Free SSL Certificate with Bluehost Hosting for WordPress – Make A Website Hub


Bluehost is one of the most popular hosting companies for WordPress blogs and websites. With affordable levels and a user-friendly interface, it's no wonder that Bluehost hosts more than two million websites from its headquarters in Provo, Utah. One of the most popular features that Bluehost offers to customers is the issuance of a free SSL certificate.

The acronym SSL means secure socket layer, a common encryption protocol used on websites. You will know when a website uses SSL because the URL (address) will start with HTTPS instead of HTTP (some browsers also show a "lock" sign in the address bar). The most common use cases for SSL encryption include e-commerce sites, login pages and financial websites where protection of the user's privacy is paramount. However, it is easy to get confused with the difference between SSL and an SSL certificate.

In summary, SSL is the protocol or rules by which information is transmitted in the form of encryption. But the actual encryption depends on the SSL certificate that you use. SSL certificates also provide an important additional benefit: the ability to authenticate your website. When a visitor arrives at your website with SSL encryption, your browser will "examine" the certificate to make sure it matches the domain (URL / address). This gives your visitors the additional confidence that they are actually visiting your website and not a fake one designed to look like your website.

SSL is so important that most payment providers will refuse the service unless you adhere to the PCI (payment card industry) rules that include the proper use of an SSL certificate. And since all the information that users enter on their website is encrypted, all parties can be sure that hackers are not stealing your information. SSL certificate providers must perform certain checks before they can issue the certificate, including verification of identity and compliance with industry privacy regulations. Google and other search engines classify secure websites on similar but unsafe websites.

Therefore, the SSL certificate performs several functions:

  • Protects the user's information and data.
  • Authenticate your website as legitimate.
  • encrypt the data that is sent from one place to another on your website.
  • Improve SEO.

Each SSL certificate contains two components: a public key and a private key. The public key is available to anyone who visits the website, while the private key is exclusive to the website server. When a visitor visits your website for the first time, it will send to the visitor's browser a copy of their SSL certificate, which includes the public key. The user's browser will investigate the certificate of legitimacy, including who issued it (and whether it is reliable or not), and if it has expired or has been revoked or not.

Assuming everything is in order, the visitor's browser then starts loading the page. Your hosting server will issue a session key (based on your own private key) that will expire as soon as the user leaves your page. Throughout the rest of the interaction, all encryption will be handled by the key of the session.

Actually, there are three different types of SSL certificates, categorized the type and level of sensitivity of the information that needs to be protected. A standard SSL certificate is good for things like blogs or websites that are not treated with a lot of confidential information. However, an SSL EV (extended validation) certificate is required for high-volume shopping and payment sites where visitors need to ensure that the identity of the website has been verified and validated further. Finally, an OV certificate (validation of the organization) is designed to cover the complete domain of a company or organization that can include hundreds or even thousands of different websites.

Because Bluehost provides the hosting and issues the SSL certificate, the ability to add Enhanced security for a WordPress website is simple and easy. But before rushing to get an SSL certificate and turn your website into an encrypted one, keep in mind that doing it is not right for everyone. Encrypted websites use more server resources. And because there is more information to process, your website may load a little more slowly. Finally, "blocking" your website with SSL and HTTPS may not be the right choice if you are not processing confidential data and / or you want a more open, public, and welcome image.

How to install and use a Bluehost host SSL Certificate

First, of course, you must be an existing Bluehost client to install an SSL certificate on a website that hosts. All levels or subscription plans with Bluehost include a free SSL certificate.

Note: If you are a completely new client that has not installed a WordPress site on Bluehost, however, you can activate HTTPS before installing WordPress. This will make it much easier to use an SSL certificate later.

Secondly, before you start, you should make sure that you have disabled the "WHOIS" protectors on your website. This can be known as "whoisguard" or simply "domain privacy". By law, the owner and operator of a website must register that information in the WHOIS database. But there are a number of companies (including Bluehost) that allow you to hide this information from the public.

If you have activated a WHOIS protection service, you must deactivate it temporarily so that Bluehost can verify that they are, in fact, the owner of the website. Once the SSL certificate has been activated and everything works, you can safely re-activate your domain's WHOIS privacy protection service.

Once all this is done, log in to the Bluehost control panel (cPanel) and click on My Sites in the left column. Then click on "Manage site" in the center of the screen. If you are hosting several websites on Bluehost, you must choose which one you want to "Manage Site" (and add the SSL certificate) to.

[19659002] Then click on "Security". You will see a toggle switch (on / off) next to a line that says "Free SSL Certificate". Make sure it is lit and green in color.

Note: Typically, Bluehost takes a few hours to prepare its SSL certificate. If you see a notice that says "Working on it …", you will be informed that Bluehost will send you an email when the SSL certificate is ready. If you see this message, you will only have to wait until it is ready.

You will receive two emails from Bluehost. The first will thank you for your "purchase" of a free SSL certificate, and the second email will inform you when the SSL certificate for your website is ready.

In other cases, the way to find and activate the SSL certificate is by accessing the "Add-ons" tab from the Bluehost control panel (cPanel). Then click on "get more information" next to "SSL Certificates", and then click on "WordPress Free SSL". Click on "install".

Once you have installed your SSL certificate, you can convert your website from HTTP to HTTPS. However, if you want to check and see what the SSL certificate says (and verify that it works), you can use a free online tool. The tool will also identify any problem with the SSL certificate and show you when it expires and the identity of the issuer of the SSL certificate.

Here is a screenshot of the type of information revealed by the SSL verification tool:

Assuming everything looks good, now You can reactivate the privacy service of your WHOIS domain, if you are using one.

WordPress Migration from HTTP to HTTPS [19659015] Now that the SSL certificate has been issued and is working correctly, it's time to migrate your website from HTTP to HTTPS. With a Bluehost SSL certificate, your website will be available in both HTTP (not secure) and HTTPS (encrypted) format.

What you should do is tell all incoming links to your old HTTP addresses to automatically convert to HTTPS. And there are several ways to do this. The easiest thing is to use a plug-in called SSL really simple that is available for free.

Once you have downloaded and activated the add-on, I will see a message like this:

Before clicking on "Go ahead, activate SSL!" Make sure you have backed up your website. Most of the time, you should not lose any data or experience any problems, but it is always a good idea to make a full backup before making important changes such as the use of HTTPS.

The next step is to tell your WordPress server how to automatically convert URLs from HTTP to HTTPS so that visitors from old HTTP links are redirected to an HTTPS version of the link. This is done by editing the .htaccess file.

To do so, you can edit it manually or you can use a plug-in such as Yoast SEO. Regardless of which method you choose, you will have to add the following lines to your .htaccess file (whether you add them to the beginning of the file or the end of the file is irrelevant):

Almost ready!

To ensure a completely smooth transition, it is a good idea to update all existing links on your website to different sections / Publications / pages to the new HTTPS format. And the easiest way to do it is with another add-on, this one called Better Search and Replace.

Once you have installed and activated this add-on, click on "Tools" in the left column of the WordPress administration screen and then "Search and replace". Simply replace any HTTP URL that connects to your website (ie, to and click on "Run search / replace". [19659014] Conclusion

Now that your free SSL certificate has been activated and your website works exclusively through HTTPS, there are some other recommended steps you should follow.

  • Update the URL of your website on social networks.
  • Update your website's URL in other online accounts / profiles.
  • Update to the new URL in Google Analytics.
  • Update the information of the new URL with any advertiser and / or third-party content providers (for example, ads, banners, etc.).
  • Re-enable any WHOIS protection, if you have not already done so. [19659010] It is also a good idea to enable "Always redirect to SSL" in your Bluehost control panel (cPanel). On the left side, click on "Settings Settings", and then choose the "Redirects" tab. Make sure that both "Always redirect to SSL" is set to "Enabled" and that "SSL redirection destination" is set to "Default".

    If you want to see and / or download your SSL certificate, you can do it By clicking on the "Add-ons" tab of your Bluehost control panel. Then click on "get more information" next to "SSL Certificates". You will be given the option to "View your SSL certificate" or "Download your SSL certificate as a .zip file".


The free SSL certificate offered by Bluehost is actually provided by a company called Let's Encrypt that offers free SSL certificates to all. Therefore, you can choose to obtain your SSL certificate directly from Let's Encrypt or from another provider, if you wish. However, if you do this, you will still need to access your Bluehost control panel (cPanel) and install the SSL certificate.

Note: You can also get something called a shared SSL certificate that covers several websites (domains). With a shared SSL certificate, you can install and use the same certificate for all your websites, even those without a dedicated IP address.

Note that SSL certificates are linked to a specific domain (URL / address). Therefore, if you change your domain, you must obtain a new SSL certificate.


For a novice blogger who just starts a blog, you only need to enable HTTPS on your site as soon as possible. you buy hosting from Bluehost.

You can get Bluehost hosting here. (You also get SSL + PHP 7 + free domain and email) for as little as $ 2.95 p / m

Bluehost is one of the world's most popular hosting services for WordPress websites. And while Bluehost does not issue SSL certificates, it gives users the chance to purchase one for free (from Let's Encrypt) and install it with a few simple clicks through the Bluehost control panel.

Once this is done, it only takes a couple of minutes to update the internal links of your WordPress website to HTTPS (instead of HTTP) and make sure that old inbound links are automatically converted to the new HTTPS format.

If you are operating a WordPress website that is involved E-commerce, banking or handling confidential information, securing your site with HTTPS and an SSL certificate is a must. Following this simple guide, you can easily migrate your website to a completely secure format without losing any data or SEO ranking.

The following two tabs change the content below.

My name is Jamie Spencer and I spent the past 5 years building money blogging. After getting tired of 9-5, traveling and not seeing my family, I decided that I wanted to make some changes and I launched my first blog. Since then, I have launched many successful niche blogs and, after selling my survival blog, I decided to teach other people how to do the same.

Add a Comment

Your email address will not be published. Required fields are marked *