With Google Chrome now enforcing SSL for all websites on the Internet, it’s time you secure your website with an SSL certificate. In July of 2018, Google released their Chrome68 browser which will display websites without an SSL certificate as ‘Not Secure‘.
If your website was built with WordPress then you’ll need to follow these steps to change your site from HTTP to HTTPS:
Step 1: The first and most obvious step is to purchase an SSL certificate. Most web hosting providers sell SSL certificates however if your web host doesn’t offer them then you can purchase them from a third party. You do not need to purchase it from your web host, you can purchase SSL certificates from any company. The cheapest and most standard certificate is called a DV certificate, short for Domain Validation. This type of SSL certificate will cover yourdomain.com and www.yourdomain.com. If you want to cover sub-domains such as blog.yourdomain.com then you need what’s called a WildCard SSL certificate. These tend to be priced much higher and are only required if your website uses sub-domains.
You can purchase cheap SSL certificates from RapidSSL. They sell GeoTrust DV certificates as well as WildCard SSL certificates.
Step 2: Once you’ve purchased your SSL certificate you’ll need to install it on your hosting account. If your web host uses cPanel then you can click on the SSL/TLS icon and paste your certificate there. If your web host uses some other control panel then you’ll need to ask them how to install it or if they can install it on your hosting account for you.
Step 3: Now that your SSL certificate is installed you need to do a few things in WordPress. First, login to your WordPress Admin Dashboard (yourdomain.com/wp-admin). Then click on Settings on the left menu and click General. On the General Settings page you need to change both the WordPress Address and Site URL from http to https. Scroll down and hit the blue Save Changes button. By doing this we’ve now told WordPress that our site has an SSL certificate and it should use https as the default.
Step 4: Now you should test your website. When you go to https://yourdomain.com in Google Chrome you should see the word ‘Secure’ in green text beside your URL in the address bar along with a green padlock. If you do then you’ve successfully setup SSL with WordPress. If you see the word ‘Secure’ but in orange text and the padlock is not green then you need to continue to step 5.
Step 5: The reason you don’t see the green text and green padlock is because there is some content on your site that is not loading over https. To fix this you need to install the SSL Insecure Content Plugin. You can go to the Plugins section in WordPress and then search for it and install it. Once installed, you’ll find it under the Settings section on the left menu in WordPress. Click where it says SSL Insecure Content. You’ll see 6 radio buttons. First try the one labeled Content and hit save at the bottom. Then test your website and see if the green padlock shows up. If it does then you’re all set.
If it’s still not green then go back to the same page and change it from Content to Capture All and save changes. Test your site again and that should fix the issue. You do not need to touch any of the checkboxes at the bottom unless you’re an advanced user and have a very specific setup.
Note: Here is a list of our Top Web Hosts that offer SSL Certificates.
There you have it, 5 Simple Steps to Add SSL to your WordPress website and make it secure!