---
title: "How to Install the Really Simple SSL WordPress Plugin"
description: "In this guide we’ll show you how to install the Really Simple SSL WordPress plugin. It’s often easier to use such a plugin to force a large, existing WordPress site to use a free or paid SSL..."
url: https://www.inmotionhosting.com/support/edu/wordpress/how-to-install-wp-really-simple-ssl-plugin/
date: 2020-10-05
modified: 2023-07-17
author: "InMotion Hosting Contributor"
categories: ["WordPress Tutorials"]
type: post
lang: en
---

# How to Install the Really Simple SSL WordPress Plugin

In this guide we’ll show you how to install the [Really Simple SSL](https://www.inmotionhosting.com/support/website/ssl/how-to-force-https-using-the-htaccess-file/) WordPress plugin. It’s often easier to use such a plugin to force a large, existing WordPress site to use a [free or paid SSL certificate](https://www.inmotionhosting.com/support/website/ssl/auto-ssl-guide/) (HTTPS) than attempting an [.htaccess redirect](https://www.inmotionhosting.com/support/website/ssl/how-to-force-https-using-the-htaccess-file/) and manually fixing mixed content errors (not to be confused with [Self-Signed SSL Certificate Warning](https://www.inmotionhosting.com/support/website/ssl/self-signed-ssl-certificate-warning/)). This is why we recommend this plugin which forces all images to display over a secure connection to negate mixed content errors. This can easily be tested using a security test site like [WhyNoPadLock.com](https://www.whynopadlock.com/).

Warning: Before you force any website to HTTPS, ensure you’ve installed a properly signed [paid SSL](https://www.inmotionhosting.com/support/amp/how-do-i-obtain-an-ssl-certificate/) or [FreeSSL](https://www.inmotionhosting.com/support/website/ssl/auto-ssl-guide/). If your SSL is self-signed your browser will [display a security error](https://www.inmotionhosting.com/support/website/ssl/self-signed-ssl-certificate-warning/).

Below we cover:

- [Really Simple SSL installation options](#install) wp:list /wp:list
  - [WordPress dashboard](#dashboard)
  - [WP-CLI](#wpcli)
  - [Manually](#manual)
- [Configure Really Simple SSL](#configure)
- [Disable .htaccess redirects](#disable)

Optimize WordPress speed immediately with our Nginx-powered [WordPress Hosting](https://www.inmotionhosting.com/wordpress-hosting).

https://youtu.be/9SP9KSWpWTk

## Installing Really Simple SSL

You can install Really Simple SSL with the [WordPress dashboard](#dashboard), [WP-CLI](#wpcli) or [manual installation](#manual).

### Install from the Dashboard

1. [Log in to your WordPress dashboard](https://www.inmotionhosting.com/support/edu/wordpress/logging-into-wordpress-dashboard/).
2. Install the Really Simple SSL plugin and activate it.
3. On the left, hover over *Settings* and select **SSL**.

### Installing via WP-CLI

Starting with **version 3.1.6**, the plugin developers improved ease of use for advanced users with dedicated [WP-CLI commands](https://www.inmotionhosting.com/support/edu/wordpress/wp-cli/) to handle important tasks via SSH.

1. [Log into SSH](https://www.inmotionhosting.com/support/server/ssh/do-you-provide-ssh-access/).
2. [Install and activate Really Simple SSL](https://www.inmotionhosting.com/support/edu/wordpress/wp-cli/install-a-plugin-using-wp-cli/) using the following command: wp plugin install really-simple-ssl --activateNote: Activating the plugin will not automatically force HTTPS for the website.
3. If you've already installed an SSL for your website, execute the following command to change your WordPress settings to force SSL usage: wp rsssl activate_ssl Once complete, you should see “**Success:** SSL activated.”
4. [Clear your browser cache](https://www.inmotionhosting.com/support/website/how-to-clear-browser-cache-for-major-browsers/) or [start a private browsing session](https://www.inmotionhosting.com/support/resources/how-to-start-a-private-browsing-session/) and visit your website *without HTTPS*. It should redirect to HTTPS with no errors.
5. Configure your website to [ensure AutoSSL updates with Really Simple SSL enabled](http://#autossl) (if applicable for cPanel server environments).

![Install Really Simple SSL with WP-CLI](https://www.inmotionhosting.com/support/wp-content/uploads/2020/10/really-simple-ssl-wp-cli.png)

If you have an issue after activating the plugin, you can undo the changes in with `wprsssl deactivate_ssl`. Check for more WP-CLI commands with `wp help rsssl`.

### Installing Manually

1. To install the plugin manually, download the plugin zip file from [WordPress.org](https://wordpress.org/plugins/really-simple-ssl/#installation).
2. [Upload the zip file](https://www.inmotionhosting.com/support/edu/cpanel/how-to-upload-a-file-using-file-manager-in-cpanel/) and [extract the folder](https://www.inmotionhosting.com/support/edu/cpanel/compressing-uncompressing-files/#uncompress) to the website’s `wp-content/plugins` folder.
3. Log into your WordPress site or use the WP-CLI command to activate the plugin:wp plugin activate really-simple-ssl

## Configuring Really Simple SSL

1. Ensure you have installed a free or paid SSL. You can test this by visiting “https://youdomain.com” in your web browser. It shouldn’t be a self-signed SSL. Otherwise, your website will [display a security error](https://www.inmotionhosting.com/support/website/ssl/self-signed-ssl-certificate-warning/).
2. Create a [cPanel backup](/support/edu/cpanel/cpanel-backups/#wizard) or WordPress backup and download it to your local workstation per [WordPress security best practices](https://www.inmotionhosting.com/support/edu/wordpress/10-ways-to-secure-wordpress/).
3. Once you’re ready to force your website to only use a secure connection, you can activate the SSL function. [Log into your WordPress dashboard](https://www.inmotionhosting.com/support/edu/wordpress/logging-into-wordpress-dashboard/).
4. You can enable it from the *Installed Plugins* page or the plugin notification at the top of your WordPress dashboard by selecting **Go ahead, activate SSL!** You'll be redirected to the Really Simple SSL Configuration page to check the status of related settings.
5. (Optional) For better performance, you can enable the 301 .htaccess redirect option by selecting **Enable** in the *Settings* tab at the top. Then, select the **Enable 301 .htaccess redirect** slider.
6. **Save** any changes made at the bottom of the page.
7. Test your website’s new 301 redirect by opening a [private browser session](https://www.inmotionhosting.com/support/resources/how-to-start-a-private-browsing-session/) and navigating to your website without HTTPS – e.g. domain.com. It should automatically redirect to HTTPS.

![Really Simple SSL plugin configuration options](https://www.inmotionhosting.com/support/wp-content/uploads/2020/10/really-simple-ssl-configuration-1024x549.png)

If you get locked out of your website after enabling the .htaccess redirect, follow official documentation to [prevent Really Simple SSL from editing .htaccess](https://really-simple-ssl.com/knowledge-base/remove-htaccess-redirect-site-lockout/).

Afterwards, you’ll want to ensure you update any URL’s for your website shared elsewhere. You can recheck your redirect results at [WhyNoPadLock.com](https://www.whynopadlock.com/). For more information on improving your WordPress site, please see or [Recommended WordPress Plugins](https://www.inmotionhosting.com/support/edu/wordpress/plugins/recommended-security-plugins/).

Note that the premium items on the Configuration page require a [paid subscription](https://www.inmotionhosting.com/support/edu/wordpress/plugins/http-headers-security/) to the plugin provider. They do NOT indicate an issue with the plugin. If you want to further strengthen your HTTPS redirect, you can [enable HTTP Strict Transport Security (HSTS)](https://www.inmotionhosting.com/support/edu/wordpress/plugins/http-headers-security/) to force the redirect from the browser application.

## Disable .htaccess Redirects

AutoSSL is the free SSL that's auto-enabled forever, but sometimes [AutoSSL](https://www.inmotionhosting.com/support/website/ssl/auto-ssl-guide/) will encounter an error and nott update for WordPress sites using HTTPS redirect methods. These methods include the Really Simple SSL plugin or [.htaccess 301 redirects](https://www.inmotionhosting.com/support/website/ssl/how-to-force-https-using-the-htaccess-file/). Instead of disabling the plugin and HTTPS redirect to update your AutoSSL every time, editing your .htaccess file once should resolve the issue.

1. [Log into WordPress](https://www.inmotionhosting.com/support/edu/wordpress/logging-into-wordpress-dashboard/).
2. On the left, select *Settings* and **SSL** to edit Really Simple SSL plugin settings.
3. Select the **Settings** tab.
4. Select the **Stop editing the .htaccess file** slider. It should transform from grey to blue.
5. **Save** changes.
6. Now the .htaccess file needs to be modified manually. Open your [.htaccess file](https://www.inmotionhosting.com/support/website/where-is-my-htaccess-file/) for the WordPress website. Note: If using cPanel File Manager, ensure your settings [show hidden files](https://www.inmotionhosting.com/support/edu/cpanel/show-hidden-files-in-file-manager/).
7. Add the following code under your current redirect lines: RewriteCond %{REQUEST_URI} !^/\d+\.BIN_AUTOSSL_CHECK_PL__\.\w+\.tmp$ RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
8. Save your changes.

Afterwards, you shouldn’t need to worry about AutoSSL renewals. If you have any questions or issues following these steps to resolve your FreeSSL issue, please contact our [live support directly](https://www.inmotionhosting.com/support/amp/how-to-get-great-technical-support/).

Learn about more ways to further secure your WordPress site:

- Follow [security](https://www.inmotionhosting.com/support/security/resolve-site-health-security-issues/) and [performance](https://www.inmotionhosting.com/support/website/resolve-site-health-performance-issues/) recommendations from the WordPress [Site Health](https://www.inmotionhosting.com/support/edu/wordpress/wordpress-site-health/) feature in your dashboard
- Install other [security plugins](https://www.inmotionhosting.com/support/edu/wordpress/plugins/recommended-security-plugins/) such as [Cerber Security](https://www.inmotionhosting.com/support/edu/wordpress/wp-cerber-security-hardening-options/) or [WordFence Security](https://www.inmotionhosting.com/support/edu/wordpress/plugins/wordfence/) for in-depth protection and customization in your dashboard along with [Block Bad Queries (BBQ)](https://www.inmotionhosting.com/support/edu/wordpress/how-to-setup-bbq-block-bad-queries-on-wordpress/) to fight code injection
- Consider using the Sucuri web application firewall (WAF) for additional protection against Denial-of-Service (DoS) and related cyber attacks
- [WordPress backup configuration](https://www.inmotionhosting.com/support/edu/wordpress/plugins/recommended-wordpress-backup-plugins/) to automatically schedule and verify backups in the case of disaster recovery
- Read our article “[I think my website has been hacked](https://www.inmotionhosting.com/support/website/hacks/i-think-my-website-has-been-hacked/)” for hack recovery assistance
- Check out our latest guides on how to [learn more about cybersecurity](https://www.inmotionhosting.com/blog/ways-to-learn-more-about-cybersecurity/) and [free website security tools](https://www.inmotionhosting.com/blog/8-free-cybersecurity-tools-to-secure-your-server/) to harden your server

What measures do you take to harden WordPress websites? Let us know in the comments below.
