Want a free WordPress SSL Certificate for your website? This article will show you how, but also cover several other security features that are free for your WordPress site to prevent hacks and other malware issues.

Did you know that you can get a free SSL certificate for your WordPress website that is hosted with Bluehost? Well, I didn’t until now, but the story behind how I found this out was a whole other learning experience.

What I discovered I felt was valuable enough to share and will help you protect your WordPress site with the best free security features. that I have come across. If the time it took to write this only helps 1 person, then that is worth it to me.

The Journey Began with a Hack

Tools to prevent Blog SpamI recently had a clients website on his personal hosting account that was hacked with a Blackhat SEO spam URL injection. Basically it is a hack that creates random URLS or spam links that can make your site a security risk to visitors and also trigger a warning to Google that your site has been hacked.

If these hacks are not removed from your site, especially if you are using shared hosting, the chances are your hosting provider is going to shut down your entire hosting account until the hack is fixed.

This is especially not fun if you are hosting several clients websites on that account. I should add, it is not fun either when the hack happens on a Sunday when you’re ready to take a break and watch some sports.

The minute I received notification that the site was hacked, I called my clients hosting provider on his behalf to see if I could go to a previous version his site, change the passwords, etc, etc. But, for whatever reason on that particular Sunday, when my heart was set on watching the PGA British Open, the backup feature could not be accessed due to technical challenges on their end.

And it only gets worse…

Now that I had called and disclosed that the site was hacked, the support representative told me that they had to “…shut off his hosting account until the hack was removed”… great.

I asked for an hour to attempt to fix it before they shut that hosting account down. Nope, I was told that he was forwarding this issue to their hosting security department and they will do a scan, if the site is hacked they will shut it down… and I had approximately 30 min to fix it before they ran that scan.

It was quite obvious the site was hacked.

Hacked Site

 …so off to work I went!

Anti-Malware Security and Brute-Force FirewallI had to find a solution other than spending $300 with Sitelock to clean it, so after doing some fast (and I guess effective) research, I discovered a plugin called “Anti-Malware Security and Brute-Force Firewall“. The thing that caught my eye was in the features: “Run a Complete Scan to automatically remove known security threats and backdoor scripts.” Not having many options at this point I installed it, ran a scan and crossed my fingers.

Maybe crossing my fingers helped, because to my surprise it worked, it found many of the corrupt files. I did not find all the malicious code, but enough to fix it. (See my conversation at WordPress.org support: “tried to access non-existent page“) and did it well within my time frame. I went to Google Search Tools, ran another security check and it passed. Did the same with Bing Webmaster tools and it passed again. Phew! it worked!

And now because of all this, it set me on a path to this:

WordFenceSomewhere along this panic stricken search, discover and pray it works process for getting rid of that hack, I also stumbled upon WordFence, and this is where all the magic happened that led me to finding how to get a free SSL Certificate.

What I found out about WordFence made me wonder what rock I hiding under. WordFence is a security plugin for WordPress with over 22 million downloads and is by far the most popular WordPress security plugin available. (I guess I may have been that last person on Earth to know this, but in case there is one more…)

Wordfence Security is 100% free and open source. They also offer a Premium API key that gives you Premium Support, Country Blocking, Scheduled Scans, Password Auditing, real-time updates to the Threat Defense Feed, two-factor authentication, and they even check if your website IP address is being used to Spamvertize. So, I installed that.

It was several hours later I receive an email from Wordfence:

“Today we are excited to officially launch the Gravityscan trust badge program. As you know, Gravityscan is a project by the Wordfence team to bring malware and vulnerability scanning to all websites. Until now, daily monitoring had been a paid feature of Gravityscan, priced at around $120 per year. The new badge program provides free daily security monitoring for any website.

The Gravityscan trust badge checks your website daily against over 20 blacklists and ensures that your content does not contain links to malicious sites. The program also includes a comprehensive daily scan for malware.”

Gravityscan BadgeSo, in short, you get these important security services at no cost for simply adding this little badge (right) to the homepage of your website. This is not an “ad-supported” model or a bait-and-switch tactic and they say, “This is how we will be doing business for the long term.” Nice. They had me at hello.

After installing both these plugins to this client’s website, I decided it would be a good idea to install WordFence on all my sites. Right after I installed it on the SEO-Alien site I start getting these emails from Gravityscan telling me I have an issue.

Incorrect TLS Certificate Configuration

Really, now another issue?:

So this prompted me to call my host and see what this was all about and they basically told me that I had to buy a SSL certificate. Well, not figuring it was a huge problem I didn’t do anything more.

But now I was getting security alerts like this every day and quite honestly, I was starting to get annoyed. Can I turn this warning off? There may be a way, but I didn’t look. I decided to call Bluehost one more time and this time, things happened differently.

Before I called I was doing research on SSL with Bluehost and found How to activate a free WordPress SSL Certificate, but these instructions led me to a dead end, what they tell you to do here does not work.

So this time I asked the tech support person if that was still available and I was told how to do it. Now keep in mind, this is for WordPress sites only.

How to Get a Free WordPress SSL Certificate with Bluehost

To enable the free SSL certificate on a WordPress site that you are hosting with Bluehost, follow these steps:

  1. Log into your Bluehost Account.
  2. Navigate to your Cpanel
  3. Scroll to Upgrades
  4. Click on SSL
  5. Choose the Domain name and install.

Your SSL certificate will be automatically issued and installed on your server in a matter of minutes. 

In Closing:

SEO-Alien OptimizedI was using other security features on my own hosting accounts, but I feel like I finally found one that I can depend on. Knowing the importance of having a site that you are collecting data from, whether it is an email or a credit card, having a SSL domain will help in trust and SEO.

And this entire journey to discover all this was all a result of a client’s site getting hacked on his own server.

So now I would like to take this opportunity to thank the hacker, you have taught me so much, including how to get a WordPress SSL Certificate for free, on all my websites. You’re awesome!

I also need to mention that the support that came with all these plugins was better than fantastic, shoutout to you as well. Thanks for keeping the Galaxy safe from hackers!

And finally, in case you missed it…

Tweet this Post           Tweet this Post!
About the Author: SEO Alien

Hi! Welcome to the SEO-Alien! Glad to be Found!


Pin It on Pinterest