Last Updated on by
You’ve worked hard to make your business website tick all the right boxes.
It has a great design, it’s mobile-friendly, it’s informative, and has clear calls to action.
But, there’s one important element you may have overlooked – security. This means that if you are still on a non-secure domain (http) you are not providing the security for your users. Changing your WordPress http to https is a must.
As users move through your website to make a purchase, request a quote, or fill out a contact form, they notice a warning from Google Chrome that your business website is not secure.
And rather than becoming a lead, they leave.
According to a 2017 HubSpot survey, the amount of people that would leave is quite substantial. Up to 85% of people they surveyed stated that they would leave a website that isn’t secure.
So, if you thought you could put your website security on the back burner for another year, you’re absolutely wrong.
Beyond securing your visitors’ data, moving to https can also increase your business’ credibility, and even boost your search engine ranking.
Making your website secure doesn’t have to be expensive or complicated. You can actually change your website from http to https for free in seven simple steps.
But, before we jump in, let’s delve a little deeper into https.
Google explains it best:
“When you load a website over plain HTTP, your connection to the site is not encrypted. This means anyone on the network can look at any information going back and forth, or even modify the contents of the site before it gets to you. With HTTPS, your connection to the site is encrypted, so eavesdroppers are locked out, and information (like passwords or credit card info) will be private when sent to the site.”
Last year, Google added a “not secure” warning to the Chrome browser for websites that have not yet converted to https.
It looks like this:
With 62% of persons worldwide choosing Google Chrome as their preferred browser, it’s a pretty big deal.
To secure your WordPress website with https, you need access to a few areas:
- Your WordPress website admin (to install a plugin)
- The admin for wherever your domain is registered (to update information)
It’s also strongly recommended that you create a backup of your website.
Ready? Let’s get started.
The first thing you need to do is create an account at Cloudflare. Simply go to https://dash.cloudflare.com/sign-up, and enter your email address, your desired password, and click on the Create Account button.
In the next step of the registration process, Cloudflare will ask you to enter your website URL. Once this is entered, click the Add Site button.
Next, they will display a prompt with the heading “We’re querying your DNS records.” Click Next to select your plan.
Select the free plan, and confirm.
The next page will reveal your website’s “DNS query results.” This is to ensure that your website and email services won’t be affected during this process.
Scroll to the bottom, and continue.
The following two pages give instructions on what your should change your nameservers to. Record this information in a notepad, or take a screenshot and save it.
Click Continue. Then, click on the Crypto button.
Use the dropdown box, to change the SSL setting to Flexible. Your change will be automatically saved.
Login to the website you purchased your domain from, such as GoDaddy, HostGator, etc. If you are not sure how to do this, I have included direct links to the steps for some of the most popular domain registrant companies.
- Namecheap (Click Custom DNS, and enter in the nameservers from cloudflare)
- Google Domains
It may take up to 24 hours for your registrar to process this change. Once processed, your site will become active on Cloudflare. You will receive an email to confirm when your status is updated.
Once you see the word Active with a green tick mark, you’re ready to move on.
Step 6: Login to your WordPress website, and install a plugin to direct users to the https version of your website
Once you’re logged into the admin section of your WordPress website, navigate to Plugins in the left sidebar menu. Click Add New, and search for Really Simple SSL.
Click Install Now to download the plugin.
To activate the plugin, click on Installed Plugins under the Plugin header. Locate the Really Simple SSL plugin, and click Activate.
Go to the Settings option in the left sidebar menu, and click SSL to open the Really Simple SSL plugin.
As a note, the page may look a little distorted after you click the button. But it will be resolved right after the next step.
Scroll down the page until you find the “Almost ready to migrate to SSL” header. Then, click on the Go ahead, activate SSL! Button.
Log out of your WordPress admin, and log back in again.
Your live website should be running in https now. Be sure to go through your website to make sure that everything is working as expected.
You may have been wondering why you have not been getting many leads on your website, even with the changes that you made to improve the design, make it mobile-friendly, and add clear calls to action.The answer may be in your website security. With the warning now displayed in Google Chrome, people are more informed about the security of websites they visit.
But, in just seven steps you can improve your website experience for your visitors, and give them the piece of mind that their information is secure.
You can also potentially move your website up in the search results.
Did you notice any results from moving your WordPress website from http to https?