Last update: 11/27/21

Want a free WordPress SSL Certificate for your website? This article will show you how, but also cover several other security features that are free for your WordPress site to prevent hacks and other malware issues.

How to Get a Free WordPress SSL Certificate
Did you know that you can get a free SSL certificate for your WordPress website that is hosted with Bluehost? Well, I didn't until now, but the story behind how I found this out was a whole other learning experience.

What I discovered I felt was valuable enough to share and will help you protect your WordPress site with the best free security features. that I have come across. If the time it took to write this only helps 1 person, then that is worth it to me.

The Journey Began with a Hack

We recently had a clients website on his personal hosting account hacked with a Blackhat SEO spam URL injection.

Basically it is a hack that creates random URLS or spam links that can make your site a security risk to visitors and also trigger a warning to Google that your site has been hacked.

If these hacks are not removed from your site, especially if you are using shared hosting, the chances are your hosting provider is going to shut down your entire hosting account until the hack is fixed.

This is especially not fun if you are hosting several clients websites on that account. I should add, it is not fun either when the hack happens on a Sunday when you're ready to take a break and watch some sports.

The minute I received notification that the site was hacked, I called my clients hosting provider on his behalf to see if I could go to a previous version his site, change the passwords, etc, etc. But, for whatever reason on that particular Sunday, when my heart was set on watching the PGA British Open, the backup feature could not be accessed due to technical challenges on their end.

And it only gets worse...

Now that I had called and disclosed that the site was hacked, the support representative told me that they had to "...shut off his hosting account until the hack was removed"... great.

I asked for an hour to attempt to fix it before they shut that hosting account down. Nope, I was told that he was forwarding this issue to their hosting security department and they will do a scan, if the site is hacked they will shut it down... and I had approximately 30 min to fix it before they ran that scan.

It was quite obvious the site was hacked.

Hacked Site

 ...so off to work I went!

Anti-Malware Security and Brute-Force FirewallI had to find a solution other than spending $300 with Sitelock to clean it, so after doing some fast (and I guess effective) research, I discovered a plugin called "Anti-Malware Security and Brute-Force Firewall". The thing that caught my eye was in the features: "Run a Complete Scan to automatically remove known security threats and backdoor scripts." Not having many options at this point I installed it, ran a scan and crossed my fingers.Maybe crossing my fingers helped, because to my surprise it worked, it found many of the corrupt files. I did not find all the malicious code, but enough to fix it. (See my conversation at WordPress.org support: "tried to access non-existent page") and did it well within my time frame. I went to Google Search Tools, ran another security check and it passed. Did the same with Bing Webmaster tools and it passed again. Phew! it worked!

And now because of all this, it set me on a path to this:

WordFenceSomewhere along this panic stricken search, discover and pray it works process for getting rid of that hack, I also stumbled upon WordFence, and this is where all the magic happened that led me to finding how to get a free SSL Certificate.

What I found out about WordFence made me wonder what rock I hiding under. WordFence is a security plugin for WordPress with over 22 million downloads and is by far the most popular WordPress security plugin available. (I guess I may have been that last person on Earth to know this, but in case there is one more...)

Wordfence Security is 100% free and open source. They also offer a Premium API key that gives you Premium Support, Country Blocking, Scheduled Scans, Password Auditing, real-time updates to the Threat Defense Feed, two-factor authentication, and they even check if your website IP address is being used to Spamvertize. So, I installed that.

Get a Free WordPress SSL Certificate with Bluehost

To enable the free SSL certificate on a WordPress site that you are hosting with Bluehost, follow these steps:

  1. Log into your Bluehost Account.
  2. Navigate to your Cpanel
  3. Scroll to Upgrades
  4. Click on SSL
  5. Choose the Domain name and install.

Your SSL certificate will be automatically issued and installed on your server in a matter of minutes. 

In Closing:

I was using other security features on my own hosting accounts, but I feel like I finally found one that I can depend on. Knowing the importance of having a site that you are collecting data from, whether it is an email or a credit card, having a SSL domain will help in trust and SEO.

And this entire journey to discover all this was all a result of a client's site getting hacked on his own server.

So now I would like to take this opportunity to thank the hacker, you have taught me so much, including how to get a WordPress SSL Certificate for free, on all my websites. You're awesome!

I also need to mention that the support that came with all these plugins was better than fantastic, shoutout to you as well. Thanks for keeping the Galaxy safe from hackers!

SEO Alien
"Helping small businesses with smaller budgets compete with big brands with bigger budgets in the online market space since 2009."

About the Author:

The SEO-Alien is a project started in 2009 regarding all things online marketing. The site started out more of a diary of predictions, suggestions and references to things I frequently used for online marketing... before social media marketing was even an option.

I hope you find the information and tools presented here useful and something worth sharing with others.

If there is anything else about online marketing or any online advertising strategy you think would be helpful, please let me know.


Some of the links on this page may be "affiliate links", a link with a special tracking code. This means we may get paid commission on sales of those products or services we write about. The price of the item is the same whether it is an affiliate link or not. Regardless, we only recommend products or services we have used, tested and believe will add value to our readers and our editorial content is not influenced by advertisers or affiliate partnerships. Basically, we may earn some much needed 🐶 biscuit money, and we genuinely appreciate your support.

This disclosure is provided in accordance with the Federal Trade Commission’s 16 CFR § 255.5: Guides Concerning the Use of Endorsements and Testimonials in Advertising.