One of the most requested tutorials on BHUsers – Unofficial Bluehost users community is:

• How you can use free SSL certificate on Bluehost Shared hosting
• Can we configure LetsEncrypt Free SSL on Bluehost?

Well, personally I have been waiting to write this tutorial so that all of our community users using Bluehost hosting can enjoy the free SSL for their websites. Many of you might not be aware of the fact that using SSL (HTTPS) is a positive search engine ranking factor.

That means, if your site is using https version, it automatically helps in getting more organic traffic. However, this is one of 200+ other signals so if you are doing every other aspect of SEO right, using HTTPS will further boost your site ranking.

Sounds good?

Well, in this tutorial I will show you:

1. How to move your WordPress blog to HTTPS
2. How to enable free SSL certificate using Bluehost cPanel
3. How to check if you have configured HTTPS properly
4. How not to lose traffic after migrating from HTTP to HTTPS
5. Important things to do after migrating to HTTPS

So, we have a lot to cover & this is going to be an extensive guide. So grab a cup of coffee & let’s start with this epic tutorial on moving our site from HTTP to HTTPS for free.

Enabling Free SSL Certificate on Bluehost Hosting:

Bluehost recently added a new section call “WordPress tools.” From here, any existing or new Bluehost users can enable free SSL certificate. WordPress tools is a great addon from Bluehost as it makes the managing your WordPress blog easy. I will cover about WordPress tools in detail but for now, let’s stick to our main topic.

Preparation: Disable who.is guard of your domain

Before enabling free SSL certificate on Bluehost, make sure you disable who.is guard (If you are using) for a while. In some scenario, Bluehost will validate your identity for domain & they will use who.is information of your domain for sending the validation email.

If your who.is guard privacy is enabled, they won’t be able to send the email. So disable the who.is guard only for few hours & you can enable it once the SSL is activated.

Now, follow the steps mentioned & let’s activate SSL certificate for your website hosted on Bluehost Web hosting.

• Now, Login to your Bluehost Dashboard
• Click on my sites > Select the site for which you wish to enable SSL certificate
• Click on Manage site

• Go to security tab & this is where you will see option to enable free SSL certificate

Move the toggle next to “Free SSL certificate” to on.  This would attempt to activate the free SSL for your domain & this could take a while like up to 30 minutes.

In between, do keep an eye on your email for the validation email. Here is the email that I received for validating domain ownership:

SSL Certificate will not install automatically for:

Click on the link & you need to select your email where validation e-mail for your SSL certificate will be sent.

Click on submit & within 5 minutes you will get another email with the instruction to validate your SSL certificate installation for your domain name. This is the email that I got:

You just need to follow the instruction by clicking the link & pasting the code. This is pretty simple. Now, after this either wait for WordPress tools to automatically enable the SSL.  Or you can refresh the page again & enable free SSL certificate again.

In most of the cases, it should enable right away & also update your WordPress home & site URL to https version.

Optional case 1: When Bluehost is unable to update site URL & WordPress Home URL

However, in my case it showed an error saying:

Error: Could not update option ‘siteURL’.,Error: Could not update option ‘home.’

May be in your case this might not happen as on other domains where I activated SSL this issue didn’t happen. This could have happened due to multiple reasons. Since I use various security plugins, login page hide plugin & also CloudFlare to secure my blog, that might have prevented automatic updation of site URL & home page URL.

However, Bluehost has done installing SSL certificate for you. You can verify the same by entering your domain name on this SSL checker tool.

What you can do in this case is, click on settings tab & update the URL manually. Simply replace HTTP with HTTPS (See the screenshot below)

If this works then it’s great else you might need to force https by editing the wp-config file. Follow this guide to access your Bluehost hosting via FTP & take a backup of the wp-config.php file in the root of your domain.

Add the following line

define('FORCE_SSL_ADMIN', true);

Once done, now open your blog admin area again but this time instead of HTTP use https

ex: https:domain.com/wp-admin

Well, this should open your domain on https. However, we still have few more things to do.

Optional Step 2: This is only for users using Cloudflare 

This step is only for those users who are using Cloudflare as well. Login to Cloudflare dashboard & under Crypto enable full SSL as shown in screenshot below

On the same page scroll down to the bottom to find “Automatic HTTPS rewrite” & enable this option.

Also, enable HSTS which is on the same page.

Well, that’s all from Cloudflare end.

Must do: Install Really simple SSL WordPress plugin:

Now install this plugin call Really simple SSL. As description of this plugin says

“Really Simple SSL automatically detects your settings and configures your website to run over https. To keep it lightweight, the options are kept to a minimum. The entire site will move to SSL.”

This is a simple plug & play plugin that would take care of search engine friendly redirection from HTTP to HTTPS.

Edit .htacess to add 301 redirection code:

Also, edit your .htaccess file using Yoast SEO plugin or FTP & add following code.


RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]


This

Use Better search & replace plugin:

This is another smart thing you can do to replace all existing link on your blog from http to https. Using this plugin, you can search for all the links on your blog with http://domain.com to https://domain.com

Note: Take WordPress database backup before running this plugin. This is just a precautionary measure to be able to restore if you mess up anything.

The first run keeps the box that says “Run as dry run” checked. This would not replace anything but just show you what all will be replaced.

The results would be shown at the top. If you see no error, in the next run uncheck the box & click on “Run search/replace.”

Well, my friend, you are almost done moving your site from HTTP to HTTPS. The best part is; by following the above steps you would ensure nothing goes wrong. However, before you start celebrating, there are few things that you should do:

• Add https version of your site to Google search console & resubmit the sitemap.
• Edit the profile URL in Google Analytics from HTTP to HTTPS
• Over time on all your social media profile start updating site link from HTTP to HTTPS
• Additionally, you can use Broken link checker plugin & use the redirection module to further fix the links. Here is a guide about the same on ShoutMeloud.
• You should also read my detailed guide on fixing mixed content on ShoutMeLoud here.

Conclusion:

Moving your WordPress site from HTTP to HTTPS is worth doing as it adds the level of confidence among readers & also one of the search engine ranking factor. In fact, Chrome started showing the warning for the site not using SSL which may affect your traffic in coming days.

This detailed tutorial will enable you to move your WordPress site on Bluehost hosting from HTTP to HTTPS. In the case of any question/query feel free to ask me in the comment section below.

If you found this tutorial useful, do share with others on Facebook & Twitter.