Bluehost Free SSL Certificate: How to Install it On Your WordPress Blog

Once you’re done creating your blog on WordPress, the next critical step should be to secure the blog against 3rd party attacks and malware.

Good enough, with the help of Bluehost Free SSL certificate, you can add an extra layer of security to your blog, offering users the privacy they deserve while visiting your website.

Bluehost is arguably one of the most popular web hosting providers around due to their affordable pricing plans as well as a simple user interface.

No wonder Bluehost hosts over 2 million websites around the world. Excitingly, Bluehost offers both new and existing users a free SSL certificate.

Therefore, if you’re considering creating a new blog or website and you want a reliable and secure web host that offers free SSL certificate, or you’re not happy with your existing host and need something more trustworthy, Bluehost is certainly the way to go.

In this post, I’m going to show how to install Bluehost free SSL certificate on your website without any experience.

We’ll also cover the following:

  • What is SSL Certificate?
  • Types of SSL Certificate
  • Why we need HTTPS (SSL Certificate)
  • How to Install Free SSL Certificate using Bluehost for WordPress
  • Frequently asked questions about Bluehost SSL certificate

What is SSL Certificate?

bluehost free ssl certificate

SSL is an acronym for “secured socket layer”.

This is basically a certificate that adds an extra layer of security on a website, thereby protecting it against any “man in the middle attacks”. Also known as digital certificates, this is an internet protocol that helps to secure data transfer between a visitor’s browser and the site he is visiting.

When a web surfer visits a site over a non-secure connection (non SSL), the user’s data is transferred in plain text form, and this data can easily be compromised or stolen by hackers.

Below is an example of what you’ll see while visiting a non-secure website, that’s a website that does not have SSL certificate:

non secure website

Essentially, every web user transfers information and data when they visit any website. This can usually be a piece of sensitive information such as login credentials, credit card information, payment details, etc.

Every serious webmaster needs this SSL certificate to secure the connection and transfer of data on his website. Once the SSL has been installed successfully on any site the protocol will instantly change from HTTP (Hypertext Transfer Protocol) to HTTPS. The last S stands for Secure.

See screenshot below:

SSL certificate enabled site

As you can see from the screenshot, this equally activates a green padlock on the site, indicating that the website is secured using SSL.

Furthermore, apart from the protection and security standpoint, adding SSL certificate equally builds trusts with website users and also increase website conversions by over 35%. One of the most important benefits being that SSL certificate also affects how Google sees your website.

Why we Need HTTPS (SSL Certificate)

As mentioned earlier, an HTTPS (SSL certificate) helps to secure the information on your site, thereby enhancing the trustworthiness and credibility of your website. Moreover, by utilizing data encryption, your site is equally less likely to be targeted by cybercriminals and hackers.

From an indexing and SEO standpoint, Google has been favoring HTTPS or SSL enabled websites for quite a long time now.

They made an announcement in late 2017 that the Chrome browsers (Google’s own browser) would now display a “not secure” warning against any site that isn’t leveraging HTTPS where a contact form or any type of information capture is used.

Which means that if you plan to add any type of form, which could be newsletter signup, or any other type of information capture on your site, you will definitely want to install an SSL certificate.

However, this SSL certificate usually cost some money to get, which is why most websites often shy away from using it. Luckily, Bluehost is one of the best web hosting providers out there that offers free SSL certificate to its users.

HTTPS is highly recommended for every website on the internet, especially for any website that collects user information such as user contact information, user login details, credit cards, payment information, email sign up form, etc.

And if you, by any means, sell anything on your site, you won’t be able to receive payment from your buyers without SSL certificate as most online payment gateways now require your site to use HTTPS/SSL before you can receive your payments.

Aside from security, SSL certificate equally creates a positive impression of your website and brand to your visitors. And as I said earlier, Google equally recommends the use of SSL. Research has shown that SSL-enabled sites often rank a bit higher in search engine result pages (SERPs).

That said, it’s important to also note that SSL certificates are of different types, and are classified based on 2 basic factors, let’s quickly look at that below:

Types of SSL Certificates

There are 3 types of SSL certificates as you can see below:

  1. Domain Validation Certificate: Domain Validation SSL certificate is actually the most common SSL certificate available. This type of SSL certificates are usually pretty affordable and mainly used on blogs.
  2. Extended Validation Certificate: This certificate is the most robust of them all, and shows the name of the company on the browser letting the users know about the website’s authenticity.
  3. Organizational Validation Certificate: This type is somehow similar to domain validation certificate listed above. The only difference is that you have to provide additional documentation to prove your company’s identity before you can obtain this certificate.

How Does SSL Certificate Work?

Now that you already know what SSL is as well as its importance and types, it’s time to also show you how an SSL certificate actually works.

In its basic sense, SSL protects data by encrypting the data transfer between the user’s browser and the site he’s visiting.

When a website visitor visits an SSL/HTTPs enabled website, his browser first verifies whether the website’s SSL certificate is valid:

ssl certificate

And if everything checks out, the browser encrypts the data using the website’s public key. This information is then returned to the intended server (website), where it’s decrypted using a secret private key and the public key.

How to Install Free SSL Certificate Using Bluehost for WordPress

Just recently, Bluehost added a new section on the user’s admin panel known as “WordPress tools.” From there, any new or existing Bluehost user can easily enable free SSL certificate on his website.

The WordPress tools add-on is a fantastic add-on from Bluehost as it simplifies the task of managing your WordPress blog.

Before you do anything, Deactivate guard protection of your domain name

Before activating Bluehost free SSL certificate on your website, it’s important you deactivate “” guard of your domain if you’ve been using it for a while. In a few instances, Bluehost will need to validate the identity of your domain name, and they will use the “” data of your domain name to send the validation email.

In this case, if your guard privacy is activated, they will not be able to send you the validation email. So you want to deactivate the “” guard just for some hours, and you can re-activate it after the SSL certificate is enabled.

Now, if you’ve followed the instruction above, here’s a step by step guide you should follow to activate SSL certificate for your Bluehost powered website.

The first step is to Login to your Bluehost account Dashboard:

Click on the “My Sites” tab, then choose the website for which you wish to enable Bluehost free SSL certificate.

Then, click on the “Manage site” tab:

manage sites

Clicking on the “Manage site” tab will open up a new screen and there, you will have to click on the “Security Tab” as you can see on the below screenshot:

bluehost security tab

Once you click on the “security tab”, it will open a new screen from where you’ll see the “Free SSL certificate” toggle button. Just toggle the button to yes as shown below, and you’re all set.

free ssl certificate on bluehost

When you’re done completing the steps above, you may get a message telling you that it may take some hours for SSL to be setup. And in the meantime, Bluehost will send you an email with the SSL certificate’s billing receipt, which is basically free.

Typically, it will usually take between 15 to 20 minutes for the website to start showing the SSL certificate.

How to Check If SSL Certificate is Active On Your Website

This can easily be achieved with the help of a free SSL checker tool. Simply visit the site and add your website link in the provided box and click the “check SSL” button. The SSL checker tool will then load and return to you a report that’s similar to the below screenshot:

ssl checker tool

Once SSL enabled, the website link will change from HTTP to HTTPS automatically, and you can confirm this change from your Bluehost hosting account dashboard.

To confirm this, just click on the “settings tab” in your dashboard and you will notice that the address has been automatically updated.

updated address

Furthermore, after you have successfully secured your website with Bluehost SSL certificate, the next step will be to enforce the HTTPS in order to make an easy transition to HTTPS by taking care of the mixed content issues.

Redirecting HTTP To HTTPS Using .htaccess

When you’ve installed an SSL certificate, there are two versions of your site that exist which include:


Because of the difference in the protocol, the search engines will consider the 2 versions of the websites as separate sites. Now, for you to properly redirect your traffic to the secured version of your site, this step is very necessary.

That said, you need to edit the .htaccess file in order to implement this redirection. This is a very critical file on your server, which you can access via the Cpanel, FTP client such as FileZilla, or Yoast plugin.

Generally, the .htaccess file is hidden by default so for you to access it on your Bluehost Cpanel, you’ll need to go to Advanced, and then click on the “file manager” tab as seen on the screenshot below:

file manager

Once you click on “file manager” a new tab will open which is your Cpanel file manager. On the right hand side, you’ll locate the settings button. Click on it, and a popup will show up from where you will have the option to see the hidden files.

Now, you need to select the relevant option and finally save the settings.

show hidden files

You will be able to locate this file in the root directory at public_html.

Furthermore, if you’re using the FileZilla FTP client, you will be required to establish a connection to the server. Now, click on the server and select the “force show hidden files” button.

force show hidden files

When you have found the .htaccess file, you will have to edit the file and add some lines of code to it:

Rewrite Engine on
Rewrite Cond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

You can just add this code at the beginning or the end of the .htaccess file. After pasting the code, you’re all set. That’s all the steps required to redirect the HTTP version to HTTPS version.

Redirecting Using the Really Simple SSL WordPress Plugin

You can also use the “Really Simple SSL” WordPress plugin to redirect all the existing URLs on your site from HTTP to HTTPS. This plugin will detect settings automatically and configure your site to run through HTTPS.

Simply search for the plugin, download, and install it from the WordPress plugin directory, or just get it via this link. When you’re done installing the plugin, you will see a screen that’s similar to the below screenshot.

migrate to ssl

Now, click on the “Go ahead, activate SSL” button, and you will get a message telling you that “SSL is activated”. And also prompting you to change your settings in Google analytics and webmasters:

ssl activated

Now that you’ve used the plugin to implement a code to redirect HTTP to HTTPS, it’ll help to ensure that neither the bots nor visitors visit an insecure page.

How to Update HTTP URLs to HTTPS

In order to update all the HTTP URLs to HTTPS, we’ll need to use the “Better Search Replace” WordPress plugin. This plugin will make your life a lot easier when updating links.

Once you’ve installed and activated the plugin, you’ll want to go over to the “Tools” section of your WordPress dashboard. Move your mouse over the Tools section, and you’ll see a new menu item with the name “Better Search Replace”, which is the plugin you just installed.

better search replace

Now, click on Better Search Replace tab, and the next screen will show you the plugin’s dashboard. Enter the details as seen in the below screenshot.

Search Replace tab

The next step is to select the tables in the selection and click on the Run Search/Replace button.

Run SearchReplace button

When you’re done with this process, you will get a message similar to the screenshot below.

search replace success

We’re almost done with the process, the next step now is to enable SSL on Cloudflare CDN.

How to Activate SSL On Cloudflare CDN

Cloudflare is one of the best and most popular CDN providers on the internet and they offer both premium and free plans.

Now, to enable SSL on Cloudflare, you have to login to your Cloudflare CDN account and click on the Crypto tab.

Once you’re in the SSL section, you will find four options in the drop down menu, which include:

  • Off
  • Flexible
  • Full
  • Full (Strict)

Choose the “Full” option as you can see below:

Cloudflare CDN

After selecting the “Full” option, you will need to scroll down to the “Always Use HTTPS” section and move the toggle button towards ON.

Always Use HTTPS

Finally, just the way we fixed the mix content issue earlier. You will need to perform the same action one more time. Scroll down a little more until you locate the “Automatic HTTPS Rewrites” section. This section equally has a toggle button, which you also need to turn ON.

Automatic HTTPS Rewrites

And that’s all. You have successfully enabled Bluehost free SSL certificate on your WordPress blog.

Browse More:

Frequently Asked Questions about Bluehost Free SSL Certificate

What if Bluehost SSL certificate expired?

Simply email Bluehost or contact them via their live chat support, and they’ll guide on what to do.

What’s the cost of SSL Certificates?

Typically, SSL Certificates cost differs from one certificate provider to another. The pricing could be somewhere around $50 to 200 per year. That said, some SSL certificate providers offer a few more add-on services alongside their certificates, and this may equally affect the SSL certificate cost.

How Can I get a free SSL Certificate?

Excitingly, most of the popular WordPress hosting providers such as Bluehost now offers free SSL certificate with all their hosting packages. So I suggest you get Bluehost SSL certificate today for free and secure your site against cybercriminals.

What Others are Reading:

How to Activate Bluehost Free SSL Certificate | Conclusion

For a newbie blogger that’s just starting a blog, you simply need to activate HTTPS on your website immediately you buy hosting from Bluehost.

Bluehost is arguably one of the world’s renowned web hosting providers for WordPress websites. And while Bluehost does not really give SSL certificates, it does give users the ability to get one for free through Let’s Encrypt as I already explained.

And as you can also see from this tutorial, you can install the free SSL certificate with a few clicks through your Bluehost control panel.

And once that has been completed, it just takes a few minutes to update the internal links of your WordPress blog from HTTPS to HTTPS, and make sure that all the old inbound links on your blog are converted automatically to the new HTTPS version.

Finally, if you’re running a website that is involved handles any form of sensitive information, securing your website with SSL certificate and HTTPS is crucial. Following this simple guide on Bluehost free SSL certificate will help you to easily migrate your site to a fully secured format without losing your SEO ranking or data.

Avatar of Anil Agarwal
About Author
Anil Agarwal is a full-time blogger and SEO expert with over 17 years of experience. Here's the founder of and India's leading digital marketing blog Anil has been featured on major websites like Forbes, Semrush, Hostinger, Bluehost, CloudWays, Kinsta, WPX, DreamHost, etc.
Bluehost Affiliate Program Review: Earn Over $1000 Per Month [Our Earning Reports Included!]
Bluehost Affiliate Program Review: Earn Over $1000 Per Month [Our Earning Reports Included!]
Bluehost Hosting Plans: Which Bluehost Shared Hosting Plan Should I Go For?
Bluehost Hosting Plans: Which Bluehost Shared Hosting Plan Should I Go For?
Bluehost VPS Review: Why Use VPS Hosting Over Shared Hosting?
Bluehost VPS Review: Why Use VPS Hosting Over Shared Hosting?
Hostinger vs BlueHost 2024 – Which Hosting Is Better & Why?
Hostinger vs BlueHost 2024 – Which Hosting Is Better & Why?

Leave a Comment