Secure your website with a Free SSL certificate. Trusted by 100,000+ websites globally!
SSL Zen helps you to secure your website, protect your customer’s data and show your visitors you’re trustworthy and authentic.
Manually installing an SSL certificate is not as easy as it sounds. It involves editing certain files in your WordPress directory and troubleshooting issues, which, believe you us, will crop up! Instead, with our plugin, all you need to do is follow a few easy steps. No coding, no hassle, no more mixed content, or insecure content warnings. In other words, you require no special developer experience to move your HTTP web pages to HTTPS or to force SSL on your website.
Features of Free Version:
- Secure padlock in the browser
- Displays ‘connection is secure’ message
- Increased SEO ranking
- Customers will trust you
- Accept safe payments online
- Compliance with regulation standards
- Strong bank-level security
Note: The free version requires you to manually verify your domain name with Let’s Encrypt by uploading a file on your server. You will also need to upload the SSL certificate on your server and configure them.
SSL certificate from Let’s Encrypt is only valid for 90 days and need to be manually renewed. If you fail to renew, your website will start showing a not secure warning to the visitors.
If you want the plugin to automatically install the SSL certificate and auto-renew it, please check the premium version of the plugin.
Features of Premium Version:
- Automatic Domain Verification
- Automatic SSL Certificate Generation
- Automatic SSL Certificate Renewal
- Accelerate your website with StackPath’s Global Content Delivery Network
- Premium Support – Live Chat, Email Support
- Spam Protection
- Brute-Force Protection
- Forces Browser Validation on traffic anomalies
- Performs Real-time threat intelligence for IP addresses, source location, and information on malicious IPs.
- Patches known vulnerabilities in the Apache Struts framework by blocking requests suspected of exploiting these vulnerabilities
- Enables a set of rules designed to block common WordPress exploits
- Blocks clients performing multiple injection attacks.
- Blocks Probing and Forced Browsing
- Blocks SQL injection attack attempts
- Blocks Cross-Site-Scripting (XSS) attack attempts
- Blocks Shellshock attack attempts
- Blocks requests suspected of being a Remote File Inclusion attempt
- Blocks requests suspected of a Local File Inclusion attempt
- Blocks attempts to access and potentially harm your servers through backdoors
- Blocks requests suspected of web shell attempts
- Blocks requests suspected of Response header injection attempts
- Blocks Invalid User Agents
- Blocks Unknown User Agents
Why get an SSL padlock?
- Trust – Starting from July 2018, Google Chrome has begun to mark all non SSL websites as ‘Not Secure’. When your users see the broken padlock, their trust wavers!
- Security – SSL provides authentication, trust and compliance. If your customer is filling out forms, or making payments on your website, you need SSL to protect sensitive data from eavesdroppers.
- SEO – Google ranks SSL-enabled websites higher than unsecured websites. Hence, securing your website also helps get you on top of Google’s search results.
Facing problems with the plugin?
We have detailed documentation for the most common issues you might face while installing SSL using our plugin. Please visit our documentation site at docs.sslzen.com
Please leave a review
If our plugin helped you secure your website, please leave a review here
For more information about our plugin, please visit sslzen.com
Want SSL Zen plugin in your language?
You can directly translate the plugin in your language here
When you add translations, get in touch with us as we will get you listed as a Project Translation Editor for our plugin.
- By downloading our plugin, You agree to Let’s Encrypt® Terms of Service
- By downloading our plugin, You agree to LEClient license terms, a PHP LetsEncrypt client library to verify domain ownership and generate an SSL certificate for your website.
- We use Let’s Debug API, a diagnostic tool to help figure out why you might not be able to issue a certificate for Let’s Encrypt®.
- We use Freemius to collect non-sensitive diagnostic data about your website should you opt-in.
Internet Security Research Group™, Let’s Encrypt®, ISRG™ are trademarks of the Internet Security Research Group. StackPath®, EdgeSSL™ are trademarks of StackPath, LLC. All rights reserved.
To install this plugin:
- Make a backup of your website and database
- Download the plugin
- Upload the plugin to the wp-content/plugins directory,
- Go to “plugins” in your WordPress admin, then click activate.
- You will now see an SSL Zen icon on your left navigation bar. Click on it and follow the step by step guide.
What is an SSL Certificate?
An SSL (Secure Sockets Layer) certificate is a digital certificate that authenticates the identity of a website and encrypts information sent to the server using SSL technology.
Are your SSL certificates really free?
Yes. All SSL certificates are generated by Let’s Encrypt® (nonprofit) with a mission to create a more secure and privacy-respecting Web by promoting the widespread adoption of HTTPS.
What benefits does SSL provide?
An SSL Certificate protects your customers’ sensitive information such as their name, address, password, or credit card number by encrypting the data during transmission from their computer to your web server.
How do I install my SSL certificate?
If you are using the free version of the plugin, you will be able to download the SSL certificate. Follow the on-screen instructions to install the SSL certificate on your web server or hosting panel.
How long are the certificates valid?
Let’s Encrypt® SSL certificates are valid for 90 days and can be renewed at no additional cost. You can easily renew your SSL certificate through our plugin.
How do I renew an SSL certificate?
Simply follow the same process you used to generate and install the SSL certificate the first time and your SSL certificate will be renewed.
Do I need technical knowledge to set up an SSL?
We’ve made the process of generating and installing the SSL certificate extremely easy. All you have to do is follow our simple step-by-step guide.
Is your plugin safe to install on my website?
Our plugin is open-source and anyone can download and inspect it before installing it on their website.
Do you support Wildcard SSL?
We currently do not support wildcard SSL. Our plugin is only built to generate an SSL certificate for your WordPress website/blog.
Which browsers will trust my certificate?
SSL certificates generated by Let’s Encrypt are trusted by all major browsers are supported.
Do I need to do the verification again when I renew?
The verification results are valid, at the time of writing, for 30 days. If you renew within that period, you should not need to re-verify. Outside of that period, you will need to do the verification again. However, it is a very simple process that requires almost no time.
I have installed the SSL certificate correctly, but my site is still “Not Secure”
The most likely reason for this is that you are still loading some resources, such as images for example, via HTTP. Browsers in this case will show “Mixed content” errors in the developers’ console. If you do not want to use developer tools, you can easily check which resources those might be by using “Why No Padlock?” service. You can read more about “Mixed Content” and how to prevent it here.
Can I see the name of my company on the SSL certificate?
Free SSL certificates are of Domain Validation type (DV) and do not hold that information. To have the information about your company, the certificate would need to pass Organization Validation (OV) or Extended Validation (EV). Both require paperwork (such as actual company checks) and cannot be offered for free as a result.
How to safely disable SSL Zen CDN plugin
Before you decide to deactivate the SSL Zen plugin, please make sure of the following things
Your website IPv4 A record for your website is pointing to your hosting server. An easy way to check this is by visiting https://www.whatsmydns.net/ and entering your website URL such as sslzen.com
If the results show your website server IP address, it means you are no longer using StackPath. The opposite of this is also true. If whatsmydns.net shows your A record as 22.214.171.124, it means you are still using StackPath. We recommend you wait for a couple of hours before deactivating the plugin.
Similar to A record, you also need to change your CNAME record for the www sub-domain. Make sure your CNAME record with host www is pointing to your domain name. For example, for domain name sslzen.com, the CNAME record for www would be sslzen.com. Again, you can use whatsmydns.net to check your CNAME resolution. Make sure you are selecting CNAME in the dropdown next to the text input where you enter your domain name.
Unable to login using cPanel credentials
For Cpanel Free/Pro users, after installing/uploading the plugin and activating it, at step 1 sometimes cPanel credentials are requested so that we can connect using cPanel’s web API when we are not able to use cPanel’s command line API to connect to your cPanel and verify your domain ownership.
Firstly, you can verify if you have a Cpanel account by using this link :2083 or Cpanel. example: sslzen.com:2083 or cpanel.sslzen.com. If you are able to see a Cpanel login screen like below that means your hosting provider comes with Cpanel and you have a Cpanel account. Enter your credentials and see if they are valid and allows you to log in to the Cpanel account. If an error message appears, you are entering the wrong credentials. If you don’t see a similar login screen, most probably the plugin would have suggested the wrong plan.
I can’t install the SSL certificate on temporary Bluehost domain
SSL certificates can only be installed on your domain name. If you are trying to install the SSL certificate on a temporary Bluehost domain it won’t work.
Please follow these instructions to replace your temporary domain name with your domain name.
Article – https://www.bluehost.com/help/article/using-your-temporary-url-with-wordpress#changing-from-temp
Rate Limit Issue while installing SSL
While installing SSL using the SSL Zen plugin, you might encounter an error message as in the below image or message like this on the plugin page:
“”cpanelfree.xyz” is currently affected by Let’s Encrypt-based ratelimits (https://letsencrypt.org/docs/rate-limits/). You may review certificates that have already been issued by visiting https://crt.sh/?q=%your_domain. Please note that it is not possible to ask for a ratelimit to be manually cleared. The Duplicate Certificate limit (5 certificates with the exact same set of domains per week) has been exceeded and is affecting the domain “cpanelfree.xyz”. The exact set of domains affected is: “cpanelfree.xyz”. It may be possible to avoid this ratelimit by issuing a certificate with an additional or different domain name.”
There might be a situation when installing SSL using the SSL Zen Free/Premium version of the plugin, you end up getting an error message that says ” Not all authorizations are valid”. There are different reasons for cause of this error. Follow the solution that is suitable for you based on the version of the plugin you are using :
Free version /Premium version:
- Check if your WordPress is installed in the root folder ex: /home/bcyh6ur88/public_html/ .Here is how you can check it:
Log in to the WordPress Administrator Dashboard as an administrator.
In the menu at left, click on the Tools option.
Find “Site Health” and click on it.
By default, the Site Health tool immediately shows the site Status. Click on “Info” to its immediate left at the top of the screen.
Go to the WordPress Constants section. Locate ABSPATH. This is your WordPress installation path.
Most of the time users end up installing their site in a sub-folder ex: cpanelfree.xyz/site . Their WordPress installation path in such cases would be: /home/bcyh6ur88/public_html/site
Due to this reason, the domain validation might fail and you’d see the “Not all authorization are valid” error message during SSL Zen Plugin setup.
To fix this, you can install your WordPress in the root folder, so that all your subfolders are covered by SSL. For ex: if you install your WordPress under this path : /home/bcyh6ur88/public_html/, it would cover all your websites sub-folders like cpanelfree.xyz/site , cpanelfree.xyz/blog , cpanelfree.xyz/contact etc.
You can get the help of your hosting provider to install your WordPress in the root folder instead of the sub-folder. Make sure you take a backup of your site before doing this change.
Setup the plugin once again. In the case of the premium plugin, make sure you have uploaded the premium version of the plugin and then follow the setup process.
Deactivate any other SSL plugins if you have installed and activated them. Similar SSL plugins may conflict with the SSL Zen plugin and the above error would be thrown.
Contributors and Developers
“SSL Zen – Free SSL Certificate & HTTPS Redirect for WordPress” is open source software. The following people have contributed to this plugin.Contributors
“SSL Zen – Free SSL Certificate & HTTPS Redirect for WordPress” has been translated into 2 locales. Thank you to the translators for their contributions.
Interested in development?
- Fix issues with sites post ssl installation
- Server side sanitizing, refactors for WP plugin review
- Server side sanitizing, refactors for WP plugin review
- Add more handlers for sanitizing input
- Upgrade plugin dependencies
- Fix issue on step 1 of setup
- Fix issues redirect loop between step 2 and step 3 of SSL activation in certain cases
- Update SSL ceritificate installation checks
- Fix issues with cPanel installations with restricted UAPI
- Fix issues with loading both free and paid versions
- Minor structural fixes to settings
- Fix support for old PHP 5.6.x websites
- Upgrade letsencrypt SDK
- Fixes for “token mismatch” error during SSL renewals
- Add exclusive “Done for you” offer
- Add logging for cron auto-renew process
- Use Google DNS for DNS verification
- Detect Hostgator cPanel installations, fixes for 3rd party SSL limitation
- Quick patch for LE CA Bundle Issue
- Fix php warning due to compatibility issues with older PHP versions
- Add a better review flow
- Added HelpScout beacon for free version of the plugin
- CDN pricing has been changed to $49/year
- Update cPanel check for ports and URL paths
- Update cPanel check
- Check for correct status letsdebug severities
- Updates for LetsEncrypt environments
- Updated CDN price to $59
- Switch exec to shell_exec for all cases
- Set timeout for request to detect cpanel
- Fix issues with Reset Plugin flow for Stackpath CDN
- Fix persistent review notification!
- Fix file verification flow for WP sites in directories
- Add detection for cloudflare
- Add detection for bluehost temporary domains
- Add link to translate plugin
- Feedback prompt update
- Minor bug fixes
- Fix localhost check
- Fix Step2 premium CDN flow for Google domains
- Fix Step1 flow for checking IP addresses
- Fix check for cPanel’s existence
- Fixed issues with free plugin site crashes
- Add translators to translations
- Fixed a bug that wasn’t displaying cPanel form on Step 1
- Bug fix for Generic Free version
- Automated Step 2 for cPanel Free Users
- Display Remind Me Later link after 10 seconds
- Removed confusing message on Settings page asking users to change their A and CNAME record.
- StackPath bug fixes
- StackPath enhancements and bug fixes
- Updated Freemius SDK to 2.4.1
- Fixed a bug that wasn’t displaying success message after DNS verification
- Changed pricing for premium plans from monthly to yearly
- Bug fix for DNS verification page design layout
- Changed pricing structure for premium versions
- Improved Re-Activation process for StackPath
- Improved error messaging
- Changed pricing of premium version to $36
- Updated Freemius SDK
- Improved StackPath DNS verification
- Added option to reset plugin for StackPath
- Pricing page has been hidden so users are redirected to buy the correct plan
- Updated cPanel Availability script
- Added better error messages for StackPath DNS verification
- Fixed a bug that was not displaying Let’s Encrypt Debug Log
- Fixed a bug that would pass A record for www.domain.tld instead of domain.tld for StackPath
- Added a Debug button for the users to easily share the file with support team
- Added HelpScout beacon to StackPath Premium version.
- Added I agree to terms and conditions that was accidentally removed in 3.0.0
- Added StackPath Integration. Non-cPanel users can now use StackPath to get an SSL certificate.
- Added hyperlink for certificate name on Step 3. Added tooltip for copy and download button.
- Increased delay for Let’s Debug calls as the previous delay was still not sufficient for few websites.
- Added a delay for Let’s Debug calls
- Moved Enable Debugging from Advanced > Debug tab
- Added instructions for non cPanel SSL installation
- Removed fopen as a requirement in System Requirements Check
- Fixed a bug that wasn’t renewing SSL certs for Pro customers
- Bug fix for DNS verification
- We now show settings page from Step 1
- Live Chat Widget for Premium users
Bug fix for ‘include www’ checkbox which was checking for A record only, replaced it with A or CNAME record.
- Changed pricing to per year from lifetime on pricing page
- Disabled upgrade to Pro in non-cPanel version
- Creates SSL cert for only domain.tld or www.domain.tld based on website url
- Added functionality so that the pro version of the plugin works even if the website is hosted in a sub-directory
- Added debug messages for identifying issues with Let’s Encrypt
Bug fix for cPanel credential verification.
Updated Let’s Encrypt PHP library LE Client to 1.2.2. Please update immediately.
- Major Plugin Redesign
- Added DNS verification which now supports wildcard SSL certificate
- Added System Requirements Compatibility Test
- Added option to send debug information for easier troubleshooting
- Removes HTML verification files after LE verification is complete
- Optimized HTTP and DNS verification process
- Updated LEClient to 1.2.1
- Added a pricing page which lets users upgrade to pro version
- Removed Review Plugin notice and donation requests from Admin Dashboard
- Added warning if plugin is installed on a localhost or IP address
- If ‘include www’ is checked, we now verify that a ‘A’ record for it exists
- Improved pro license validation
- Improved SSL installation process
- Optimized source code
- Replaced support email with plugin contact page
- Add a Setup menu item in plugin navigation
- Replaced the error message in Step 4
- Updated LE Client to the latest version
- Optimized codebase
- Bug Fix – Freemius auto-update process
- Bug fix
- Bug fix
- Added support to add SSL certificate for non-cPanel websites
- Fixed a bug that was not renewing an SSL certificate if the current url was https by ignoring https redirection for .well-known folder
- Fixed ‘Terms and Conditions’ link which was not working as expected
- If someone closes the review notice, we do not show it again for 24 hours
- Customized Freemius welcome message
- Updated Freemius SDK to 3.3.2
- If a user’s SSL certificate has expired and he clicks on Renew in the Settings tab, we now take him to Step 1 to re-create his authorization
- Users can now download the SSL certificate on Step 3
- Fix a bug that was not detecting cPanel compatibility because sslverify was true
- Added new videos for cPanel and Apache SSL installation instructions with voice-over
- Like the plugin? Become our ambassador and earn cash
- Refer new customers to our plugin and earn 20% commission on each successful sale you refer!
- To become an affiliate, go to SSL Zen plugin and click on affiliation in the left menu.
- Added new tags ssl,ssl certificate,openssl,letsencrypt,free ssl,free ssl certificate,ssl tls,secure socket layer,ssl encryption,wildcard ssl certificate,letsencrypt wildcard,ssl https,tls,wordpress ssl
- Security Patch for 1.9.5
- Changed tags to https, ssl, free ssl, ssl certificate, mixed content,insecure content,force ssl
- Fixed security issue