From HTTP to HTTPS – Resolved

How to Make Your WordPress Website Secure (from HTTP to HTTPS)

So, July 2018 has passed! And now Google’s Chrome browser has started marking all websites that do not have an SSL certificate as insecure.

In this article, we will cover how to properly move your WordPress website from HTTP to HTTPS by adding an SSL certificate.

What are SSL and HTTPS?

SSL is the backbone of the secure Internet, and it protects sensitive information from malicious attacks.

Whenever a user visits a website over the internet, information is transferredHow to Make Your WordPress Website Secure (from HTTP to HTTPS) between the client ( browser) and server ( website they are visiting). Frequently, this information can be user sensitive information such as payment details, credit card details, etc.

By using HTTP, this information can be hacked.

However, websites using SSL are immune to frequent malicious attacks, making these websites secure from hackers.

To use SSL in your website, an SSL certificate is needed. SSL certificates have to be issued by one of the recognize certificate issuing authority. This certificate is then verified and highlighted in user’s browser address bar with a padlock sign and HTTPS instead of HTTP.

Why Do We Need SSL/HTTPS?

SSL/HTTPS is recommended for every website on the internet. And it a requirement for websites that collect sensitive data such as login information, credit card information, online payment information, and more.

SSL encrypts sensitive data with an SSL certificate, so that information becomes unreadable to everyone except for the destination server. This protects information from hackers and other malicious attacks such as man-in-the-middle.

Almost every online payment service require SSL/HTTPS before any payment can be received.

Apart from this, Google recommends using SSL certificate, and if any website is not using SSL certificate, Chrome will show users that your website is not secure, which will give a negative impression on your site.

Requirements for Using HTTPS/SSL on a WordPress Site.

The only requirement you will need for using SSL in WordPress is to acquire an SSL certificate.

Now, there are many ways you can acquire an SSL certificate. You might even have one for free.

Many renowned WordPress hosting companies offer SSL certificates for free for all their users. These companies are:

  • Bluehost
  • SiteGround
  • InMotion Hosting
  • LiquidWeb
  • WPEngine
  • DreamHost
  • GreenGeeks

If your site is hosted on one of the above-mentioned companies, you will just have to turn on your free SSL certificate from your hosting dashboard. Or you can also ask your hosting provider to enable it for you.

If your web hosting does not offer you free SSL, but you still want SSL for free, then you can opt to switch your hosting and move your site to one of the above-mentioned companies.

Alternatively, if your hosting company does not offer SSL certificate for free, then you will have to purchase an SSL certificate.

For this, we recommend using GoDaddy because when you purchase an SSL certificate from them, you will get a McAfee secure seal for your website. Also, GoDaddy manages more than 76 million domains which make the world’s largest domain name registration service.

After purchasing SSL certificate for your website, then you will need to ask your hosting provider to install the certificate for you.

Setting Up WordPress After Enabling Free SSL Certificate

After enabling your free SSL Certificate, you will need to set up WordPress, so that all your URLs will start with HTTPS instead of HTTP.

The easiest way to set up WordPress for this is by installing Really Simple SSL plugin on your website and then activating this pluginHow to Make Your WordPress Website Secure (from HTTP to HTTPS)

By activating this plugin, it will check if your SSL certificate is enabled. If SSL certificate is enabled, the plugin will turn on HTTP to https redirect, and then change your website’s settings to start using SSL/HTTPS.

This plugin will try to fix all mix content issues, however, there may still be some files loading from HTTP instead of HTTPS. You can find these files by using the Inspect tool and then try to fix them.

Commonly, these issues arise from files loaded by poorly coded WordPress plugins. If you cannot fix them, then try uninstalling those plugins and finding a suitable replacement.

Leave a Reply

Your email address will not be published. Required fields are marked *