Security is an important subject regarding SSL/TLS certificates, of course. It is obvious that your private key, stored on your web server, should never be accessible from the web. When the plugin created the keys directory for the first time, it will store a .htaccess file in this directory, denying all visitors. Always make sure yourself your keys aren’t accessible from the web! We are in no way responsible if your private keys go public. If this does happen, the easiest solution is to check folder permissions on your server and make sure public access is forbidden for root folders. Next, create a new certificate.
- Make a backup of your website and database
- Download the plugin
- Upload the plugin to the wp-content/plugins directory,
- Go to “plugins” in your WordPress admin, then click activate.
- You will now see WP Encryption option on your left navigation bar. Click on it and follow the step by step guide.
Does installing the plugin will instantly turn my site https?
Installing SSL certificate is a server side process and not as straight forward as installing a ready widget and using it instantly. You will have to follow some simple steps to install SSL for your WordPress site. Our plugin acts like a tool to generate and install SSL for your WordPress site. On FREE version of plugin – You should manually go through the SSL certificate installation process following the simple video tutorial. Whereas, the SSL certificates are easily generated by our plugin by running a simple SSL generation form.
How to temporarily disable HTTPS redirect
By adding below line of code to your wp-config.php file, All SSL enforcements like HSTS, Upgrade insecure requests, redirect to HTTPS, mixed content fixer will be disabled. Please check your .htaccess file for any other HTTPS enforcement related codes and remove it.
I already have SSL certificate installed, how to activate HTTPS?
If you already have SSL certificate installed, You can use WP Encryption plugin purely for HTTPS redirection & SSL enforcing purpose. All you need to do is enable “Force HTTPS” feature in this plugin.
Secure webmail & email server with an SSL/TLS Certificate
Starting from WP Encryption v5.4.8, you can now secure your webmail & incoming/outgoing email server following this guide
How to install SSL for both www & non-www version of my domain?
First of all, Please make sure you can access your site with and without www. Otherwise you will be not able to complete domain verification for both www & non-www together. If both are accessible, You will see “Generate SSL for both www & non-www” option on SSL install form. Otherwise, this option will be hidden.
Unable to check “Generate SSL for both www & non-www domain”?
Please make sure you can access your site with and without www. Otherwise you will be not able to complete domain verification for both www & non-www together. You can also force enable this checkbox by appending includewww=1 to page url i.e., /wp-admin/admin.php?page=wp_encryption&includewww=1
Images/Fonts not loading on HTTPS site after SSL certificate installation – Insecure Content / Mixed Content issue?
Images on your site might be loading over http:// protocol, please enable “Force HTTPS via WordPress” feature of WP Encryption. If you have Elementor page builder installed, please go to Elementor > Tools > Replace URL and replace your http:// site url with https://. Make sure you have SSL certificates installed and browser padlock shows certificate as valid before forcing these https measures. If you have too many mixed content errors because of http:// resources loaded in your css, js or external links, We recommend using “Really Simple SSL” plugin along with WP Encryption.
How do I renew SSL certificate
You can click on STEP 1 in progress bar or Renew SSL button (which will be enabled during last 30 days of SSL expiry date) and follow the same initial process of SSL certificate generation to renew the certificates.
Do you support Wildcard SSL?
Wildcard SSL support is included with PRO version
SSL Certificates renewed but new certs not showing in frontend
This might happen for non cPanel sites, all you need to do is reboot the server instance once.
How to revert back to HTTP in case of force HTTPS failure?
I am getting some errors during SSL installation
Feel free to open a ticket in this plugin support form and we will try our best to resolve your issue.
Should I configure anything for auto renewal of SSL certificates to work after upgrading to PRO version?
You don’t need to configure anything. Once after you upgrade to PRO version and activate PRO plugin on your site, the auto renewal of SSL certificates will start working in background according to 60 days schedule i.e., 30 days prior to SSL certificate expiry date.
Contributors & Developers
“WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content” is open source software. The following people have contributed to this plugin.Contributors
“WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content” has been translated into 5 locales. Thank you to the translators for their contributions.
Interested in development?
- PRO – Re-try unsuccessful renewals improved
- Free – case when either http or dns challenges are missing
- CSS improvements
- Freemius SDK update
- PRO – resolved a php bug related to SSL renewal
- PRO – Correctly set success screen after successful renewals
- PRO – Visibility of log and fresh install ssl
- Free – pre-check if http verification possible
- FS SDK update
- Other improvements
- SSL monitoring
- security features added
- HTTP challenge fail cases
- paragraph improvements
- experience level input
- Freemius SDK update
- DNS verification improved
- helpful tooltips and info
- defined checks and many more improvements
- PRO – cron hook improved, force spmode, improved security
- PRO – Fixed expiry date issue in cron tab
- PRO – No cron renewal for SP mode users
- PRO – Fixed issue with cron tab
- Function exists check
- help with http local verification
- Moved backup suggestion to top
- PRO – local check DNS and auto proceed later
- PRO – Cron based SSL renewal after all WP Cron jobs fail
- Backup suggestion
- HTTP code checking removed for acme-challenge
- Important: Logic correction for HTTP based domain verification
- SDK update
- Improved HTTP challenge verification
- Active SSL info block for SSL health page to show installed SSL details
- Sleep before ACME DNS verification
- improved logging
- HTTP based domain verification – correct .txt extension
- log pending authorizations when SSL domain verification fail
- Remove certain options upon plugin deactivation
- fopen error catch during ssl expiration check process
- Log why order got invalid later
- Wording fixes
- PRO – ability to input cpanel host
- PRO – admin notice when auto renewal failed
- PRO – different flows rechecked
- Improved CSS
- Improved explanations
- Fix – don’t show empty rows in advanced mixed content scanner
- Added – How it works Faq
- No more review requests for PRO users
- Updated – Intermediate cert priority. Please RESET and re-run SSL install form.
- New – Advanced Insecure content scanner
- Fixed path issue for subdirectory based WordPress installations
- DNS verify ajax issue fix
- Fixed the ajax call for “generate SSL for both www & non-www” checkbox
- Ajax check before enabling both “generate SSL for www & non-www” Checkbox
- SSL health in admin toolbar
- Improved instructions
- Always show checbkox to generate SSL for www & non-www together
- Activator SELF class error fix
- Fixed SSL certificate expiry date in email
- Many more improvements
- Check valid SSL before enabling HSTS & SSL Health page settings
- Security updates
- All new SSL Health page 🙂
- HSTS Strict Transport Security
- Mixed content fixer
- Important Security Headers
- Upgrade Insecure Requests