HTTPS Secure your WordPress site with SSL certificate provided by Let’s Encrypt® and force SSL / HTTPS sitewide, check your SSL score, fix insecure content & mixed content issues easily. Enable HTTPS secure padlock on your site within minutes.
WP Encryption plugin registers your site, verifies your domain, generates SSL certificate for your site in simple mouse clicks without the need of any technical knowledge.
A typical SSL installation without WP Encryption would require you to generate CSR, prove domain ownership, provide your bussiness data and deal with many more technical tasks!.
5M+ SSL certificates generated — Switch to HTTPS easily
PHP 5.4 & tested upto PHP 8.0, Linux hosting, OpenSSL, CURL, allow_url_fopen should be enabled.
PRO FEATURES WORTH UPGRADING
- Automatic domain verification
- Automatic SSL certificate installation
- Automatic SSL renewal (Auto renews SSL certificate 30 days prior to expiry date)
- Wildcard SSL support – Install Wildcard SSL certificate for your primary domain that covers ALL sub-domains. Automatic DNS based domain verification for Wildcard SSL installation (DNS should be managed by cPanel or Godaddy)
- Multisite + Mapped domains support – Supports SSL installation for mapped domains
- Automatic Content Delivery Network(CDN) to boost your site performance (Annual Plan Only)
- Blocks SQL injection, XSS, Shellshock, Remote File Inclusion, Apache Structs Exploits, Local File Inclusion attacks.
- Blocks common web application vulnerabilities and common WordPress attacks.
- Blocks invalid user agents, unknown user agents, CSRF, Convicted bot traffic, Spam & abuse, Probing & forced browsing, Brute force attacks.
- Top notch one to one priority support – Live Chat, Email, Premium Support Forum
- SSL installation help for non-cPanel sites
FREE SSL PLUGIN FEATURES
- Verify domain ownership and generate free SSL certificate
- Secure webmail and email with HTTPS
- Download generated SSL certificate, key and Intermediate certificate files
- Force HTTPS / Enable HTTPS 301 redirection sitewide in one click
- HTTPS redirection includes redirect loop fix for Cloudflare, StackPath, Load balancers and reverse proxies.
- SSL Health page – Track your SSL score and control various SSL & Security features like HSTS strict transport security Header, HttpOnly secure cookies, etc,.
- Enable important security headers including X-XSS-Protection, X-Content-Type-Options, Referrer-Policy
- Enable mixed content / insecure content fixer
- SSL monitoring & Automatic email notification prior to SSL certificate expiration
(Optional) Running WordPress on a specialized VPS/Dedicated server without cPanel? You can download the generated SSL certificate files easily via “Download SSL Certificates” page and install it on your server by modifying server config file via SSH access as explained in our DOCS.
(New) Vulnerability Scanner in v6.0
Navigate to SSL Health & Security page and run the vulnerability scanner to scan your WordPress, Plugins and Themes for known vulnerabilities. Keep everything updated to stay secure.
ADVANCED HTTPS SECURITY HEADERS
Safeguard your site from cross-site scripting attacks, clickjacking, MIME sniffing attacks.
- Enable HTTPS Strict Transport Security Header to avoid request protocol downgrading
- Disable directory listing to avoid directory traversing
- Enable X-XSS protection, secure cookies, X-Content-Type-Options to avoid cross site scripting and MIME sniffing
Switch to HTTPS in seconds
Secure HTTPS browser padlock in minutes.
Free domain validated (DV) SSL certificates are provided by Let’s Encrypt (A non profit Global certificate Authority).
SSL encryption ensures protection against man-in-middle attacks by securely encrypting the data transfer between client and your server.
Why does My WordPress site need SSL?
SEO Benefit: Major search engines like Google ranks SSL enabled sites higher compared to non SSL sites. Thus bringing more organic traffic for your site.
Data Encryption: Data transmission between server and visitor are securely encrypted on a SSL site thus avoiding any data hijacks in-between the transmission(Ex: personal information, credit card information).
Trust: Google chrome shows non-SSL sites as ‘insecure’, bringing a feel of insecurity in website visitors.
Authentic: HTTPS green padlock represents symbol of trust, authenticity and security.
Many thanks to the generous efforts of our translators.
If you would like to translate plugin to your language, Feel free to sign up and start translating!
Show Your Support
- If you find any issue, please submit a bug via support forum.
LOVE WP ENCRYPTION SSL PLUGIN?
If you find this plugin useful, please leave a positive review. Your reviews are our biggest motivation for further development of plugin.
WP Encryption plugin uses LetsDebug API to pull error details upon domain verification failure to show better insights on why you are not able to generate SSL certificate for your domain.
By enabling the Vulnerability Scan feature, you agree to terms & conditions of WPVulnerability Database API. The information provided by the information database comes from different sources that have been reviewed by third parties. There is no liability of any kind for the information.
Security is an important subject regarding SSL/TLS certificates, of course. It is obvious that your private key, stored on your web server, should never be accessible from the web. When the plugin created the keys directory for the first time, it will store a .htaccess file in this directory, denying all visitors. Always make sure yourself your keys aren’t accessible from the web! We are in no way responsible if your private keys go public. If this does happen, the easiest solution is to check folder permissions on your server and make sure public access is forbidden for root folders. Next, create a new certificate.
- Make a backup of your website and database
- Download the plugin
- Upload the plugin to the wp-content/plugins directory,
- Go to “plugins” in your WordPress admin, then click activate.
- You will now see WP Encryption option on your left navigation bar. Click on it and follow the step by step guide.
Does installing the plugin will instantly turn my site https?
Installing SSL certificate is a server side process and not as straight forward as installing a ready widget and using it instantly. You will have to follow some simple steps to install SSL for your WordPress site. Our plugin acts like a tool to generate and install SSL for your WordPress site. On FREE version of plugin – You should manually go through the SSL certificate installation process following the simple video tutorial. Whereas, the SSL certificates are easily generated by our plugin by running a simple SSL generation form.
How to temporarily disable HTTPS redirect
By adding below line of code to your wp-config.php file, All SSL enforcements like HSTS, Upgrade insecure requests, redirect to HTTPS, mixed content fixer will be disabled. Please check your .htaccess file for any other HTTPS enforcement related codes and remove it.
I already have SSL certificate installed, how to activate HTTPS?
If you already have SSL certificate installed, You can use WP Encryption plugin purely for HTTPS redirection & SSL enforcing purpose. All you need to do is enable “Force HTTPS” feature in this plugin.
Secure webmail & email server with an SSL/TLS Certificate
Starting from WP Encryption v5.4.8, you can now secure your webmail & incoming/outgoing email server following this guide
How to install SSL for both www & non-www version of my domain?
First of all, Please make sure you can access your site with and without www. Otherwise you will be not able to complete domain verification for both www & non-www together. If both are accessible, You will see “Generate SSL for both www & non-www” option on SSL install form. Otherwise, this option will be hidden.
Unable to check “Generate SSL for both www & non-www domain”?
Please make sure you can access your site with and without www. Otherwise you will be not able to complete domain verification for both www & non-www together. You can also force enable this checkbox by appending includewww=1 to page url i.e., /wp-admin/admin.php?page=wp_encryption&includewww=1
Images/Fonts not loading on HTTPS site after SSL certificate installation – Insecure Content / Mixed Content issue?
Images on your site might be loading over http:// protocol, please enable “Force HTTPS via WordPress” feature of WP Encryption. If you have Elementor page builder installed, please go to Elementor > Tools > Replace URL and replace your http:// site url with https://. Make sure you have SSL certificates installed and browser padlock shows certificate as valid before forcing these https measures. If you have too many mixed content errors because of http:// resources loaded in your css, js or external links, We recommend using “Really Simple SSL” plugin along with WP Encryption.
How do I renew SSL certificate
You can click on STEP 1 in progress bar or Renew SSL button (which will be enabled during last 30 days of SSL expiry date) and follow the same initial process of SSL certificate generation to renew the certificates.
Do you support Wildcard SSL?
Wildcard SSL support is included with PRO version
SSL Certificates renewed but new certs not showing in frontend
This might happen for non cPanel sites, all you need to do is reboot the server instance once.
How to revert back to HTTP in case of force HTTPS failure?
Please follow the revert back instructions given in support thread – Forced SSL via Htaccess and support thread – Forced SSL via WordPress accordingly.
I am getting some errors during SSL installation
Feel free to open a ticket in this plugin support form and we will try our best to resolve your issue.
Should I configure anything for auto renewal of SSL certificates to work after upgrading to PRO version?
You don’t need to configure anything. Once after you upgrade to PRO version and activate PRO plugin on your site, the auto renewal of SSL certificates will start working in background according to 60 days schedule i.e., 30 days prior to SSL certificate expiry date.
Contributors and Developers
“WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score” is open source software. The following people have contributed to this plugin.Contributors
“WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score” has been translated into 5 locales. Thank you to the translators for their contributions.
Translate “WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
- Removed source IP usage for now due to issues
- Auto re-create invalid order upon verification failure
- clean acme-challenge on reset
- source ip support for LE calls to avoid rate limits
- (New) Vulnerability Scanner in SSL Health & Security Page
- layout cleanups
- POST JWS not signed issue fix
- HSTS & CSP set via htaccess
- log authz response only when invalid status
- PRO – re-try after 30mins of DNS propagation Fixed
- PRO – cron holding
- PRO – include www has to be verified and not set by default
- PRO – Complete state conflict fix
- PRO – Better debugging with logging
- PRO – Hold daily SSL cron in case of fatal failure – reset or success to remove the hold
- Full auth resp logging
- Acmename resolution
- Slowness & error fix for previous release
- improved cp detection
- improved logging
- Major code re-build
- Improved SSL renewal crons for PRO
- pricing v2
- priority based SSL state flow
- renew button always enabled
- Mapped domains SSL support for native WP mapping in multisite
- PRO – Bundle JS fix
- PRO – Cert Panel blank page issue fix
- PRO – Automatic verification
- PRO – Cert Panel redirection fix
- PRO only release
- Composer issue fix
- PRO – Godaddy DNS error fix
- PRO – proceed to verification after waiting
- Php error fix for previous release
- htaccess handling improved
- additional security headers
- interface cleanup
- PRO – Re-try unsuccessful renewals improved
- Free – case when either http or dns challenges are missing
- CSS improvements
- Freemius SDK update
- PRO – resolved a php bug related to SSL renewal
- PRO – Correctly set success screen after successful renewals
- PRO – Visibility of log and fresh install ssl
- Free – pre-check if http verification possible
- FS SDK update
- Other improvements
- SSL monitoring
- security features added
- HTTP challenge fail cases
- paragraph improvements
- experience level input
- Freemius SDK update
- DNS verification improved
- helpful tooltips and info
- defined checks and many more improvements
- PRO – cron hook improved, force spmode, improved security
- PRO – Fixed expiry date issue in cron tab
- PRO – No cron renewal for SP mode users
- PRO – Fixed issue with cron tab
- Function exists check
- help with http local verification
- Moved backup suggestion to top
- PRO – local check DNS and auto proceed later
- PRO – Cron based SSL renewal after all WP Cron jobs fail
- Backup suggestion
- HTTP code checking removed for acme-challenge
- Important: Logic correction for HTTP based domain verification
- SDK update
- Improved HTTP challenge verification
- Active SSL info block for SSL health page to show installed SSL details
- Sleep before ACME DNS verification
- improved logging
- HTTP based domain verification – correct .txt extension
- log pending authorizations when SSL domain verification fail
- Remove certain options upon plugin deactivation
- fopen error catch during ssl expiration check process
- Log why order got invalid later
- Wording fixes
- PRO – ability to input cpanel host
- PRO – admin notice when auto renewal failed
- PRO – different flows rechecked
- Improved CSS
- Improved explanations
- Fix – don’t show empty rows in advanced mixed content scanner
- Added – How it works Faq
- No more review requests for PRO users
- Updated – Intermediate cert priority. Please RESET and re-run SSL install form.
- New – Advanced Insecure content scanner
- Fixed path issue for subdirectory based WordPress installations
- DNS verify ajax issue fix
- Fixed the ajax call for “generate SSL for both www & non-www” checkbox
- Ajax check before enabling both “generate SSL for www & non-www” Checkbox
- SSL health in admin toolbar
- Improved instructions
- Always show checbkox to generate SSL for www & non-www together
- Activator SELF class error fix
- Fixed SSL certificate expiry date in email
- Many more improvements
- Check valid SSL before enabling HSTS & SSL Health page settings
- Security updates
- All new SSL Health page 🙂
- HSTS Strict Transport Security
- Mixed content fixer
- Important Security Headers
- Upgrade Insecure Requests
- Secure webmail with an SSL Certificate
- Make htaccess writable
- Fix for PRO users – PLEASE UPDATE
- Get more insights on SSL verification via Letsdebug
- PHP Fatal error fix
- Image width
- Activation error
- Better logging
- Session handling fix
- Ajax url fix
- Improved instructions
- CA Signature fix
- Admin color tweaks
- PRO – Fix for auto renewal
- SSL Install page redesign
- Special note for SPMode
- Plugin interface changes
- Fixed wpleauto
- Ajaxified SSL notices
- UI Improved
- Improved SSL alerts for PRO
- Improved navigation
- Bug fix for DNS verification of SSL
- PRO – cPanel login check fix
- PRO – Minor bug fix
- Minor pricing changes
- Added support link
- PRO – Improved SPmode flow & cpanel backup method
- Ability to activate the plugin network wide
- PRO – Activate license network wide
- Minor bug fixes
- PRO – More precise DNS verification
- PRO – Bug fixes
- FREE – Get SSL certs emailed as attachment but enabling the option in “Download SSL certificates” page.
- SP mode redirect loop fix
- Cleaner plugin deactivation
- Double check auto renewal of SSL
- Bypass SSL verify peer
- Styling fixes + asset updates
- Privacy enabled youtube videos
- Added contact form
- Reduced plugin size
- Updated links
- SSL renewal reminder email
- removed BF banner
- Certificate chain fix – Please update
- FAQs updated
- SSL Leaf Signature issue fix
- Bug fixes for Premium SSL setup
- User flow fixes for SP Mode
- Optimized code
- minor bug fixes
- force generate SSL for www & non-www
- spmode related fixes
- SDK update
- minor link fixes
- SP mode for annual PRO users
- Faq & Videos moved to nav
- Bug Fix related to memory exhaust
- User flow improvements
- Improved error catching
- Improved instructions
- PLEASE UPDATE
- Identify mixed content issues
- minor fixes
- Fixed a bug with Manual DNS verification
- PRO – Fixed major bug related to Wildcard SSL – Please update
- Fixed – Minor bugs
- Improved – Cluster free SSL generate interface
- Improved – Complete user interface design
- Improved – Sub pages instead of confusing tabs
- Added – retain SSL stage
- Added – Force SSL improvements
- Added – Checkbox to generate SSL for both www & non-www domain
- PRO – Improved DNS automation
- PRO – Improved error handling
- PRO – Added important notifications
- Fixed – Download SSL tab not showing after success
- Fixed – DNS verification feature for http verification failures of noscript
- Added – Attempt http verification before offering manual verification options
- Improved – Domain verification interface
- Fixed – minor bug
- Fixed – Cron handling
- Added – SSL support for cPanel users with shell_exec function disabled
- PRO only release
- NEW – Upon various Non-cPanel user requests, Introducing FIREWALL plan for Non-cPanel sites
- PRO – New instant firewall setup wizard
- Improved – More cleaner admin interface
- Improved – Admin css, overall coding
- Added – Force HTTPS, FAQ, SSL videos as sub pages
- Fixed – minor php error