Chat with us, powered by LiveChat

This website uses cookies

Our website, platform and/or any sub domains use cookies to understand how you use our services, and to improve both your experience and our marketing relevance.

Setup and Install Free SSL Certificates on WordPress Multisite

January 4, 2019

7 Min Read
wordpress multisite ssl
Reading Time: 7 minutes

Whenever you want to create a network of local business with subsites for different owners, the only choice is WordPress Multisite. Note that the only restriction in this scenario is that all the subsites should be hosted on the same hosting provider. However, several tools such as MainWP can help you to manage individual WordPress sites regardless of hosting provider.

Popularity has its own hazards, so is the case with WordPress. It has now become the most favorite target for hackers out to steal form submission data. Here it should be noted that this data can include user credentials and financial information such as credit card details etc.

Table of Contents

  • Add SSL Certificates on WordPress Multisite
    • Let’s Encrypt Wildcard Feature for Subdomains
    • WordPress Multisite SSL Certificate for Mapped Domains
    • Changing URL to HTTPS
    • Identify Mix Content
    • Auto Redirect from HTTP to HTTPS
    • Add HTTPS to Google Search Console
    • Add SSL Certificates to WordPress Multisite Subdirectory
  • Final Thoughts

To prevent this, experts highly recommend WordPress Multisite SSL. Secure Socket Layer (SSL) is a secured encrypted protocol which makes the data transportation over the internet completely secured and unreadable by malicious users/bots.

Several researchers started an open-source project titled Let’s Encrypt to promote information security shared over the internet. Let’s Encrypt SSL certificates act as a bridge between a user’s browser and the server. It makes sure that the user’s communication is encrypted and secure on the Internet.

We, at Cloudways, provide Let’s Encrypt Free SSL certificates to help secure the applications for our customers. We have received many queries regarding setting up WordPress Multisite SSL certificates on the Cloudways.

Therefore, in this article, I will discuss how you can easily install WordPress Multisite SSL certificates on all the subsites.

First things first, if you don’t have a Cloudways account, sign up to experience Multisite managed WordPress hosting or log in to your existing account and install a WordPress Multisite. If you need help, just read our guide to setting up a WordPress Multisite Network.

Add SSL Certificates on WordPress Multisite

Once WordPress Multisite is installed and configured properly, go to the WordPress Multisite Application and map your primary domain under the Domain Management section.

Once the primary domain is pointed and successfully propagated from the domain registrar, go ahead and add subdomains of the other WordPress subsites in the Multisite setup.

If you are not sure about adding the subdomains, then go back to the Domain Management tab and under Additional Domain, section adds subdomains and click ‘Save Changes’ button.

Now, navigate to the SSL certificate tab, and follow the next steps for adding SSL certificates to WordPress Multisite and the subdomain.

Let’s Encrypt Wildcard Feature for Subdomains

Back in January 2018, Let’s Encrypt introduced its wildcard feature which was promptly adopted by Cloudways platform. This feature lets users add SSL certificates to subdomains easily.

This is ideal for WordPress Multisite Network comprising of multiple subdomains as it eliminates the need for adding SSL certificates individually for each subdomain.

Once subdomains are added to the Domain Management tab, navigate to the SSL Certificate tab and check the box for Wildcard in front of the domain name field.

Now add a new CNAME record to your domain registrar. For the purpose of this article, I have added an entry with the hostname as ‘_acme-challenge’ and value similar to my WordPress staging URL as highlighted in the screenshot above.

Note that In this example I am using Namecheap as the domain registrar.

Verify DNS before installing the SSL Wildcard feature. You can verify if the CNAME is propagated or not by using the online tool, whatsmydns.

Copy the whole URL _acme-challenge.DOMAIN NAME inside the input field and run the test.

That’s it! Once the CNAME record is propagated successfully, SSL certificates will be applied to all subdomains automatically.

WordPress Multisite SSL Certificate for Mapped Domains

 In order to assign separate domain names to subsites of WordPress multisite network, add additional domain fields to the SSL Certificate tab.

This will apply an SSL certificate to all the domains in the list.

Now, remember to add domains in the Domain Management tab just like I did earlier when adding Additional Domains so that the WordPress multisite network can recognize which domain name belongs to which subsite.

In case your Multisite is a mix of subdomains and multiple mapped domains, you need to add each subdomain and the mapped domain separately in the list under the SSL Certificate tab.

Wildcard feature is best suited for the Multisite networks that using only the subdomain setup. This is the easiest way of applying an SSL certificate to multiple subsites.

Changing URL to HTTPS

In order to change internal URLs, go to the WordPress admin panel. Go to SettingsGeneral. Change WordPress and site address URL from HTTP to HTTPS. Hit the Save Changes button to save the new settings.

general settings page

Identify Mix Content

In this guide, I am more focused on subdomains so it is important to make sure that the URL of all the subdomains are same. It is not uncommon in Multisite setup to have a mix of HTTP and HTTPS URL.

This is why it is important to make sure that all the URL have the same protocol (preferably HTTPS).  To find this issue in the URL, use an online tool by JitBit to check for non-SSL content.

Copy and paste your root URL and begin the test. It will crawl your site and list all the URL with the HTTP prefix.

JitBit

Fixing them is easy with a plugin WP Migrate DB. Go to PluginsAdd new and install this plugin. Once installed, go to plugin settings and click on the first tab which says Migrate.

Migrate DB

Paste the old URLs inside Find columns and new URLs with HTTPS in Replace columns. Hit Find & Replace button to start the process.

Auto Redirect from HTTP to HTTPS

It is also important to redirect your visitors automatically from HTTP to HTTPS addresses. This is also needed in case your site is using backlinks from other sites which still uses HTTP and are not updated by their website owners.

To do so, you have to make a few adjustments in your WordPress .htaccess file.

Note: Altering .htaccess file is a risk and if things go wrong, it can damage your WordPress site. It is recommended to take a backup of your .htaccess file before making any changes.

Now that you have backed up your .htaccess file, access the file from your root directory and open it in the text editor of your choice. At the beginning of the document, add the following lines.

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

Your final .htaccess file should look something like this.

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

Add HTTPS to Google Search Console

Google crawl your WordPress site to update its records of the structure and content of your website. At this point, Google does not know yet that my website is now on HTTPS.

In order to track HTTPS links in Google, I need to login to Google Analytics dashboard. Inside the Admin area, locate your desired property and click on Property Settings.

Google analytics property

From the drop-down menu, change the Default URL from HTTP to HTTPS.

GA default URL

Navigate back to the previous step and click on View tab.

navigate to view

Here, you can find the Website’s URL drop-down. Select HTTPS from the list.

website URL

That’s it! Now Google will start tracking your new URLs with HTTPS.

Add SSL Certificates to WordPress Multisite Subdirectory

It should be noted here that the above guide was for subdomains only. If your WordPress Multisite Network is based on subdirectories, you just need to add an SSL certificate for the primary (main) domain only. There is no need to do any additional work to add SSL for subdirectories of WordPress Multisite.

Congratulations! You are done with WordPress Multisite SSL setup.

Final Thoughts

Google ranks SSL certified websites higher in SERP. Not only this, Google Chrome, the most-used web browser started marking non-SSL protected sites as “Not Secure”. This can be threatening to your business, potential visitors and buyers as they will not visit your unsecured website again.

Isn’t it easy enough to install SSL on WordPress Multisite network? But, still, if you have any query, feel free to ask in the comments section below. I would love to answer.

Share your opinion in the comment section. COMMENT NOW

Share This Article

Start Growing with Cloudways Today!

We never compromise on performance, security, and support.

Mustaasam Saleem

Mustaasam is the WordPress Community Manager at Cloudways - A Managed WordPress Hosting Platform, where he actively works and loves sharing his knowledge with the WordPress Community. When he is not working, you can find him playing squash with his friends, or defending in Football, and listening to music. You can email him at mustaasam.saleem@cloudways.com

Get Our Newsletter
Be the first to get the latest updates and tutorials.

Do you like what you read?

Get the Latest Updates

Share Your Feedback

Please insert Content

Thank you for your feedback!

BFCM 2019