Skip to content

HTTPS and Your WordPress Site

But I don't sell anything on my site. Do I still need HTTPS?

Unfortunately, yes.

Even if you don't accept payments or sell products directly from your website, HTTPS certification will keep your website and its visitors safe by using encryption when transferring data.

Google prioritizes site with HTTPS in its search results.

Website security can seem like a full-time job.

New online threats pop up every day and it can be overwhelming to keep up with all of the steps necessary to keep your WordPress site running smoothly.

HTTPS has been important to Google since 2014, but the SEO impact of not having it has been dramatically increasing.

It used to be that you only needed SSL if you had an e-commerce site; essentially if you were taking money or other confidential information through your website.

But somewhere along the way, Google decided that it wanted all sites to be secure independent of what information they handle and so here we are.

At Mozak Design, we encourage all of our clients to choose an HTTPS certification for their site in addition to keeping their plugins, theme & WordPress core always running the latest version of software possible.

After all, your website is an investment in your business and yourself. Let's keep it secure and loved by Google.Click To Tweet

What is HTTPS anyway?

HTTPS stands for Hyper Text Transfer Protocol over SSL which is a fancy way of saying that your website is communicating with the Internet over an encrypted line.

For HTTP or HyperText Transfer Protocol, your average website is sending files for the public to view. HTTPS started as a way for e-commerce sites to encrypt payment details and has now become the security standard for everyone with a WordPress website.

So how do I know if I have HTTPS and that it is set up correctly?

Thankfully there is an easy way to check.

If you have all green checkmarks: You are done!

SSL Green Padlock

What if it said you're not secure?

(warning ... I'm about to get all geeky)

So now what?

The next step is to check if you have an SSL certificate installed on your hosting.

  • To check this, go to a browser window and type in: httpS://yourwebsite.com.
    {replacing yourwebsite.com with your actual URL}

You will get one of two results:

  • Result 1: You see an error message similar to: "This site can’t provide a secure connection"
  • Result 2: You see your webpage

Result 1: You see an error message

This indicates that you do not have SSL installed on your website.

Contact your host and ask them about SSL options. Most hosts have the free: Let's Encrypt, but some host like GoDaddy charges their customers an additional fee for an SSL license.

>> Once a license is purchased and installed, continue on with this post. <<

Result 2: You see your website

This indicates that you do have an SSL license installed on your hosting but there is something wrong in how it was set up on your WordPress website.

  • Step 1: Check your website settings. 
    1. Log into your website: http://yoursite.com/wp-admin
    2. Go to your general settings: http://yoursite.com/wp-admin/options-general.php
    3. Make sure both the "WordPress Address" and "Site Address" have https
    4. Scroll to the bottom and click: "Save Changes". Note: you may need to log into your website again after this save.
  • Step 2: Clean up your database.
    1. Create a backup of your website.
      Hopefully, you have a host that has that feature. If not you can use a backup plugin like UpDraft.
    2. Go to your Plugin installation page: https://yoursite.com/wp-admin/plugin-install.php
    3. Search for the plugin: Better Search Replace
    4. Install the plugin by clicking "Install Now" and then "Active"
    5. Go to the page: https://yourwebsite.com/wp-admin/tools.php?page=better-search-replace
    6. Complete as follows:
      • Fill in the "Search for" with the HTTP version of your URL
      • Fill in the "Replace with" with the https version of your URL
      • Select all the tables
      • Uncheck "Run as dry run?"
    7. Click the button:  "Run Search/Replace"
  • Step 3: Check if that fixed things. 
    1. If you have any caching plugins do empty/clear the cache
    2. Go to https://www.whynopadlock.com/
    3. Paste in your website URL & click "Test Page"
    4. Review your results.

If you have all green checkmarks

You are done! Party time!!!

After all, your website is an investment in your business and yourself. Let's keep it secure and loved by Google.Click To Tweet

What if it still says you're not secure?

Time to take out the big guns!

At this point, there could be a few things preventing you from being 100% secure.

There might be an old HTTP link in your theme code. You might also have a file from another domain on your page that is also not https.

In any case, at this point, I'd suggest you either reach out to your developer or try the plugin "SSL Insecure Content Fixer".

I save this to last because it is more of a patch solution than a real fix. But hey, somethings you need to just bring out a hammer.

If you want to try the plugin route (heck it's worth a shot) here are the steps.

  • Step 1: Install the plugin SSL Insecure Content Fixer
    1. Go to your Plugin installation page: https://yoursite.com/wp-admin/plugin-install.php
    2. Search for the plugin: Better Search Replace
    3. Install the plugin by clicking "Install Now" and then "Active"
  • Step 2: go to https://yoursite.com/wp-admin/options-general.php?page=ssl-insecure-content-fixer
  • Step 3: Try each of the options down their list. Testing each time at https://www.whynopadlock.com/ to see if you finally have got it.

Did you do it? Are you secure?

Well done! Party time!!!

If you are still spinning your wheels please reach out.

I'm here to help.

 

Till next time,

PS: Did you find this post helpful? If so let me know by sharing out with your network!

Leave a Comment





Scroll To Top