Web Hosting

How to Install Free SSL Certificate on Bluehost and Migrating to HTTPS

After you start a WordPress blog with Bluehost, the next important step is to secure your blog or website against third party attacks and malware. You can protect your website and provide users with the privacy they deserve with the help of SSL certificate.

In this tutorial, we will discuss how to enable a free SSL certificate on Bluehost.

how to use ssl on bluehost

Bluehost is one of the recommended hosting providers by and free SSL certificates are a part of the hosting plan.

Before we begin let’s first understand

What is an SSL certificate?

SSL is termed as a secured socket layer. This is a certificate that adds an extra layer of protection on your website against any man-in-the-middle attacks. These certificates are also known as digital certificates.

When a user visits a website over a non-secure connection, the data is transferred in simple text form. This data can be easily stolen or compromised by hackers.

To secure the connection and transfer of data you need the SSL certificate. When the SSL has successfully installed on any website the protocol changes from HTTP (Hypertext Transfer Protocol) to HTTPS, the S stands for Secure.

This also activates a green padlock on the website showing the website is secured using SSL.

Green padlock on browser address bar after installing the SSL certificate

Adding SSL certificate not only protects your website but it also builds trust with the users. Having a padlock on your address is a security signal. According to research

Using security seals on your website can increase conversions by more than 35% #WordPress #Security Click To Tweet

While we are discussing the benefits of installing SSL certificates, it is important to know it acts as a ranking factor on the search engine. Google has made several announcements regarding securing the web by moving to https and it will be considered as a ranking signal.

With that said, it is important to know there are different types of SSL certificates. These certificates are classified based on 2 factors

Based on Trust Level there are 3 types of certificates

  • Domain Validation– Domain Validation certificate is the most common and basic SSL certificate. These certificates are available for cheap and mostly used on blogging websites.
  • Organizational Validation– These certificates are somewhat similar to domain validation certificate. The difference being you obtain this certificate you have to provide additional documentation to prove your companies identity.
  • Extended Validation– This certificate is the most robust and displays the name of the company on the address bar letting the visitors know about the authenticity.

Extended validation ssl certificate

Paypal is a very famous website that uses an Extended Validation certificate and you can see the name of the organization in the address bar.

Based on the domains and subdomains

  • Single Name Certificate– You can only use this certificate to secure a single hostname or subdomain.
  • Wildcard Certificate– If you have multiple subdomains on your website. Then you require a Wildcard SSL certificate to secure them.
  • Multi-Domain/ SAN Certificate– Using this certificate you can secure multiple domain and subdomain names or in other words, you can secure the main domain and other SAN (Subject Alternative Domain Names) domain names using one certificate.

These certificates are either available for free or at a very low cost. If you are a blogger you can use the free certificates that are included in the hosting plans.

How to Install Free SSL Certificate on Bluehost and Migrating to HTTPS

With that said, let’s install the free SSL certificate on Bluehost.

In this article, we will be covering 3 things

  1. Installing a free SSL certificate on Bluehost.
  2. Migrating your website from HTTP to HTTPS
  3. Activating SSL on Cloudflare CDN

Before we start this guide, you need to make sure you disable your domain privacy. Once the process is over you can activate it again.

Also, don’t forget to take a backup of your website. I personally use and highly recommend using the UpdraftPlus plugin.

You may like to read- How to install a WordPress plugin

How to Enable a free SSL certificate on Bluehost for WordPress

tutorial on how to install a free ssl certificate on bluehost

Activating the SSL certificate

To begin the process, log in to your Bluehost dashboard and then go to My sites >> Manage site. To find the manage sites button hover over the hosted website and you will find it.

login to bluehost dashboard to install free ssl certificate

When you click Manage site it will take you to a new screen where you need to click on the Security Tab.

click the security tab to activate free ssl certificate

On clicking the security tab it will to a new screen where you will find the Free SSL certificate toggle button. Move the button to yes.

free ssl certificate toggle button

After completing these steps you may receive a message saying it may take a few hours to set up SSL. And in the meantime, you’ll receive an email from Bluehost with the billing receipt of the SSL certificate.

It took nearly 15-20 minutes for the site to show the SSL certificate.

How can you check if SSL is active on your site

This can be done easily with the help of the SSL checker tool. You can add the website link in the box and hit check SSL. The tool will then return you a report similar to the screenshot below.

checking the results after installing free ssl certificate

When you enable the SSL, the website link is automatically changed to HTTPS. You can check this change from your hosting dashboard.

To check this you can click on the settings tab and see the address has automatically updated.

checking the url changes after enabling the free ssl certificate

Once you have secured your website the next step is enforcing the HTTPS and making a smooth transition to HTTPS by fixing the mixed content issues.

Redirecting HTTP to HTTPS using .htaccess

After you install the SSL certificate, there are 2 versions of your website that exist.


Due to the difference in the protocol, search engines consider both of them as separate websites. In order to redirect your traffic to the secured version, this step is necessary.

To implement this redirection you need to edit the .htaccess file. This is a very important file on your server and can be accessed through the Cpanel, Yoast plugin, or FTP client such as FileZilla.

The .htaccess file is generally hidden by default so if you are using Bluehost Cpanel. Go to Advanced >> file manager.

Bluehost cpanel

When you click on file manager a new page will open in a separate tab which is the Cpanel file manager. On the right, you will see the settings button. Click on it. A popup will appear which will have the option to show the hidden files.

Select the relevant option and save the settings.

settings to show hidden files in bluehost cpanel

You will find this file in the root directory which is public_html or Public_html

Now if you are using the FileZilla FTP client, you need to establish a connection to the server and then click on the server and select force show hidden files.

settings to show hidden files in filezilla

Once you have found the .htaccess file, you need to edit the file and add a few lines of code to it.

Rewrite Engine on
Rewrite Cond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

You can paste this code at the start of the .htaccess or at the end. After adding the code you are done redirecting the HTTP version to the HTTPS version.

Redirecting using Really simple SSL plugin

Really Simple SSL plugin will also help to redirect all the URLs from HTTP to HTTPS. This plugin will automatically detect settings and will configure your website to run over HTTPS.

Download and install the plugin using this link. After the plugin is installed the first screen you see will be like the screenshot below.

After installing really simple ssl plugin

Click the “Go ahead, activate SSL!” button. You will get a message that says “SSL activated, Don’t forget to change your settings in Google analytics and webmasters”

SSL activation message

Now you have used a plugin and implemented code to redirect HTTP to HTTPS. This will ensure that neither the visitors nor the bots land on an insecure page.

Updating HTTP URLs to HTTPS

To update all the HTTP URLs to HTTPS we will be using the Better Search Replace plugin. It will make your life so much easier when updating links.

You can download and install the plugin using this link. After installing and activating the plugin, head over to Tools section in the WordPress dashboard. Hover your mouse over Tools and you will see a new menu item Better Search Replace

better search and replace on tool menu

Click on Better Search Replace. The next screen you will see is the dashboard of the plugin. Enter the details as shown in the screenshot below.

better search and replace dashboard

Select the tables in the selection and click Run Search/ Replace button.

better search and replace selecting tables

After the processing is complete you will get a message similar to this.

better search and replace completion message

The process is almost over and its time to activate SSL on Cloudflare CDN.

Activating SSL on Cloudflare

Cloudflare is one of the best CDN providers in the market and they offer both free and paid plans. On GeekyPlug we are currently using the free plan.

To activate SSL on Cloudflare, login to your Cloudflare CDN dashboard and click on Crypto.

Now in the SSL section, you will have 4 options in the drop-down menu.

  1. Off
  2.  Flexible
  3. Full
  4. Full (Strict)

Select Full

Activating SSL certificate in Cloudflare

After selecting Full, you need to scroll down a little and you will see Always Use HTTPS section and it has a toggle button. Move the toggle button towards On.

cloudflare always use https

You are almost done here. Like we earlier fixed the mix content issue. You have to perform the same action here. You need to scroll down a bit more until you find the Automatic HTTPS Rewrites. This section also has a toggle button. Move the button to On.

cloudflare automatic https rewrites

And that’s it You have successfully activated SSL on your WordPress blog.

Final Words

  1. Before you begin the process of installing SSL on your website make sure you take a backup of your website.
  2. Once you the SSL is enabled, scan and rescan your website for any broken links.
  3. Search engines consider HTTP and HTTPS as two different versions of the website. Make sure you submit the website in search console after it is secured. Also, update your Google Analytics profile.
  4. Next thing you need to do is change all the links on social media and anywhere else you have registered.
  5. Check robots.txt of your website to check if the secured version is not blocked.

And that is it

Step by Step tutorial on How to activate SSL certificate on Bluehost Click To Tweet

You may like to read next

I hope you find this guide helpful and share it with others on social media. If you have any queries feel free to contact us. To stay up to date with our content subscribe to our newsletter.

Tags : SecuritySSL certificateTutorial
Jasmeet Singh

The author Jasmeet Singh

Jasmeet Singh is the Blogging El Jefe at GeekyPlug. Started his career as a BPO employee and now is a full-time blogger and writes how-to guides and his personal experiences related to blogging. In his spare time, he likes to read books, listen to podcasts and play video games.


  1. I’m not familiar with this topic but you are very knowledgeable. Your screen shots and explainations are amazing and make it easier to understand. Thank you for this. You helped me learn something new.

  2. These step by step instructions are helpful. I had no idea how to install an SSL certificate nor did I realize the importance of having this installed. Is this needed if I have a .com account with wordpress as opposed to a .org account. Im not sure if there is a difference between the two

  3. Great info! I learned a lot from this post, especially the technical terms and the different types of certificates.

  4. Love your useful sharing here, let’s continue enjoy 2019, happy new year 2019. cheers, siennylovesdrawing

  5. Thanks for the tips. They will definitely come in handy for those who are struggling to install their SSL certificate. Thankfully, for me, I have a guy for that kind of stuff. Otherwise, I would be lost.

  6. Thanks for the detailed explanation on a lot of rather technical terms and tasks. I’m sure they will be helpful for many people!

  7. This is a very thorough and informative post. I will definitely share this information on my social media sites. Thanks!

  8. thanks so much for this useful & informative sharing, learnt so much from your sharing & understand better. cheers,

  9. This is such an amazing and comprehensive guide to installing an ssl certificate with Bluehost. So easy to read and follow the steps. Well done for creating such a great resource!

  10. To be honest, when I first started reading I had no idea what the heck was going on with this article but by the end, I was very informed.

  11. Secret – If you just contact customer support they’ll do it all for you LOL… I didn’t know what to do and was flustered so I just messaged them and they did it all. I came across issues because there was already soe other sort of security in place on my website that needed to be removed in order to put the SSL up.

  12. I was searching for how to install it, your post will definitely going to help me out. Thanks for sharing keep posting…

  13. This is such an informative post, it’s so important to ensure that your website and anything entered are protected. I really liked how you took the time to break everything down step by step so anyone could understand how to install an SSL certificate.

  14. Thank you so much for this. With privacy and security a big topic these last few months. It;s important for people to protect themselves on the internet including their blogs.

  15. Great tips. I installed my SSL when Google made it a requirement. It’s definitely needed and helpful to know how to implement it easily.

  16. Thank you so much for this post! I was just looking into how to do this on my site but this step-by-step guide is super helpful! I so look forward to trying this out.

  17. Yes, Bluehost provides free SSL certificate with the basic plan as well. It is good that no need to install extra WordPress plugin for the SSL certificate when you have Blue Host. Also, you can host unlimited websites with Plus & choice plus plans.
    You have written a very detailed post about SSL installation. I’m sure it helps many beginners out there.

  18. Such a helpful tutorial! I LOVe BlueHost, they have the best hosting and customer service. Very supportive and warm and dedicated to their job.

  19. I have to say what a great article to make it easy for everyone to be safe and practice good website security by installing SSL certificates on their blog or site.

    Love to share this with readers of SecureMy.Website to show people you don’t need to worry about basic web security practices being overly complicated. You’ve definitely made SSL easier to understand!


    Chris at SecureMyWebsite

  20. Bluehost shows that you have to upgrade to Cloudflare platinum at 15 bucks a domain name to use it and that if you have an SSL on Bluehost it will wreck the site if you try to use Cloudflare free. Will this method still work?

    1. Hi Justin, you don’t have to pay for anything and this method works. What I did was. I activated free Bluehost SSL certificate first. Then I went ahead and created a free Cloudflare account. It is important to keep in mind Clouflare also offers free SSL so you are safe in case Bluehost SSL doesn’t work. I hope I have answered your query. In case you have any doubts feel free to reach out to me using the contact form. I will be happy to answer.

Leave a Response