Whenever you want to create a network of local business with subsites for different owners, the only choice is WordPress Multisite. Note that the only restriction in this scenario is that all the subsites should be hosted on the same hosting provider. However, several tools such as MainWP can help you to manage individual WordPress sites regardless of hosting provider.
Popularity has its own hazards, so is the case with WordPress. It has now become the most favorite target for hackers out to steal form submission data. Here it should be noted that this data can include user credentials and financial information such as credit card details etc.
- How to Install and Use a WordPress Multisite SSL Certificate
- Step 1: Let’s Encrypt WordPress Multisite SSL (Wildcard Feature for Subdomains)
- Step 2: WordPress Multisite SSL Certificate for Mapped Domains
- Step 3: Changing URL to HTTPS
- Step 4: Identify Mix Content
- Step 5: Auto Redirect from HTTP to HTTPS
- Step 6: Add HTTPS to Google Search Console
- Step 7: Add SSL Certificates to WordPress Multisite Subdirectory
To prevent this, experts highly recommend launching your website on a secure WordPress host and getting a WordPress Multisite SSL certificate. Secure Socket Layer (SSL) is a secured encrypted protocol which makes the data transportation over the internet completely secured and unreadable by malicious users/bots.
Several researchers started an open-source project titled Let’s Encrypt to promote information security shared over the internet. Let’s Encrypt SSL certificates act as a bridge between a user’s browser and the server. It makes sure that the user’s communication is encrypted and secure on the Internet.
We, at Cloudways, provide free WordPress Multisite Let’s Encrypt SSL certificates to help secure the applications for our customers. We have received many queries regarding setting up WordPress Multisite SSL certificates on the Cloudways.
Therefore, in this article, I will discuss how you can easily install WordPress Multisite SSL certificates on all the subsites.
First things first, if you don’t have a Cloudways account, sign up to experience Multisite managed WordPress hosting or log in to your existing account and install a WordPress Multisite. If you need help, just read our guide to setting up a WordPress Multisite Network.
Keep hackers well out of all your WordPress websites
Hire a Cloudways Expert to keep your applications secure with WordPress Multisite SSL.
How to Install and Use a WordPress Multisite SSL Certificate
Once WordPress Multisite is installed and configured properly, go to the WordPress Multisite Application and map your primary domain under the Domain Management section.
Once the primary domain is pointed and successfully propagated from the domain registrar, go ahead and add subdomains of the other WordPress subsites in the Multisite setup.
If you are not sure about adding the subdomains, then go back to the Domain Management tab and under Additional Domain, section adds subdomains and click ‘Save Changes’ button.
Now, navigate to the SSL certificate tab, and follow the next steps for adding SSL certificates to WordPress Multisite and the subdomain.
Let’s Encrypt WordPress Multisite SSL (Wildcard Feature for Subdomains)
Back in January 2018, Let’s Encrypt introduced its wildcard feature which was promptly adopted by Cloudways platform. This feature lets users add SSL certificates to subdomains easily.
This is ideal for WordPress Multisite Network comprising of multiple subdomains as it eliminates the need for adding SSL certificates individually for each subdomain.
Once subdomains are added to the Domain Management tab, navigate to the SSL Certificate tab and check the box for Wildcard in front of the domain name field.
Now add a new CNAME record to your domain registrar. For the purpose of this article, I have added an entry with the hostname as ‘_acme-challenge’ and value similar to my WordPress staging URL as highlighted in the screenshot above.
Note that In this example I am using Namecheap as the domain registrar.
Verify DNS before installing the SSL Wildcard feature. You can verify if the CNAME is propagated or not by using the online tool, whatsmydns.
Copy the whole URL _acme-challenge.DOMAIN NAME inside the input field and run the test.
That’s it! Once the CNAME record is propagated successfully, SSL certificates will be applied to all subdomains automatically.
WordPress Multisite SSL Certificate for Mapped Domains
In order to assign separate domain names to subsites of WordPress multisite network, add additional domain fields to the SSL Certificate tab.
This will apply an SSL certificate to all the domains in the list.
Now, remember to add domains in the Domain Management tab just like I did earlier when adding Additional Domains so that the WordPress multisite network can recognize which domain name belongs to which subsite.
In case your Multisite is a mix of subdomains and multiple mapped domains, you need to add each subdomain and the mapped domain separately in the list under the SSL Certificate tab.
Wildcard feature is best suited for the Multisite networks that using only the subdomain setup. This is the easiest way of applying an SSL certificate to multiple subsites.
Changing URL to HTTPS
In order to change internal URLs, go to the WordPress admin panel. Go to Settings → General. Change WordPress and site address URL from HTTP to HTTPS. Hit the Save Changes button to save the new settings.
Identify Mix Content
In this guide, I am more focused on subdomains so it is important to make sure that the URL of all the subdomains are same. It is not uncommon in Multisite setup to have a mix of HTTP and HTTPS URLs.
This is why it is important to make sure that all the URLs have the same protocol (preferably HTTPS). To find this issue in the URL, use an online tool by JitBit to check for non-SSL content.
Copy and paste your root URL and begin the test. It will crawl your site and list all the URLs with the HTTP prefix.
Fixing them is easy with a plugin WP Migrate DB. Go to Plugins → Add new and install this plugin. Once installed, go to plugin settings and click on the first tab which says Migrate.
Paste the old URLs inside Find columns and new URLs with HTTPS in Replace columns. Hit Find & Replace button to start the process.
Auto Redirect from HTTP to HTTPS
It is also important to redirect your visitors automatically from HTTP to HTTPS addresses. This is also needed in case your site is using backlinks from other sites which still uses HTTP and are not updated by their website owners.
To do so, you have to make a few adjustments to your WordPress .htaccess file.
Note: Altering .htaccess file is a risk and if things go wrong, it can damage your WordPress site. It is recommended to take a backup of your .htaccess file before making any changes.
Now that you have backed up your .htaccess file, access the file from your root directory and open it in the text editor of your choice. At the beginning of the document, add the following lines.
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
Your final .htaccess file should look something like this.
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
Add HTTPS to Google Search Console
Google crawls your WordPress site to update its records of the structure and content of your website. At this point, Google does not know yet that my website is now on HTTPS.
In order to track HTTPS links in Google, I need to log in to Google Analytics dashboard. Inside the Admin area, locate your desired property and click on Property Settings.
From the drop-down menu, change the Default URL from HTTP to HTTPS.
Navigate back to the previous step and click on the View tab.
Here, you can find the Website’s URL drop-down. Select HTTPS from the list.
That’s it! Now Google will start tracking your new URLs with HTTPS.
Add SSL Certificates to WordPress Multisite Subdirectory
It should be noted here that the above guide was for subdomains only. If your WordPress Multisite Network is based on subdirectories, you just need to add an SSL certificate for the primary (main) domain only. There is no need to do any additional work to add SSL for subdirectories of WordPress Multisite.
Congratulations! You are done with the WordPress Multisite SSL setup.
Summary
Google ranks SSL certified websites higher in SERP. Not only this, Google Chrome, the most-used web browser started marking non-SSL protected sites as “Not Secure”. This can be threatening to your business, potential visitors, and buyers as they will not visit your unsecured website again.
Isn’t it easy enough to install SSL on WordPress Multisite network? But, still, if you have any queries, feel free to ask in the comments section below. I would love to answer.
Customer Review at 
“Beautifully optimized hosting for WordPress and Magento”
Arda Burak [Agency Owner]
Mustaasam Saleem
Mustaasam is the WordPress Community Manager at Cloudways. Where he actively works and loves sharing his knowledge with the WordPress Community. When he is not working, you can find him playing squash with his friends, or defending in Football, and listening to music.
