Really Simple SSL: Improve WordPress Security The Easy Way

Really Simple SSL: Improve WordPress Security The Easy Way thumbnail

Running a website can be a bit like hosting a haunted-house party: invite people to a kooky mansion, and no one shows up (poltergeists notwithstanding). To make it a success, you need to provide a safe, welcoming environment for your guests.

And that’s essentially what Really Simple SSL does for your site.

Banner for Really Simple SSL's plugin with options to download and live preview.

This super-popular WordPress plugin makes it easy for website owners to upgrade to HTTPS. In turn, upgrading helps to maintain visitor security. It also signals to search engines that your site is the hottest ticket in town. Sounds great, doesn’t it?

In this quick guide, we’ll take a look at what Really Simple SSL can do, how to install the plugin, and some of the alternatives to consider. Let’s get the party started!

What Is SSL Exactly?

DreamHost Glossary

SSL/TLS

SSL stands for secure sockets layer. SSL is a protocol for maintaining a secure connection and protecting sensitive data to keep internet users safe during online transactions, login sequences, and more. Transport layer security (TLS) is the successor to SSL that’s in place today and handles vulnerabilities even more effectively.

Read More

Secure Sockets Layer, or SSL, is basically the secret handshake of the internet. It’s a cryptographic protocol that ensures that hosting servers and web browsers can talk to each other without any uninvited creeps eavesdropping on the conversation.

On a more technical level, SSL works like this:

  • When you visit a website, the hosting server “shakes hands” with your web browser.
  • The browser then asks the server for an ID.
  • In response to incoming requests, the server produces a valid certificate to prove its identity.
  • After the certificate has been checked, the server and browser open a secure connection via HTTPS.
  • Once the connection is established, all data that’s transferred between the server and the browser is encrypted.
An infographic of the SSL handshake process with steps like Hello, Agreement, Verification, Key Swap, and Data Transfer.

This process ensures that sneaky hackers can’t set up a fake server or spy on your connection to steal any personal information. Plus, search engines tend to prefer sites that are secure in this way.

Fun fact: SSL was replaced a few years ago by TLS (Transport Layer Security). However, because TLS performs the same function, we generally talk about SSL.

What Is Really Simple SSL?

Really Simple SSL is a plugin that simplifies setting up SSL on your WordPress website.

More specifically, the plugin installs a free SSL certificate, if required, and configures your site to use HTTPS. (With many of our DreamHost hosting plans, we do this for you.)

In addition to this initial set-up process, Really Simple SSL can run a security health check on your hosting server and help you mitigate WordPress’s weaknesses.

It can even notify you about vulnerabilities that pop up in the plugin, theme, and WordPress core updates.

Why Really Simple SSL Is Probably Your Best Option

What makes Really Simple SSL the standout choice? There are five main reasons:

  1. It’s the simplest solution: This plugin lives up to its name. There are multiple ways to set up SSL and HTTPS, but none are as easy and straightforward as using Really Simple SSL.
  2. Intelligent automation: When you set up HTTPS manually, there’s always a chance of introducing the occasional typo. Really Simple SSL helps you avoid this issue by automating much of the process. The automation also extends to troubleshooting mixed content errors and other common issues that arise when you implement SSL/HTTPS.
  3. A specialized tool: Many full-featured security plugins include SSL setup as an option. But if your main goal is setting up SSL, Really Simple SSL is completely focused on WordPress HTTPS migrations.
  4. Streamlined performance: While sprawling security plugins sometimes add weight to your site, Really Simple SSL is like a feather. The lightweight nature of this plugin also makes for fewer compatibility problems.
  5. Outstanding reviews: Really Simple SSL has a perfect 5-star average rating, from over 9,000 submissions in the official WordPress Plugin Directory. And at the time of writing, 32 out of 34 issues raised in the past two months have been resolved.

These features are pretty compelling, aren’t they? With over five million active installations, it’s obvious users are enjoying it.

Really Simple SSL Use Cases

Not sure whether you need an SSL plugin? To make the answer crystal clear, let’s run through the main use cases for Really Simple SSL:

  • New WordPress sites: If you’re starting from scratch, Really Simple SSL can help you make your site secure. The plugin ensures HTTPS is properly configured, helping you to avoid common pitfalls.
  • Upgrading existing sites to HTTPS: If your existing site doesn’t yet run SSL/HTTPS, you should probably upgrade for improved security and SEO benefits. Really Simple SSL automates the transition, so content like images and links are loaded properly via the secure HTTPS protocol.
  • Sites with mixed HTTP/HTTPS content: Some WordPress sites end up with an ugly mixture of HTTPS and HTTP content because of site migrations, plugin conflicts, or manual HTTPS setups. This can create security vulnerabilities and even break your site. Luckily, Really Simple SSL has a mixed content fixer.
  • Subdomains that need HTTPS: Maintaining HTTPS across multiple subsites or subdomains can be complicated. Really Simple SSL supports multisite installation, meaning subsites are automatically configured to use HTTPS.

Get Content Delivered Straight to Your Inbox

Subscribe to our blog and receive great content just like this delivered straight to your inbox.

How To Set Up Really Simple SSL

Assuming your site falls into one of these categories above, you should install Really Simple SSL. Here’s your jargon-free quickstart guide:

1. Install The Plugin

To get started, log in to your WordPress Dashboard and navigate to Plugins > Add New Plugin via the side menu.

Plugins menu from the WordPress sidebar with the button "Add New Plugin" selected.

Next, search for really simple ssl in the search box in the top-right. This is the plugin you’re looking for:

"really simple ssl" typed into the search bar under "Add Plugins" with the option on the left selected.

Tap Install Now, and then Activate.

Dialog box showing the "Activate" blue button highlighted under Really Simple SSL plugin.

2. Basic Configuration

Once Really Simple SSL is activated, the plugin will scan your site configuration.

Most web hosts today, including DreamHost, provide SSL certificates. If this applies to your hosting plan, you can simply walk through the setup process:

From your lefthand navigation menu, select Plugins > Installed Plugins. Type really simple in the search bar and then select Settings.

Dialog box showing Really Simple SSL plugin on WordPress with really simple typed in the search bar and "Settings" selected.

Click the blue Activate SSL button on the plugin options screen.

Next, enter your web host when prompted. Then click on Activate SSL.

DreamHost entered in the "Hosting Provider" field and the "Activate SSL" button selected.

Choose whether you want Really Simple SSL’s additional security hardening features. When you’re done, click Enable (or you can choose to Skip at this time).

Dialog box "Thanks for updating!" with information on new Really Simple SSL features and the "Enable" button selected.

Now, enter your email address (you need to complete email verification to access certain options).

Choose whether you want to install the optional security and privacy plugins.

Complete the process by clicking Finish.

And just like that, you’re done! Your website should now be secure with HTTPS. Test it by typing your website address into your browser, and tapping the icon next to the address. The drop-down should confirm that your site is secure!

Setting Up An SSL Certificate

Unfortunately, not all web hosting providers give you SSL as a standard feature. But fear not, dear friend! Really Simple SSL allows you to generate a free certificate via Let’s Encrypt.

Here’s how to do it:

  1. After the initial scan, Really Simple SSL will inform you that “No SSL certificate has been detected.” Click on Install SSL Certificate.
  2. The plugin will dive deeper to check whether your site is ready for SSL. Assuming you meet the criteria, you can click Save and Continue.
  3. To register your SSL certificate, the plugin will then ask you for a contact email address and a few other details. Fill these out, and then click Save and Continue.
  4. Next, Really Simple SSL will ask you to add information about your hosting management software (e.g., cPanel). Fill out the form, and smash that Save and Continue button.
  5. In some cases, you might be asked to verify your DNS records. The wizard will guide you through any steps you need to take.
  6. Really Simple SSL will generate your SSL certificate. It might install automatically. Otherwise, follow the steps provided by the wizard to install your certificate manually.

Et voilà! You should be ready to transition to SSL.

Keep in mind that some hosts don’t allow you to generate and install SSL certificates so easily. If you’re encountering problems along the way, check this list to see if your host supports Really Simple SSL.

3. Security Checkup

Once you’ve completed the installation process, it’s worth checking that SSL is working properly. 
Start by typing in the URL of your website, with https:// at the beginning. Then click on the View site information icon to the immediate left of the address bar.

Connection is secure

Click Connection is secure and you should see a “Connection is secure” message.

Click Connection is secure

If you encounter problems here, it might be because of mixed content errors.

All good? Next, visit the Really Simple SSL plugin settings under Settings > SSL & Security. Here, you can run a quick SSL health check.

Health check showing A+ with fields like Valid Certificate and No TLS 1.1. in green. Last check performed 11 hours ago.

While you’re there, you can also check for any security issues under the vulnerability measures section.

Vulnerabilities dialog box showing 2 vulnerabilities and 35 updates with button to Learn More and Updates.

Follow the instructions here to fortify your site!

Really Simple SSL Alternatives

As you can tell, we love Really Simple SSL. There are other options, though. Here are some of the key alternatives:

  • Cloudflare (Flexible SSL): This CDN (content delivery network) comes with basic SSL capabilities.
  • Manual installation: For advanced users who want total control, configuring SSL manually might be a better option.
  • Other WordPress SSL plugins: Plugins like SSL Zen offer extra features, such as email reminders for expiring SSL certificates.

Really Simple SSL FAQs

Still have questions? We have answers! Here are some of the most questions we get about Really Simple SSL:

Is Really Simple SSL free?

All the basic features are free, yes. You only need to pay for advanced security options.

Does Really Simple SSL slow down my website?

No. This particular plugin is really lightweight. But remember, the encryption of SSL does take a little time.

Will Really Simple SSL break my site?

It shouldn’t. But it’s worth backing up your site before you install the plugin. If you have problems, try clearing your browser cache, and make sure you don’t have conflicting redirect rules in your .htaccess file.

Make WordPress More Secure

Adding SSL to your site is highly recommended, and Really Simple SSL makes it super easy. With the right hosting provider, you can upgrade your site in minutes.

At DreamHost, all our shared hosting plans come with SSL certificates. On some plans, like DreamPress, you don’t even need to install the certificate!

We also offer free daily site backups, 100% uptime, and 24/7 expert support — starting at just $2.59 per month.

Want to try it for yourself? Sign up today to give your WordPress site the hosting it deserves!

Protect Your Website with DreamHost

Our automatic updates and strong security defenses take server management off your hands so you can focus on your customers.

managed WordPress hosting provider
Photo of Jos Velasco
About the Author:

Jos Velasco is a WordPress Professional Consultant at DreamHost. His responsibilities include helping with advanced WordPress cases, creating training material, and identifying trends impacting the WordPress community. In his free time, he enjoys climbing mountains, eating healthy, and watching drama movies. Follow Jos on LinkedIn: https://www.linkedin.com/in/josvelasco/