WP Encryption – Free SSL Certificate & Force SSL / HTTPS fixing Insecure Content


Generate free Let’s Encrypt SSL certificate for your WordPress site in One Click and force SSL/HTTPS sitewide, fixing insecure content & mixed content issues easily.

Secure your WordPress site with SSL certificate provided by Let’s Encrypt®. WP Encryption plugin registers your site, verifies your domain, generates SSL certificate for your site in simple mouse clicks without the need of any technical knowledge. A typical SSL installation without WP Encryption would require you to generate CSR, prove domain ownership, provide your bussiness data and deal with many more technical tasks!.

200k+ Downloads Worldwide — 280k+ SSL certificates generated


PHP 5.4 & above, Linux hosting, OpenSSL, CURL, allow_url_fopen should be enabled.

FREE Features

  1. Manual domain verification

  2. Manual SSL installation (Download generated SSL certificates with a click of button and Follow very simple video tutorial to install SSL certificate on your cPanel)

  3. Manual SSL renewal (SSL certificates expire in 90 days. Make sure to renew it before expiry date to avoid insecure warning on site)

  4. Force HTTPS + Redirect loop fix for Cloudflare, StackPath, Load balancers and reverse proxies.

  5. (Optional) Running WordPress on a specialized VPS/Dedicated server without cPanel? You can download the generated SSL certificate files easily via our plugin page and install it on your server by modifying server config file via SSH access as explained in our DOCS.

Sounds too much technical? Don’t have cPanel & SSH? We got you covered!, Upgrade to our secure FIREWALL service to avail SSL along with Firewall + CDN.

PRO Features Worth Upgrading

  1. Automatic domain verification

  2. Automatic SSL installation

  3. Automatic SSL renewal (Auto renews SSL certificate 30 days prior to expiry date)

  4. Wildcard SSL support – Install Wildcard SSL certificate for your primary domain that covers ALL sub-domains. Automatic DNS based domain verification for Wildcard SSL installation (DNS should be managed by cPanel or Godaddy)

  5. Multisite + Mapped domains support – Supports SSL installation for domains mapped with MU domain mapping plugin

  6. Mixed content scanner (Run a mixed content scan for frontend or backend admin pages to detect which insecure contents are causing browser padlock to not show)

  7. Top notch one to one priority support


Switch to HTTPS in seconds

  • Free domain validated (DV) certificates are provided by Let’s Encrypt (A non profit Global certificate Authority).

  • SSL encryption ensures protection against man-in-middle attacks by securely encrypting the data transfer between client and your server.

Why does My WordPress site need SSL?

  1. SEO Benefit: Major search engines like Google ranks SSL enabled sites higher compared to non SSL sites. Thus bringing more organic traffic for your site.

  2. Data Encryption: Data transmission between server and visitor are securely encrypted on a SSL site thus avoiding any data hijacks in-between the transmission(Ex: personal information, credit card information).

  3. Trust: Google chrome shows non-SSL sites as ‘insecure’, bringing a feel of insecurity in website visitors.

  4. Authentic: HTTPS green padlock represents symbol of trust, authenticity and security.


Modern Addons for Elementor – Premium unique CSS3 based modern addon elements for Elementor page builder for free.

Go Viral Social Plugin – A Complete social toolkit with social share, sticky sharebar, whatsapp chat, share & view counters, open graph, social locker, voting and much more.


Many thanks to the generous efforts of our translators:

If you would like to translate to your language, Feel free to sign up and start translating!

Get Involved

  • Rate Plugin – If you find this plugin useful, please leave a positive review. Your reviews are our biggest motivation for further improvements of plugin.
  • Submit a Bug – If you find any issue, please submit a bug via support forum.


Security is an important subject regarding SSL/TLS certificates, of course. It is obvious that your private key, stored on your web server, should never be accessible from the web. When the plugin created the keys directory for the first time, it will store a .htaccess file in this directory, denying all visitors. Always make sure yourself your keys aren’t accessible from the web! We are in no way responsible if your private keys go public. If this does happen, the easiest solution is to check folder permissions on your server and make sure public access is forbidden for root folders. Next, create a new certificate.


  • Generate and Install SSL certificate while Agreeing to TOS
  • SSL certificate generation successful message
  • Change your WordPress & Site url to HTTPS://
  • Force HTTPS throughout entire site


  1. Make a backup of your website and database
  2. Download the plugin
  3. Upload the plugin to the wp-content/plugins directory,
  4. Go to “plugins” in your WordPress admin, then click activate.
  5. You will now see WP Encryption option on your left navigation bar. Click on it and follow the step by step guide.


Does installing the plugin will instantly turn my site https?

Installing SSL certificate is a server side process and not as straight forward as installing a ready widget and using it instantly. You will have to follow some simple steps to install SSL for your WordPress site. Our plugin acts like a tool to generate and install SSL for your WordPress site. On FREE version of plugin – You should manually go through the SSL certificate installation process following the simple video tutorial. Whereas, the SSL certificates are easily generated by our plugin by running a simple SSL generation form.

Can I use this plugin for HTTPS redirection only?

If you already have SSL certificate installed, You can use WP Encryption plugin purely for HTTPS redirection & SSL enforcing purpose.

What if domain verification failed

You can manually complete the domain verification via HTTP or DNS method as explained in video tutorial shown on domain verification page.

Need help with SSL installation for non cPanel site

Some helpful tutorials for non cPanel based SSL installations can be found on our DOCS.

How to install SSL for both www & non-www version of my domain?

First of all, Please make sure you can access your site with and without www. Otherwise you will be not able to complete domain verification for both www & non-www together. If both are accessible, You will see “Generate SSL for both www & non-www” option on SSL install form. Otherwise, this option will be hidden.

Images/Fonts not loading on HTTPS site after SSL certificate installation – Insecure Content / Mixed Content issue?

Images on your site might be loading over http:// protocol, please enable “Force HTTPS via Htaccess” feature of WP Encryption. If you have Elementor page builder installed, please go to Elementor > Tools > Replace URL and replace your http:// site url with https://. Make sure you have SSL certificates installed and browser padlock shows certificate as valid before forcing these https measures. If you have too many mixed content errors because of http:// resources loaded in your css, js or external links, We recommend using “Really Simple SSL” plugin along with WP Encryption.

How do I renew SSL certificate

You can follow the same initial process of SSL certificate generation to renew the certificates.

What if I failed to renew the SSL certificate

Your site will start showing as insecure on all major browsers thus forcing the visitors to not visit insecure site.

Should I go through domain verification again during SSL renewal process

Completed domain verifications are valid only for 30 days, so you will need to complete domain verification again when renewing SSL certificate in 90 days.

Do you support Wildcard SSL?

Wildcard SSL support is included with PRO version

Do you support SAN SSL certificate

SAN SSL certificates are not supported at this moment

Receiving “Too many requests” error

Let’s Encrypt API has rate limits so please try after few hours if you receive this error.

Do I need any technical knowledge to use this plugin

Downloading and installing the generated SSL certificates on cPanel is very easy and can be done without any technical knowledge.


VirtualHost for port 443 (in case of apache server), Server{} listening at port 443 (in case of nginx server) might be not defined in your server config file.

SSL Certificates renewed but new certs not showing in frontend

This might happen for non cPanel sites, all you need to do is reboot the server instance once.

How to revert back to HTTP in case of force HTTPS failure?

Please follow the revert back instructions given in support thread – Forced SSL via Htaccess and support thread – Forced SSL via WordPress accordingly.

I am getting some errors during SSL installation

Feel free to open a ticket in this plugin support form and we will try our best to resolve your issue.

Should I configure anything for auto renewal of SSL certificates to work after upgrading to PRO version?

You don’t need to configure anything. Once after you upgrade to PRO version and activate PRO plugin on your site, the auto renewal of SSL certificates will start working in background according to 60 days schedule i.e., 30 days prior to SSL certificate expiry date.


September 17, 2020
Fácil de usar y muy efectivo. Lo recomiendo
September 14, 2020
Love this plugin, have already used it on multiple staging sites to set up SSL before pointing the DNS over.
Read all 204 reviews

Contributors & Developers

“WP Encryption – Free SSL Certificate & Force SSL / HTTPS fixing Insecure Content” is open source software. The following people have contributed to this plugin.


“WP Encryption – Free SSL Certificate & Force SSL / HTTPS fixing Insecure Content” has been translated into 5 locales. Thank you to the translators for their contributions.

Translate “WP Encryption – Free SSL Certificate & Force SSL / HTTPS fixing Insecure Content” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.



  • Fixed a bug with Manual DNS verification


  • PRO – Fixed major bug related to Wildcard SSL – Please update


  • Fixed – Autoloader bug fix
  • Fixed – minor bugs related to previous release


  • Fixed – Minor bugs
  • Improved – Cluster free SSL generate interface
  • Improved – Complete user interface design
  • Improved – Sub pages instead of confusing tabs
  • Added – retain SSL stage
  • Added – Force SSL improvements
  • Added – Checkbox to generate SSL for both www & non-www domain
  • PRO – Improved DNS automation
  • PRO – Improved error handling
  • PRO – Added important notifications


  • Fixed – Download SSL tab not showing after success


  • Fixed – DNS verification feature for http verification failures of noscript


  • Added – Attempt http verification before offering manual verification options


  • Improved – Domain verification interface
  • Fixed – minor bug
  • Fixed – Cron handling


  • Added – support for cPanel users with shell_exec function disabled
  • PRO only release


  • Improved – CSS + Layout
  • Fixed – Improper conditionals
  • Added – Dashboard Metrics for Firewall users


  • Fixed – Minor css fixes
  • Fixed – some links


  • NEW – Upon various Non-cPanel user requests, Introducing FIREWALL plan for Non-cPanel sites
  • PRO – New instant firewall setup wizard
  • Improved – More cleaner admin interface
  • Improved – Admin css, overall coding
  • Added – Force HTTPS, FAQ, SSL videos as sub pages
  • Fixed – minor php error


  • Fixed – A bug related to domain verification for sub-directory sites


  • Modified – Check SSL certificate before forcing HTTPS
  • Added – Ability to force enable SSL
  • Improved – Single domain SSL form UX
  • Improved – response messages


  • Added – SSL support for sub-directory sites
  • PRO – Advanced domain verification
  • PRO – Auto renewal of SSL certificate duration changed
  • Modified – Overall code cleanup
  • Improved – Log messages


  • Fixed – minor errors & function
  • Improved – Force HTTPS instructions


  • Added – Introduced Affiliate program upon your requests
  • Improved – More organized interface
  • Improved – How to Videos


  • Improved – Much cleaner & simpler SSL interface
  • Imroved – Instructions
  • Added – Expiry Reminder
  • Added – DNS verification test on the fly


  • PHP notice fix
  • minor path fix for mapped domains
  • Code cleanup


  • Fixed – php warning
  • Improved – Error handling & messages
  • Added – Tools tab with reset SSL option


Fixed – issue with review handling


Fatal function fix for 4.4.0


  • Improved – verification process
  • Added – Progress indicator
  • Fixed – Backwards compatibility
  • Improved – Admin interface
  • PRO – Multisite SSL support
  • PRO – SSL support for Multisite domain mapping


  • Updated – ACME Client
  • Improved – Cleaner admin interface
  • Improved – Code improvements


  • Fixed – Force HTTPS for assets both frontend and backend
  • Fixed – Improved wrong challenge code handling
  • PRO – Fixed minor slug thing with Godaddy DNS automation


  • Renamed plugin name from WP LetsEncrypt to WP Encryption to avoid Users from being confused as this plugin is offered by Let’s Encrypt.


  • PRO – WildCard DNS automation for DNS managed by Godaddy
  • Improved – http challenge code rectification


  • Fixed – error fix for 3.3.7


  • Improved – Http challenge code rectification
  • Added – FAQ question for www & non-www SSL


  • Modified – As a backup option, no more SSL forcing for admin
  • Modified – Auto renew 20 days before expiry
  • Fixed – function checks
  • Fixed – minor css


  • Fixed – Plugin fully translatable
  • Fixed – Translation POT file
  • Improved – Several code optimizations
  • Added – Activator & deactivator


  • Fixed – Important bug fix for 3.3.0
  • Please UPDATE


  • Fixed – some of the warnings, notices.
  • Added – ability to revert back to http in case of force HTTPS failure.
  • Added – clean http challenge files after success
  • Added – Generate SSL for both www + non-www version of domain
  • Improved – several wording improvements, email notifications
  • Fixed – important functions & classes


  • Important – Fixed a function for Premium users. Please Update.
  • Improved – Domain verification
  • Added – Faq question


  • Fixed – check SSL before forcing https
  • Updated – Freemius SDK
  • Added – Email notification upon successful certificate generation
  • Fixed – Workarounds for validations
  • Updated – Video tutorials
  • Removed – Unnecessary htaccess override


  • Fixed – error notice
  • Fixed – Force SSL feature blocking site access


  • Removed – forcing of URL to https
  • Added – noscript detection
  • Fixed – text domain fix


  • Improved – log messages
  • Modified – Added support for www based WordPress sites
  • PRO – Special log messages for PRO users


  • Brand New plugin page design
  • Improved automation
  • Cleaner layout & non-confusing SSL generator


  • FIXED – Conflict with other plugin & minor warnings
  • FREE – One click enable HTTPS soon after SSL installation success
  • FREE – Fully automated HTTP validation + ability to manually verify through DNS validation in case of HTTP validation fail.
  • PRO – Fully automated DNS fallback verification for cPanel sites in case of HTTP verification Fail.
  • PRO – Fully automated DNS verification based registration and DNS verification based renewal for Wildcard SSL [Your domain DNS must be managed by cPanel]
  • PRO – For non cPanel sites – We are offering one time installation support for configuring Apache/Nginx server to use SSL certificates generated by WP Encryption [without additional cost]


  • Initial commit