First of all, it’s a good idea to see if you already have an SSL certificate installed. Many hosting companies offer them for free, so they are part of the initial setup when your site goes live.
If you’re using Firefox, open up a Private Browser window. If you’re using Chrome, use the incognito window. Then use your site URL to check for an SSL.
Your site URL is www.yourdomainname.com. Just add an https:// before that. So you’ll end up with something that looks like this:
That added S onto http means that a website is secured.
This simple step is a message to your browser to attempt to connect a version of your site that has been secured. Assuming there is a secure version, you will see a connection is secure message.
If you’d prefer to diagnose things a little more, you could use a service to check your SSL. You simply type in your site URL and they will run a wizard.
If you get a message saying your site has been secured, you know your SSL certificate is working and the install step is unnecessary. But that also means you’re going to have to do some further digging to see why your site has been flagged with a site is not secure warning.
If so, see the heading WordPress Site is not Secure but You Have an SSL Certificate below.
However, before you go any further though, there is an important step to take.
Anytime you set out to make changes or fix things on your WordPress website, it’s a very good practice to get a full backup first. Because it will be the one time you fail to do this that something goes wrong, and you end up with a bigger problem than what you started with.
WordPress has a huge selection of backup plugins, so I’m not going to recommend one. If you go to wordpress.org and select plugins from the menu, you can do a search. Here’s an idea of what you can find, but there are many more to choose from.
This way, if something goes wrong, you can easily restore your site.
Once you’ve got that step out of the way, and your backup saved, you’re ready to install an SSL certificate or do whatever else might be necessary to remove the site not secure warning.
If you’ve determined from the above test that your site lacks an SSL certificate, I’ll walk you through the install process.
Here’s a quick preview of what you’ll need to do.
First, there are a few options on where to obtain a certificate. If you don’t have one already, your web host probably doesn’t supply a free one, but that might not be the case.
Check with your web host to see if they offer a WordPress SSL certificate—often Let’s Encrypt—as part of your hosting package and if they have instructions on how to add it to your site.
Here’s a list of web hosts that do:
If you need to purchase a certificate, they can be found for under $10 per year up to $100s per year. Here are a few of the cheaper options.
And finally, there is a free version for your WordPress site.
Now you’re ready to install.
The following instructions will be based on installing a free certificate from Let’s Encrypt.
If you’re fortunate, your host will support this. The above list isn’t exhaustive, so go to your cPanel and check for Let’s Encrypt.
Click on Let’s Encrypt. This will take you to a list of your domains. If you have more than one domain, choose the one you’re working on right now, and then select Issue.
In the next step, you need to choose the addon aliases you want to be included in the certification. Depending on the way your host adds sub domains or addon domains, there may be names you want to exclude. If you have an email address attached to this domain, make sure you include the mail.yourdomainname.com item.
From there, click the Issue button at the bottom of the page.
If all the steps above went as planned, you should get a message that looks something like this.
From there, if you use the Go Back button, you should see your site listed and the verification status showing as installed.
Note that depending on the version of cPanel your host is using, the above images might not match your site. There is also the chance that your host doesn’t use cPanel as its control panel. If so, and assuming they offer Let’s Encrypt, the setup steps will be slightly different.
Next, you will need to change your URL in the address bar. Just as you did before when testing to see if you had a certificate installed, add https:// to the front of your domain name and hit enter. If everything is working as it should, you will be logged out of your WordPress site and have to log back in again.
At this point, assuming you are using Firefox when you hover of the padlock, you should see Verified by: Let’s Encrypt. If you are using Chrome you’ll have to click on the padlock and you should see a message saying Connection is Secure in a green font.
But what if you’ve already installed and verified that you have an SSL certificate on your website and you’re still getting a WordPress site is not secure warning?
Then there is a good chance you are dealing with a mixed content issue.
Last updated Jun 07, 2022
Applies to: Other