[Video] How to Make Your WordPress Website Secure SSL/HTTPS in Under 12 Minutes

If you’re reading this then you probably already know there are lots of good reasons why you’d want to make your site HTTPS.

Reasons to switch your site to HTTPS include:

Google will soon start showing warnings for sites that are not HTTPS
Sites that are HTTPS are favoured in search results
It makes your site more trustworthy from a user perspective – particularly if you have any sort of account creation process where you store users’ personal information (e.g. ecommerce)

There are reports of switching to HTTPS negatively affecting rankings due to the HTTPS version of the site effectively being a brand new site, but this is usually temporary, and some report that this is not even an issue if you do your redirects properly.

Switching WordPress over to HTTPS is surprisingly easy

I knew it was a good thing to switch across, but I thought I’d need to buy a certificate and then do a lot of messing around with redirects and stuff.

Turns out, it’s not very hard at all. Certificate providers such as Let’s Encrypt and ClouFlare are issuing free certificates that still give your site the secure padlock.

Then with the help of some WordPress plugins listed below (and mentioned in the video), you can make your entire domain HTTPS in less than 12 minutes. And that’s with running into a couple of issues along the way.

Watch the video below for full instructions…

What you’ll need:

Administrator access to your WordPress dashboard
A CloudFlare account (just sign up at www.cloudflare.com)
Access to your domain hosting (to be able to edit your name servers)
WordPress plugins you need to install and activate:
a. CloudFlare Flexible SSL
b. SSL Insecure Content Fixer

The Process

1. Click “Plugins” in your WordPress dashboard. Click “Add New” (assuming that the above-mentioned plugins are not yet on your site). Search for “CloudFlare Flexible SSL” in the search field, click “Install Now”, then click on “Activate”.

2. Search for “SSL Insecure Content Fixer” in the search field, click “Install Now”, then click on “Activate”.

3. In your WordPress dashboard, hover over “Settings” and click on “SSL Insecure Content“. Select the level of fixing. Try the “Simple” level first because it has the least impact on your website performance. Leave the other settings on “default” and and click “Save Changes”.

4. Go to CloudFlare, click “Add Site“.

5. Enter the domain name of your site (remove “www”) and click “Begin Scan“.

6. When the scan’s status bar is gone, click on “Continue Setup” and then click on “continue“.

7. Select “Free Plan” and hit “Continue“.

8. In the “Change Your Nameservers” page, copy the names and replace those (ns1 and ns2 ONLY) in your domain’s Name Service page then delete the ns3 and then click “Update Name Servers“.

9. Go back to CloudFlare and click “Continue“.

10. In the Domain Summary section, click on “Full” and change it to “Flexible” and set to “ON” the Automatic HTTPS Rewrites.

11. Click “Page Rules” then click “Create Page Rule“.

12. Enter the site’s URL (but remove the forward slash at the end and change it with an asterisk*) then click “Add a Setting“.

13. From the “Pick a Setting” dropdown menu, select “Always Use HTTPS” then click “Save and Deploy“.

14. Reload your site’s page. Check the address bar if it’s now secure (“http” should now be replaced by “https” and a “padlock icon” followed by the word “Secure” should precede your site’s URL).

15. If site is still not yet secure, go to your WordPress dashboard, hover over “Settings”, click “SSL Insecure Content” and select the next level of fixing, and click “Save Changes”. Repeat “Step 14″ to check if the site is now secure. If not, select the next level of fixing in the “SSL Insecure Content”, and click “Save Changes” (repeat this process until site is secure). If you’re still not getting the padlock, open the console (see 9.30 in video) in your browser and look for a mixed content warning. Find the culprit and make sure it’s being served over HTTPS, not HTTP.

Next steps once you’ve switched over to HTTPS

Now that you’ve switched your WordPress site to HTTPS there’s still work to be done to make sure you don’t lose your search rankings, and that there aren’t too many redirects going on that will slow down your site. For example, start by updating any links you control (e.g. your social profiles) to link to your new HTTPS URL rather than the old HTTP URL. This guide has a great list of things you need to take into account when switching.

Got a story or question about switching to HTTPS? Share in the comments section below.