HTTPS is a secure protocol that your browser uses to connect to the server. Not utilising HTTPS can open your website to many security risks.
Is my website capable of running on HTTPS?
Before switching your WordPress website to HTTPS we must ensure you have a valid SSL certificate. An SSL certificate is compulsory to enable HTTPS, it contains a cryptographic key that allows your browser and the server to communicate securely.
If you want to check if you have a valid SSL certificate navigate to your website using the HTTPS protocol for example if your site is http://example.com, enter https://example.com in your browser. If you do not see a security warning than chances are you have a valid SSL certificate installed.
Note: All hosting plans on G7Cloud come with an SSL certificate by default, it can sometimes take 24 hours to active if you only just signed up.
I am ready to switch to HTTPS
To switch your WordPress website to HTTPS navigate to Settings > General as seen below.
From here you will need to change the protocol on WordPress Address and Site Address to HTTPS as shown below.
Click save, your WordPress website is now running on HTTPS! you should see a secure padlock within your browser.
How to Force WordPress to use HTTPS
Although we have now switched to HTTPS visitors can still access the website via the non-secure protocol HTTP. In order to force everyone to use HTTPS we need to install and activate a simple plugin called ‘Really Simple SSL‘ as shown below.
After activating the plugin you will be presented with the following message (seen below), just hit ‘Go ahead, Activate SSL!‘ and you are done! your WordPress website is now forcing everyone to use HTTPS.