Claim 40% Discount Limited time offer – Up to 40% Discount

How to get HTTPS on a website

As of July 2018, Google started to flag websites that don’t have an SSL certificate as “not secure,” which is a pretty big deal for users. No matter if you have a personal blog or a company website, that “not secure” warning displayed in the browser’s URL bar can affect you in many ways, from lower customer trust to a decrease in search engine rankings. 

If you still haven’t installed an SSL certificate on your website, now is the time to take action. The growing rate of cybercrime, along with the increasingly stringent Web security standards, has made modern Internet users more concerned about their online safety. So, if you don’t care about your site’s security, they do. And that can affect both your reputation and visibility. 

Making your website SSL secure is easier than you think. You don’t need advanced coding knowledge, and it can even be free. Here’s how you can do it. 

Get a SSL secure WordPress website

Where to get an HTTPS certificate 

SSL (Secure Sockets Layer) establishes an encrypted link between your website and its visitors, creating a secure online environment. Thanks to SSL, hackers will find it considerably harder to breach the site’s security and steal the user’s personal details. 

Once an extra luxury for webmasters, an SSL has now become a security staple, which is why today, the most reliable WordPress hosting companies offer it for free. For example, if you get your hosting from WPEngine, Dreamhost, Bluehost, Liquid Web, SiteGround, InMotion Hosting, or GreenGeeks, you may already have an SSL certificate, and you just need to install it. 

However, if you don’t already have a free SSL certificate from your hosting provider, you’ll have to purchase one separately first. There are many reliable sellers to choose from, such as SSL.com, GoDaddy, GeoTrust, and Domain.com. Before completing your purchase, check if the seller offers single, wildcard, and multi-domain certification levels to make sure that all your needs are covered: 

  • single-domain SSL certificate protects only one domain name – this option is great for small business websites and personal blogs
  • wildcard SSL certificate protects all subdomains of one domain – this option is suitable for mid-sized to large businesses that have subdomains such as shop.domain.com, or forum.domain.com
  • multi-domain SSL certificate protects up to 100 subdomains of the same domain – this option is suitable for large enterprises that have multiple subdomains.

Need help installing an SSL certificate or fixing a mixed content issue? Book a call with WP Buffs now and get a 10-20% discount!

How to install the HTTPS in WordPress 

After purchasing an SSL certificate that matches your needs, you’ll have to go to the WordPress settings and adjust them so you can use SSL and switch to HTTPS. 

There are two ways you can do this: 

1. Install a HTTPS plug-in

If you’ve been using WordPress for a while now, you probably know what a plugin is and how to install one. So, look for the “Really Simple SSL” plugin, install and activate it. Then, all you have to do is go to Settings -> SSL, where the plugin will automatically detect the SSL and set up your website for HTTPS. 

The best part about using a plugin to activate the SSL certificate is that it will also check for mixed content errors that may appear during the switch. For example, it will automatically tell WordPress to use HTTPS in the URL and redirect HTTP pages to HTTPS. 

Important: You need to keep the plugin active at all times. If you deactivate it, mixed content errors will come back. 

2. Setup HTTPS manually 

If you don’t want to install a plugin, WordPress gives you the option to set up SSL/HTTPS manually. The main advantage of using this option is that it’s a permanent, performance-optimized solution. However, the downside is that you will need some coding knowledge, and there’s a possibility of messing everything up if you don’t know what you’re doing. When in doubt, talk to your developer or ask a WP pro to help you out. 

Here are the steps: 

  • Go to Settings -> General and update the URL address fields with HTTPS. Save your changes. 
  • Copy and paste the following code in the .htaccess file: 

Now, your WordPress website should be ready to use SSL and HTTPS, but keep in mind that errors may appear. 

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

Most mixed content errors appear because some images, scripts, or stylesheets, still load the old HTTP protocol. In this case, your browser may prompt a warning message saying that the site is only partially secure and that it blocked the unsafe scripts (Insecure content blocked).

Since you’re not using a plugin, you’ll have to troubleshoot and fix each error manually. 

  • Use the Inspect tool and look for the Mixed content error next to each element. Most of these elements are images, iframes, scripts, and stylesheets loaded by your theme and plugins. 
  • For Mixed Content in the WordPress database: Find all mentions of the old (http) URLs and replace them with https. Alternatively, you can install the Better Search Replace plugin to do this for you. Add your old URL in the “Search for” field, and the new URL in the “Replace with” field. Then select the database tables below for an advanced check. 
  • For Mixed Content in the WordPress theme: If your theme was developed following WP coding standards, then chances are you won’t get any of these errors. But if you do, again, you can use the Inspect tool to find out which elements load with the old URL and replace them from the theme files. 
  • For Mixed Content in WordPress plugins: It’s best not to tamper with plugin files, so if you encounter one of these errors, you should get in touch with the plugin developer. 

No matter where you found the issue, you can use the aforementioned Really Simple plugin temporarily. This way, you can work through the errors at your own pace, so that your website users won’t be affected. 

To wrap things up and complete the transition, don’t forget to submit your new and secure HTTPS site to Google Search Console, so Google knows your website has moved.  

Stephen Gagnon Find Stephen on Twitter Find Stephen on Linkedin

Written By Stephen Gagnon from Parxavenue Web Design

Stephen Gagnon is a company director who works with small to medium-sized businesses to help them rank their websites on the first page of Google search. Stephen trusts his work helps businesses build a strong online presence. Stephen has worked with clients in many different niche markets and has the experience and knowledge to rank many kinds of websites in major search engines. Stephen has a psychology bachelor’s degree from the University of Calgary. Stephen is happily married with one daughter, and resides in Calgary, AB.

Leave a Reply

Hi there, all comments are reviewed & your email address will not be published. Let's have an awesome conversation.