As I look after few websites including my own of course and now that Google is using website security as one of the important ranking factors, I’ve decided to upgrade all of the websites to https secure protocol. As an added bonus, I’m going to show you how to do it yourself and have the SSL certificate issued for free, saving you around $US40 every year!

Below this video that goes into all the required detail, I’ve listed the rough 6 steps that will have your website updated to SSL certificate https secured site.


Here are the rough steps before we go into more details.

  1. Obtain a free SSL certificate from https://www.sslforfree.com/.
    Once you have your certificate, you will need to log into cpanel – www.yourwebsite.com/cpanel and upload the certificate.
  2. Update your WordPress address from http to https.
    This is done from your WordPress admin page www.yourwebsite.com/wp-admin
  3. Update your WordPress website database to use https.
    Use Better Search & Replace WordPress plug-in for this step
  4. Setup 301 redirects & canonical for all traffic to use https
    You will need to paste this code into your .htaccess file also within cpanel

    #Redirection code starts
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    #Redirection code Ends

  5. Update Google Analytics & Google Search Console
  6. Check your website is secure at https://www.whynopadlock.com
  7. Optional only if after these 6 steps, your website is still not showing the padlock icon confirming security.
    You may have to use SSL Insecure Content Fixer WordPress plug-in to clean up your non https content automatically. See the video that shows you detail.
    Your Connection to This Site is Not Fully Secure warning message – fixed below


Let me know how this worked for you in the comments below and I’d be happy to answer any questions.

Share →

Leave a Reply

Your email address will not be published. Required fields are marked *