When it comes to running a website or a blog that you wish to base on WordPress, Bluehost is definitely your best option. It features extremely low prices, and it cares about its clients more than any other hosting service.

It is easy to use and find your way around it, and you should not have any trouble with figuring it out. However, there are still some things that you might need help with. Using a free SSL certificate on your Bluehost may be one of them, which is why we are making this guide on how to do it.

This way, you will transform your website into a safer and more secure version. Not only will this improve your ranking since it will please Google, it will also make your site safer for your customers.

Now, when it comes to the SSL certificates, there are both free and premium ones. But, before we go into how to implement them, let us first say a word or two about them.

About SSL certificates

The first thing worth noting is that there are several types of SSL certificates.

Free ones are good enough for blogs and similar information-based sites. If you are looking for a popular SSL certificate-issuing company, we can recommend Let’sEncrypt. They have new models of the certificate that greatly simplifies the process of implementing it. And, it is all completely free.

On the other hand, when it comes to sites that use transaction, or if it is an ecommerce platform, you should take this matter more seriously. Paid providers are the only ones that can offer you EV or OV certificate, which can properly protect your business.

Now that you know this, you can make your choice accordingly. We will now share the steps that you must take in order to do this properly, so make sure to follow them as best as you can.

It is an important task, and it will take some time. Not too much, but about an hour. Plus, there are a few more additional things to do after you move to HTTPS, but more on that later. For now, simply make sure that you have enough time so that you can finish the process as soon as possible. Let’s go.

Step-by-step guide on using free SSL certificate on Bluehost (for WordPress)

One more thing before we go to the actual steps. You should first update your Who.IS information, and also disable the Who.Is guard. This is necessary since Bluehost might send an email for validating your ownership of the domain. But don’t worry, as soon as you are done with the transfer to HTTPS, you can turn it the guard back on.

Now, we can finally begin. The first thing to know is that you can now enable SSL from your own cPanel. Simply log into it, and find WordPress Tools on top of it. Click on that, and go to Security.

You will see a button that says Free SSL certificate. Turn it on, and the installation will begin. A message might appear, and it will say that the process has started. Also, it will say that you will get an email if there is a need for you to take action. You will also get an email to inform you about your purchase of a free SSL.

Now, when the final screen pops up, you will know that SSL certificate has successfully finished with its installation. You are now ready to proceed.

As a measure of safety, you can use an online SSL checker tool, simply to verify whether the SSL certificate is active on your domain.

When you are done with that, and everything is as it should be, you will be ready for some real work. That includes taking care of SEO, and also properly moving to HTTPS. We will guide you through it all, so don’t worry.

Moving to HTTPS

After the activation of the SSL certificate is complete, you must force pretty much everything to load on HTTPS. That includes total migration from regular HTTPS, as well as ensuring that it is search engine friendly.

It is crucial to do so, otherwise, your traffic might come to a halt. You will now need some 10-15 minutes to make sure that everything is properly done.

Also note that this guide may be for Bluehost, but those who use Dreamhost, SiteGround, or A2 Hosting can also use a similar method of accessing free SSL. Only contact your support team, and they will enable it for you. The steps we are about to talk about are the same for you as well.

Install SSL plugin

Enabling the free SSL certificate will update your site’s URL automatically. For now, however, anyone can access both HTTP and HTTPS versions of its address. What you need to do now is to install a plugin that will redirect all of your visitors from HTTP to HTTPS automatically.

It is easy to do so, and all you need is to get the Really Simple SSL WordPress plugin. Install it and activate it and then click on ‘Go ahead, activate SSL’

Add the code for redirection to HTTPS and edit the .htaccess File

You must now add a couple lines of code to your WordPress. You can edit its .htaccess file by using FTP or Yoast SEO plugin.

Just open it and add this:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

You can put these few lines either at the beginning or the end of the file. This will bring you one more step closer to actually moving your site to HTTPS. Bear with us, there is not much left.

Use the Better Search & Replace plugin to update all HTTP URLs to HTTPS

The combination of the code from above and the Really Simple Plugin might help with redirecting all of your visitors to the HTTPS version of the site. However, it is also a good idea to update all of your links to HTTPS.

The Better Search & Replace plugin is a very good way to do so. Install it, and activate it. Start using it by going to Tools, and then clicking on Search & Replace.

However, before doing this, you might want to backup your entire WordPress database. Jost for the extra safety.

You can also use a plugin by the name of Broken Link Checker. It is a great way of finding links that lead to third party sites, and that use HTTP instead of HTTPS. If you do this, you will manage to keep your website’s SEO intact, so don’t worry about that.

Modifying CloudFlare

Whether you use CloudFlare dashboard or only its WordPress plugin, you should follow the next steps.

First of all, log into CloudFlare, and proceed to your domain. Then, go to Crypto, and change SSL settings to Full. Now scroll down while on that same page, and also turn on Automatic HTTPS Rewrites.

That will complete your migration from HTTP to HTTPS.

There are still some things for you to do, and those include:

  • Submitting the HTTPS version of your site to Google Search Console.
  • Update links to your website on social media
  • Update the profile link on your Google Analytics
  • Remember to enable your Who.Is guard
  • Read more about migration to HTTPS and make sure that you don’t have any mixed content. If you do, fix what is wrong

And that is that. You are now done with the process.


Enabling free SSL certificate is easy thanks to Bluehost’s cPanel method. You should do it since it is a very desired upgrade. Both Google and your customers will appreciate the change, and you will demonstrate your care about their safety.

If you are only starting your new blog or small website, you should do this as soon as you buy hosting from Bluehost. Hopefully, your migration was successful, and you are now only using HTTPS version of your site.