WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content


Generate free Let’s Encrypt SSL certificate for your WordPress site and force SSL / HTTPS sitewide, fixing insecure content & mixed content issues easily. Enable secure padlock on your site within minutes.

Secure your WordPress site with SSL certificate provided by Let’s Encrypt®. WP Encryption plugin registers your site, verifies your domain, generates SSL certificate for your site in simple mouse clicks without the need of any technical knowledge.

A typical SSL installation without WP Encryption would require you to generate CSR, prove domain ownership, provide your bussiness data and deal with many more technical tasks!.

1M+ SSL certificates generated — 500+ 5-Star reviews


PHP 5.4 & tested upto PHP 8.0, Linux hosting, OpenSSL, CURL, allow_url_fopen should be enabled.

FREE Features

  1. Manual domain verification

  2. Manual SSL installation (Download generated SSL certificates with a click of button and Follow very simple video tutorial to install SSL certificate)

  3. Manual SSL renewal (SSL certificates expire in 90 days by default. Make sure to renew it before expiry date to avoid insecure warning on site)

  4. Force HTTPS + Redirect loop fix for Cloudflare, StackPath, Load balancers and reverse proxies.

  5. Advanced Mixed / Insecure content scanner – Scan your entire site for insecure images, css, js, assets which are causing browsers to show insecure padlock. Easily identify if the insecure content is sourced from widgets, post content or inline.

  6. Mixed Content fixer + Upgrade insecure requests

  7. HSTS Strict transport security Headers

  8. Important security headers implementation

  9. SSL health meter

  10. SSL expiry email notification

(Optional) Running WordPress on a specialized VPS/Dedicated server without cPanel? You can download the generated SSL certificate files easily via “Download SSL Certificates” page and install it on your server by modifying server config file via SSH access as explained in our DOCS.

PRO Features Worth Upgrading

  1. Automatic domain verification

  2. Automatic SSL installation

  3. Automatic SSL renewal (Auto renews SSL certificate 30 days prior to expiry date)

  4. Wildcard SSL support – Install Wildcard SSL certificate for your primary domain that covers ALL sub-domains. Automatic DNS based domain verification for Wildcard SSL installation (DNS should be managed by cPanel or Godaddy)

  5. Multisite + Mapped domains support – Supports SSL installation for domains mapped with MU domain mapping plugin

  6. Automatic Content Delivery Network(CDN) to boost your site performance (Annual Plan Only)

  7. Blocks SQL injection, XSS, Shellshock, Remote File Inclusion, Apache Structs Exploits, Local File Inclusion attacks.

  8. Blocks common web application vulnerabilities and common WordPress attacks.

  9. Blocks invalid user agents, unknown user agents, CSRF, Convicted bot traffic, Spam & abuse, Probing & forced browsing, Brute force attacks.

  10. Top notch one to one priority support – Live Chat, Email, Premium Support Forum


Why choose WP Encryption Pro over other SSL providers?

Our support staff is consisted of top notch developers and WordPress experts who can help with SSL setup & HTTPS enforcement for any customized server environments. We have taken care of SSL setup for 500+ complex Apache, Nginx, Bitnami, Lightsail, Reverse proxy servers.

Switch to HTTPS in seconds

  • Secure green browser padlock in minutes.

  • Free domain validated (DV) certificates are provided by Let’s Encrypt (A non profit Global certificate Authority).

  • SSL encryption ensures protection against man-in-middle attacks by securely encrypting the data transfer between client and your server.

Why does My WordPress site need SSL?

  1. SEO Benefit: Major search engines like Google ranks SSL enabled sites higher compared to non SSL sites. Thus bringing more organic traffic for your site.

  2. Data Encryption: Data transmission between server and visitor are securely encrypted on a SSL site thus avoiding any data hijacks in-between the transmission(Ex: personal information, credit card information).

  3. Trust: Google chrome shows non-SSL sites as ‘insecure’, bringing a feel of insecurity in website visitors.

  4. Authentic: HTTPS green padlock represents symbol of trust, authenticity and security.


Many thanks to the generous efforts of our translators.

If you would like to translate to your language, Feel free to sign up and start translating!

Get Involved

  • Rate Plugin – If you find this plugin useful, please leave a positive review. Your reviews are our biggest motivation for further development of plugin.
  • Submit a Bug – If you find any issue, please submit a bug via support forum.


WP Encryption plugin uses LetsDebug API to pull error details upon domain verification failure to show better insights on why you are not able to generate SSL certificate for your domain.

Security is an important subject regarding SSL/TLS certificates, of course. It is obvious that your private key, stored on your web server, should never be accessible from the web. When the plugin created the keys directory for the first time, it will store a .htaccess file in this directory, denying all visitors. Always make sure yourself your keys aren’t accessible from the web! We are in no way responsible if your private keys go public. If this does happen, the easiest solution is to check folder permissions on your server and make sure public access is forbidden for root folders. Next, create a new certificate.


  • Generate and Install free SSL certificate while Agreeing to TOS
  • SSL certificate generation successful message
  • Download/Copy generated SSL certificate & key
  • SSL Health Page with realtime score
  • Force HTTPS via htaccess or WordPress method
  • Mixed Content Scanner to identify insecure contents on HTTPS site


  1. Make a backup of your website and database
  2. Download the plugin
  3. Upload the plugin to the wp-content/plugins directory,
  4. Go to “plugins” in your WordPress admin, then click activate.
  5. You will now see WP Encryption option on your left navigation bar. Click on it and follow the step by step guide.


Does installing the plugin will instantly turn my site https?

Installing SSL certificate is a server side process and not as straight forward as installing a ready widget and using it instantly. You will have to follow some simple steps to install SSL for your WordPress site. Our plugin acts like a tool to generate and install SSL for your WordPress site. On FREE version of plugin – You should manually go through the SSL certificate installation process following the simple video tutorial. Whereas, the SSL certificates are easily generated by our plugin by running a simple SSL generation form.

How to temporarily disable HTTPS redirect

By adding below line of code to your wp-config.php file, All SSL enforcements like HSTS, Upgrade insecure requests, redirect to HTTPS, mixed content fixer will be disabled. Please check your .htaccess file for any other HTTPS enforcement related codes and remove it.


I already have SSL certificate installed, how to activate HTTPS?

If you already have SSL certificate installed, You can use WP Encryption plugin purely for HTTPS redirection & SSL enforcing purpose. All you need to do is enable “Force HTTPS” feature in this plugin.

Secure webmail & email server with an SSL/TLS Certificate

Starting from WP Encryption v5.4.8, you can now secure your webmail & incoming/outgoing email server following this guide

Need help with SSL installation for non cPanel site

Some helpful tutorials for non cPanel based SSL installations can be found on our DOCS.

How to install SSL for both www & non-www version of my domain?

First of all, Please make sure you can access your site with and without www. Otherwise you will be not able to complete domain verification for both www & non-www together. If both are accessible, You will see “Generate SSL for both www & non-www” option on SSL install form. Otherwise, this option will be hidden.

Images/Fonts not loading on HTTPS site after SSL certificate installation – Insecure Content / Mixed Content issue?

Images on your site might be loading over http:// protocol, please enable “Force HTTPS via WordPress” feature of WP Encryption. If you have Elementor page builder installed, please go to Elementor > Tools > Replace URL and replace your http:// site url with https://. Make sure you have SSL certificates installed and browser padlock shows certificate as valid before forcing these https measures. If you have too many mixed content errors because of http:// resources loaded in your css, js or external links, We recommend using “Really Simple SSL” plugin along with WP Encryption.

How do I renew SSL certificate

You can click on STEP 1 in progress bar or Renew SSL button (which will be enabled during last 30 days of SSL expiry date) and follow the same initial process of SSL certificate generation to renew the certificates.

What if I failed to renew the SSL certificate

Your site will start showing as insecure on all major browsers thus forcing the visitors to not visit insecure site.

Should I go through domain verification again during SSL renewal process

Completed domain verifications are valid only for 30 days, so you will need to complete domain verification again when renewing SSL certificate in 90 days.

Do you support Wildcard SSL?

Wildcard SSL support is included with PRO version

Receiving “Too many requests” error

Let’s Encrypt API has rate limits so please try after few hours if you receive this error.


Please read our step by step instructions to resolve this issue – https://wpencryption.com/err_ssl_unrecognized_name_alert/. We have covered several other SSL errors in our DOCS


VirtualHost for port 443 (in case of apache server), Server{} listening at port 443 (in case of nginx server) might be not defined in your server config file.

SSL Certificates renewed but new certs not showing in frontend

This might happen for non cPanel sites, all you need to do is reboot the server instance once.

How to revert back to HTTP in case of force HTTPS failure?

Please follow the revert back instructions given in support thread – Forced SSL via Htaccess and support thread – Forced SSL via WordPress accordingly.

I am getting some errors during SSL installation

Feel free to open a ticket in this plugin support form and we will try our best to resolve your issue.

Should I configure anything for auto renewal of SSL certificates to work after upgrading to PRO version?

You don’t need to configure anything. Once after you upgrade to PRO version and activate PRO plugin on your site, the auto renewal of SSL certificates will start working in background according to 60 days schedule i.e., 30 days prior to SSL certificate expiry date.

How to enable HSTS Strict Transport Security header?

Various important features like HSTS header, mixed content fixer, upgrade insecure requests, security headers can be easily enabled via SSL Health page of the plugin. Please have valid SSL certificate installed on your site before you could enable these features.


15 januari 2022
i knew by one of the blogs many thanks to developer, it worked and its really amazing
7 januari 2022
Easy to install via my hosting platform and did as it is intended. I now have a free SSL-certified website.
Lees alle 683 beoordelingen

Bijdragers & ontwikkelaars

“WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content” is open source software. De volgende personen hebben bijgedragen aan deze plugin.


“WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content” is vertaald in 5 talen. Dank voor de vertalers voor hun bijdragen.

Vertaal “WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content” naar jouw taal.

Interesse in ontwikkeling?

Bekijk de code, haal de SVN repository op, of abonneer je op het ontwikkellog via RSS.



  • HTTP based domain verification – correct .txt extension
  • log pending authorizations when SSL domain verification fail


  • Remove certain options upon plugin deactivation
  • fopen error catch during ssl expiration check process


  • Log why order got invalid later
  • Wording fixes
  • PRO – ability to input cpanel host
  • PRO – admin notice when auto renewal failed
  • PRO – different flows rechecked


  • Improved CSS
  • Improved explanations
  • Fix – don’t show empty rows in advanced mixed content scanner
  • Added – How it works Faq
  • No more review requests for PRO users


  • Updated – Intermediate cert priority. Please RESET and re-run SSL install form.


  • New – Advanced Insecure content scanner
  • Fixed path issue for subdirectory based WordPress installations
  • DNS verify ajax issue fix


  • Fixed the ajax call for “generate SSL for both www & non-www” checkbox


  • Ajax check before enabling both “generate SSL for www & non-www” Checkbox


  • SSL health in admin toolbar
  • Improved instructions
  • Always show checbkox to generate SSL for www & non-www together
  • Activator SELF class error fix
  • Fixed SSL certificate expiry date in email
  • Many more improvements


  • Check valid SSL before enabling HSTS & SSL Health page settings
  • Security updates


  • All new SSL Health page 🙂
  • HSTS Strict Transport Security
  • Mixed content fixer
  • Important Security Headers
  • Upgrade Insecure Requests


  • Secure webmail with an SSL Certificate
  • Make htaccess writable


  • Fix for PRO users – PLEASE UPDATE


  • Get more insights on SSL verification via Letsdebug


  • PHP Fatal error fix


  • Image width
  • Activation error
  • Better logging


  • Session handling fix
  • Ajax url fix
  • Improved instructions


  • CA Signature fix
  • Admin color tweaks
  • PRO – Fix for auto renewal


  • SSL Install page redesign
  • Special note for SPMode
  • Plugin interface changes


  • Fixed wpleauto


  • Ajaxified SSL notices
  • UI Improved
  • Improved SSL alerts for PRO


  • Improved navigation
  • Bug fix for DNS verification of SSL


  • PRO – cPanel login check fix
  • PRO – Minor bug fix


  • Minor pricing changes
  • Added support link


  • PRO – Improved SPmode flow & cpanel backup method


  • Ability to activate the plugin network wide
  • PRO – Activate license network wide
  • Minor bug fixes


  • PRO – More precise DNS verification
  • PRO – Bug fixes
  • FREE – Get SSL certs emailed as attachment but enabling the option in “Download SSL certificates” page.


  • SP mode redirect loop fix
  • Cleaner plugin deactivation


  • Double check auto renewal of SSL
  • Bypass SSL verify peer
  • Styling fixes + asset updates
  • Privacy enabled youtube videos


  • Added contact form
  • Reduced plugin size
  • Updated links
  • SSL renewal reminder email
  • removed BF banner


  • Certificate chain fix – Please update
  • FAQs updated


  • SSL Leaf Signature issue fix


  • Bug fixes for Premium SSL setup
  • User flow fixes for SP Mode


  • Optimized code
  • minor bug fixes
  • force generate SSL for www & non-www
  • spmode related fixes


  • SDK update
  • minor link fixes


  • SP mode for annual PRO users
  • Faq & Videos moved to nav
  • Bug Fix related to memory exhaust


  • User flow improvements
  • Improved error catching
  • Improved instructions


  • Identify mixed content issues
  • minor fixes


  • Fixed a bug with Manual DNS verification


  • PRO – Fixed major bug related to Wildcard SSL – Please update


  • Fixed – Minor bugs
  • Improved – Cluster free SSL generate interface
  • Improved – Complete user interface design
  • Improved – Sub pages instead of confusing tabs
  • Added – retain SSL stage
  • Added – Force SSL improvements
  • Added – Checkbox to generate SSL for both www & non-www domain
  • PRO – Improved DNS automation
  • PRO – Improved error handling
  • PRO – Added important notifications