If you make your web address HTTPS, you’ll notice a load of benefits. For one thing it’ll shut up browsers whining that content on your site isn’t secure.
You’ll see a little green padlock in the status bar when browsers trust your site. This will then make visitors happy that you’re not an evil hacker out to steal their info. To create true fans of our content, we need people to keep coming back, which they’re more likely to do if they trust our blogs aren’t dodgy.
But just how do you make your web address HTTPS? Is it as techy and complicated as it sounds? Can just anyone do it?
Read on my friends and I’ll reveal all.
Disclosure: This post contains affiliate links. If you buy through one of these links I will get a small commission at no extra cost to you. I only recommend products that I use or want to use in future.
Why make your web address HTTPS?
Since July 2018, Google Chrome has been labelling any website not loaded with HTTPS as not secure. Even if you don’t take payment details or store sensitive data, it’s really off-putting for people who land on your blog. We’re all getting more paranoid about the safety of our data online and won’t take risks with dodgy looking websites.
As bloggers we all know how important it is that our readers trust us and what we say. Having a website that only displays secure content goes a long way to helping with that trust.
I for one will very rarely stay on a site that doesn’t have the green padlock, unless I know the owner. No-one wants to risk a virus and/or data theft.
What do I need to do to set up HTTPS?
There are a few simple steps to make your web address HTTPS. You’ll need an SSL certificate set up on your host, then update your web address setting in the WordPress dashboard and then check that all your links and images are pointing to HTTPS versions.
Set up your SSL certificate
SSL stands for secure sockets layer. It makes a secure connection between the computer hosting the files to display your blog and the browser requesting them. You can’t get the green padlock in your browser status bar without one.
Some hosts will charge a fee for adding an SSL certificate to your domain, but generally most hosts offer it for free as part of your hosting package.
I set up my own SSL certificates using Let’s Encrypt, (step by step guide here) and it was done after a handful of clicks. It’s really straightforward and would say definitely go with it if you have the option.
Update your URL in the WordPress settings
So you know all those internal links on your site like links to other blog posts and images? They’re all based on the URL set up in your WordPress General Settings. So if the web addresses in there use HTTP, all the internal links on your site, including links to files your plugins use, will too.
So before you go looking for links to ‘insecure’ content, get this bit sorted and you’ll find it probably does most of the work for you.
When you add HTTPS to these addresses and hit save you will be logged out of your WordPress dashboard. It’s nothing to worry about, log back in again as normal, it’s just your site reloading in HTTPS mode.
From now on, we want to make sure that your site is always loaded with HTTPS, even if someone types in HTTP, or doesn’t type in HTTP or HTTPS in the address bar. To do this we need force your site to load in HTTPS mode.
If you’re with another host which doesn’t give you that option when setting up the certificate you can use a plugin like Really Simple SSL, which will do the job for you.
If you’re happy with changing code, you can manually edit your .htaccess file using the code in the link (which is how the first 2 methods work, they just add the code for you).
*** Before you make ANY changes to your .htaccess file make sure you take a copy of it first. Any mistakes in this file will totally mess up your blog.***
Check your links and images
By now, most of your links and images will be pointing to HTTPS instead of HTTP. But, as always, you’re guaranteed to have a few stubborn ones that you have to change yourself. Any pointing to external URLs, so links to a different site, will need to be changed manually.
There’s a really handy site that you can use to check for any non-secure links on your site. Why No Padlock, is a site where you can enter your URL and it’ll check for anything that might effect the security of your site.
When it’s done you’ll get a pass or fail for your SSL connection and any mixed content (links to HTTP) on your site, like the one below.
How to make your website HTTPS – verdict
During this blog post I’ve talked about how a SSL certificate can help your website with the know, like and trust factor of your blog. How
I’ve also gone through the 4 simple steps needed to make your website HTTPS.
You need to set up a SSL certificate on your host, update your web address in the WordPress dashboard, make sure your site loads using HTTPS all the time and how to check all your links are pointing to HTTPS URLs.