SSL Zen – Free SSL Certificate & HTTPS Redirect for WordPress


Secure your website with a Free SSL certificate. Trusted by 100,000+ websites globally!

SSL Zen helps you to secure your website, protect your customer’s data and show your visitors you’re trustworthy and authentic.

Features of Free Version:

  • Secure padlock in the browser
  • Displays ‘connection is secure’ message
  • Increased SEO ranking
  • Customers will trust you
  • Accept safe payments online
  • Compliance with regulation standards
  • Strong bank-level security

Note: The free version requires you to manually verify your domain name with Let’s Encrypt by uploading a file on your server. You will also need to upload the SSL certificates on your server and configure them.
SSL certificates from Let’s Encrypt are only valid for 90 days and need to be manually renewed. If you fail to renew, your website will start showing a not secure warning to the visitors.
If you want the plugin to automatically install the SSL certificate and auto-renew it, please check the premium version of the plugin.

How to buy the Premium version of the plugin?

Download the free version of the plugin by clicking on the Download button at the top. Install and Activate the plugin. On the Pricing Page, select the Premium version, complete the payment. You will receive a plugin download link along with your license key.

Features of Premium Version:

  • Automatic Domain Verification
  • Automatic SSL Certificate Generation
  • Automatic SSL Certificate Renewal
  • Accelerate your website with StackPath’s Global Content Delivery Network
  • Premium Support – Live Chat, Email Support
  • Spam Protection
  • Brute-Force Protection
  • Forces Browser Validation on traffic anomalies
  • Performs Real-time threat intelligence for IP addresses, source location, and information on malicious IPs.
  • Patches known vulnerabilities in the Apache Struts framework by blocking requests suspected of exploiting these vulnerabilities
  • Enables a set of rules designed to block common WordPress exploits
  • Blocks clients performing multiple injection attacks.
  • Blocks Probing and Forced Browsing
  • Blocks SQL injection attack attempts
  • Blocks Cross-Site-Scripting (XSS) attack attempts
  • Blocks Shellshock attack attempts
  • Blocks requests suspected of being a Remote File Inclusion attempt
  • Blocks requests suspected of a Local File Inclusion attempt
  • Blocks attempts to access and potentially harm your servers through backdoors
  • Blocks requests suspected of web shell attempts
  • Blocks requests suspected of Response header injection attempts
  • Blocks Invalid User Agents
  • Blocks Unknown User Agents

Why get a SSL padlock?

  • Trust – Starting from July 2018, Google Chrome has begun to mark all non SSL-websites as ‘Not Secure’. When your users see the broken padlock, their trust wavers!
  • Security – SSL provides authentication, trust and compliance. If your customer is filling out forms, or making payments on your website, you need SSL to protect sensitive data from eavesdroppers.
  • SEO – Google ranks SSL-enabled websites higher than unsecured websites. Hence, securing your website also helps get you on top of Google’s search results.

Please leave a review

If our plugin helped you secure your website, please leave a review here

For more information about our plugin, please visit

Want SSL Zen plugin in your language?

You can directly translate the plugin in your language here
When you add translations, get in touch with us as we will get you listed as a Project Translation Editor for our plugin.


  • By downloading our plugin, You agree to Let’s Encrypt® Terms of Service
  • By downloading our plugin, You agree to LEClient license terms, a PHP LetsEncrypt client library to verify domain ownership and generate SSL certificate for your website.
  • We use Let’s Debug API, a diagnostic tool to help figure out why you might not be able to issue a certificate for Let’s Encrypt®.
  • We use Freemius to collect non-sensitive diagnostic data about your website should you opt-in.

Internet Security Research Group™, Let’s Encrypt®, ISRG™ are trademarks of the Internet Security Research Group. StackPath®, EdgeSSL™ are trademarks of StackPath, LLC. All rights reserved.


  • How it works
  • Agree to Let's Encrypt ® TOS
  • Verify domain ownership by uploading files on your server
  • Install SSL certificate on your web server
  • Redirect http to https
  • Renew SSL certificate
  • Settings to enable 301 redirection the settings page.


To install this plugin:

  1. Make a backup of your website and database
  2. Download the plugin
  3. Upload the plugin to the wp-content/plugins directory,
  4. Go to “plugins” in your WordPress admin, then click activate.
  5. You will now see a SSL Zen icon on your left navigation bar. Click on it and follow the step by step guide.


What is a SSL Certificate?

An SSL (Secure Sockets Layer) certificate is a digital certificate that authenticates the identity of a website and encrypts information sent to the server using SSL technology.

Are your SSL certificates really free?

Yes. All SSL certificates are generated by Let’s Encrypt® (nonprofit) with a mission to create a more secure and privacy-respecting Web by promoting the widespread adoption of HTTPS.

What benefits does SSL provide?

An SSL Cert protects your customers’ sensitive information such as their name, address, password, or credit card number by encrypting the data during transmission from their computer to your web server.

How do I install my SSL certificate?

You will be emailed a certificate and a private key. Simply go to your cPanel dashboard, click on SSL/TLS and follow the process to install SSL certificate.

How long are the certificates valid?

Let’s Encrypt® certificates are valid for 90 days and can be renewed with no additional cost. You can easily renew them through our plugin.

How do I renew an SSL certificate?

Simply follow the same process you used to generate and install SSL certificate the first time and your certificates will be renewed.

Do I need technical knowledge to set up an SSL?

Our free version of the plugin does require you to upload files on your website to verify domain ownership.

Is your plugin safe to install on my website?

Our plugin is open-source and anyone can download and inspect it before installing on their website.

Do you support Wildcard SSL?

We currently do not support wildcard SSL. Our plugin is only built to generate SSL certificate for your WordPress website/blog.

Which browsers will trust my certificate?

All major browsers are supported.

What is the verification process?

The verification is a simple process to prove that you own the domain for which you are requesting the certificate.

Do I need to do the verification again when I renew?

The verification results are valid, at the time of writing, for 30 days. If you renew within that period, you should not need to re-verify. Outside of that period you will need to do the verification again. However, it is a very simple process that requires almost no time.

I have installed the certificate correctly, but my site is not shown as “Secure”

The most likely reason for this is that you are still loading some resources, such as images for example, via HTTP. Browsers in this case will show “Mixed content” errors in the developers console. If you do not want to use developer tools, you can easily check which resources those might be by using “Why No Padlock?” service. You can read more about “Mixed Content” and how to prevent it here.

Can I see the name of my company on the certificate?

Free certificates are of Domain Validation type (DV) and do not hold that information. To have the information about your company, the certificate would need to pass Organization Validation (OV) or Extended Validation (EV). Both require paperwork (such as actual company checks) and cannot be offered for free as a result.


April 7, 2021
Always reliable and consistent, I have used SSL Zen for several years now and it allows so much of my website to work better - from my online store to keeping users information secure.
April 6, 2021
The support team was very helpful. I definitely will recommend to other customers.
April 2, 2021
Wow, literally just installed this, and if it really is as good as it seems, then I wish I could give 10 stars! Top stuff! Very quick and easy process, and means we avoid having to pay GoDaddy a small forture every year for something that has minimal cost to them. Thank you for such an amazing plugin
Read all 454 reviews

Contributors & Developers

“SSL Zen – Free SSL Certificate & HTTPS Redirect for WordPress” is open source software. The following people have contributed to this plugin.


“SSL Zen – Free SSL Certificate & HTTPS Redirect for WordPress” has been translated into 2 locales. Thank you to the translators for their contributions.

Translate “SSL Zen – Free SSL Certificate & HTTPS Redirect for WordPress” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.



  • Update cPanel check for ports and URL paths


  • Update cPanel check


  • Check for correct status letsdebug severities


  • Updates for LetsEncrypt environments
  • Updated CDN price to $59


  • Switch exec to shell_exec for all cases


  • Set timeout for request to detect cpanel
  • Fix issues with Reset Plugin flow for Stackpath CDN
  • Fix persistent review notification!


  • Fix file verification flow for WP sites in directories
  • Add detection for cloudflare
  • Add detection for bluehost temporary domains
  • Add link to translate plugin
  • Feedback prompt update
  • Minor bug fixes


  • Fix localhost check


  • Fix Step2 premium CDN flow for Google domains
  • Fix Step1 flow for checking IP addresses
  • Fix check for cPanel’s existence


  • Fixed issues with free plugin site crashes
  • Add translators to translations


  • Fixed a bug that wasn’t displaying cPanel form on Step 1


  • Bug fix for Generic Free version


  • Automated Step 2 for cPanel Free Users
  • Display Remind Me Later link after 10 seconds


  • Removed confusing message on Settings page asking users to change their A and CNAME record.


  • StackPath bug fixes


  • StackPath enhancements and bug fixes


  • Updated Freemius SDK to 2.4.1
  • Fixed a bug that wasn’t displaying success message after DNS verification
  • Changed pricing for premium plans from monthly to yearly


  • Bug fix for DNS verification page design layout


  • Changed pricing structure for premium versions


  • Improved Re-Activation process for StackPath
  • Improved error messaging


  • Changed pricing of premium version to $36


  • Updated Freemius SDK
  • Improved StackPath DNS verification
  • Added option to reset plugin for StackPath


  • Pricing page has been hidden so users are redirected to buy the correct plan
  • Updated cPanel Availability script


  • Added better error messages for StackPath DNS verification


  • Fixed a bug that was not displaying Let’s Encrypt Debug Log


  • Fixed a bug that would pass A record for www.domain.tld instead of domain.tld for StackPath
  • Added a Debug button for the users to easily share the file with support team
  • Added HelpScout beacon to StackPath Premium version.
  • Added I agree to terms and conditions that was accidentally removed in 3.0.0


  • Added StackPath Integration. Non-cPanel users can now use StackPath to get an SSL certificate.


  • Added hyperlink for certificate name on Step 3. Added tooltip for copy and download button.
  • Increased delay for Let’s Debug calls as the previous delay was still not sufficient for few websites.


  • Added a delay for Let’s Debug calls
  • Moved Enable Debugging from Advanced > Debug tab
  • Added instructions for non cPanel SSL installation
  • Removed fopen as a requirement in System Requirements Check
  • Fixed a bug that wasn’t renewing SSL certs for Pro customers


  • Bug fix for DNS verification
  • We now show settings page from Step 1
  • Live Chat Widget for Premium users


Bug fix for ‘include www’ checkbox which was checking for A record only, replaced it with A or CNAME record.


  • Changed pricing to per year from lifetime on pricing page
  • Disabled upgrade to Pro in non-cPanel version
  • Creates SSL cert for only domain.tld or www.domain.tld based on website url
  • Added functionality so that the pro version of the plugin works even if the website is hosted in a sub-directory
  • Added debug messages for identifying issues with Let’s Encrypt


Bug fix for cPanel credential verification.


Updated Let’s Encrypt PHP library LE Client to 1.2.2. Please update immediately.


Bug fixes.


  • Major Plugin Redesign
  • Added DNS verification which now supports wildcard SSL certificate
  • Added System Requirements Compatibility Test
  • Added option to send debug information for easier troubleshooting
  • Removes HTML verification files after LE verification is complete
  • Optimized HTTP and DNS verification process
  • Updated LEClient to 1.2.1
  • Added a pricing page which lets users upgrade to pro version
  • Removed Review Plugin notice and donation requests from Admin Dashboard
  • Added warning if plugin is installed on a localhost or IP address
  • If ‘include www’ is checked, we now verify that a ‘A’ record for it exists
  • Improved pro license validation
  • Improved SSL installation process
  • Optimized source code


  • Replaced support email with plugin contact page
  • Add a Setup menu item in plugin navigation
  • Replaced the error message in Step 4
  • Updated LE Client to the latest version


  • Optimized codebase
  • Bug Fix – Freemius auto-update process


  • Bug fix


  • Bug fix


  • Added support to add SSL certificate for non-cPanel websites
  • Fixed a bug that was not renewing an SSL certificate if the current url was https by ignoring https redirection for .well-known folder
  • Fixed ‘Terms and Conditions’ link which was not working as expected
  • If someone closes the review notice, we do not show it again for 24 hours
  • Customized Freemius welcome message
  • Updated Freemius SDK to 3.3.2
  • If a user’s SSL certificate has expired and he clicks on Renew in the Settings tab, we now take him to Step 1 to re-create his authorization
  • Users can now download the SSL certificate on Step 3
  • Fix a bug that was not detecting cPanel compatibility because sslverify was true
  • Added new videos for cPanel and Apache SSL installation instructions with voice-over


  • Like the plugin? Become our ambassador and earn cash
  • Refer new customers to our plugin and earn 20% commission on each successful sale you refer!
  • To become an affiliate, go to SSL Zen plugin and click on affiliation in the left menu.
  • Added new tags ssl,ssl certificate,openssl,letsencrypt,free ssl,free ssl certificate,ssl tls,secure socket layer,ssl encryption,wildcard ssl certificate,letsencrypt wildcard,ssl https,tls,wordpress ssl


  • Security Patch for 1.9.5
  • Changed tags to https, ssl, free ssl, ssl certificate, mixed content,insecure content,force ssl


  • Fixed security issue