How to Secure Your WordPress Website with Https for Free

Image for post
Image for post
Photo by LinkedIn Sales Navigator on Unsplash

You’ve worked hard to make your business website tick all the right boxes.

It has a great design, it’s mobile-friendly, it’s informative, and has clear calls to action.

But, there’s one important element you may have overlooked — security.

As users move through your website to make a purchase, request a quote, or fill out a contact form, they notice a warning from Google Chrome that your business website is not secure.

And rather than becoming a lead, they leave.

According to a 2017 HubSpot survey, the amount of people that would leave is quite substantial. Up to 85% of people they surveyed stated that they would leave a website that isn’t secure.

So, if you thought you could put your website security on the backburner for another year, you’re absolutely wrong.

Beyond securing your visitors’ data, moving to https can also increase your business’ credibility, and even boost your search engine ranking.

Making your website secure doesn’t have to be expensive or complicated. You can actually change your website from http to https for free in seven simple steps.

But, before we jump in, let’s delve a little deeper into https.

What’s the Deal about Https Anyway?

Google explains it best:

“When you load a website over plain HTTP, your connection to the site is not encrypted. This means anyone on the network can look at any information going back and forth, or even modify the contents of the site before it gets to you. With HTTPS, your connection to the site is encrypted, so eavesdroppers are locked out, and information (like passwords or credit card info) will be private when sent to the site.”

Last year, Google added a “not secure” warning to the Chrome browser for websites that have not yet converted to https.

It looks like this:

Image for post
Image for post

With 62% of persons worldwide choosing Google Chrome as their preferred browser, it’s a pretty big deal.

Before You Get Started:

To secure your WordPress website with https, you need access to a few areas:

● Your WordPress website admin (to install a plugin)

● The admin for wherever your domain is registered (to update information)

It’s also strongly recommended that you create a backup of your website.

Ready? Let’s get started.

How to Get Free Https Through Cloudflare

Step 1: Create an account at Cloudflare

The first thing you need to do is create an account at Cloudflare. Simply go to, and enter your email address, your desired password, and click on the Create Account button.

In the next step of the registration process, Cloudflare will ask you to enter your website URL. Once this is entered, click the Add Site button.

Next, they will display a prompt with the heading “We’re querying your DNS records.” Click Next to select your plan.

Image for post
Image for post

Step 2: Choose a plan, and get information for nameservers

Select the free plan and confirm.

Image for post
Image for post

The next page will reveal your website’s “DNS query results.” This is to ensure that your website and email services won’t be affected during this process.

Scroll to the bottom and continue.

Image for post
Image for post

The following two pages give instructions on what your should change your nameservers to. Record this information in a notepad or take a screenshot and save it.

Image for post
Image for post

Step 3: Modify your settings

Click Continue. Then, click on the Crypto button.

Use the drop down box, to change the SSL setting to Flexible. Your change will be automatically saved.

Image for post
Image for post

Step 4: Login to your domain host, and change your nameservers as instructed.

Login to the website you purchased your domain from, such as GoDaddy, HostGator, etc. If you are not sure how to do this, I have included direct links to the steps for some of the most popular domain registrant companies.


Namecheap (Click Custom DNS, and enter in the nameservers from cloudflare)




Google Domains





Step 5: Wait a few hours, and then check Cloudflare to see if activated.

It may take up to 24 hours for your registrar to process this change. Once processed, your site will become active on Cloudflare. You will receive an email to confirm when your status is updated.

Once you see the word Active with a green tick mark, you’re ready to move on.

Image for post
Image for post

Step 6: Login to your WordPress website, and install a plugin to direct users to the https version of your website

Once you’re logged into the admin section of your WordPress website, navigate to Plugins in the left sidebar menu. Click Add New, and search for Really Simple SSL.

Click Install Now to download the plugin.

Image for post
Image for post

To activate the plugin, click on Installed Plugins under the Plugin header. Locate the Really Simple SSL plugin, and click Activate.

Image for post
Image for post
Image for post
Image for post

Step 7: Activate SSL

Go to the Settings option in the left sidebar menu and click SSL to open the Really Simple SSL plugin.

Image for post
Image for post

Once the settings for Really Simple SSL is open, click on the Reload over https button.

Image for post
Image for post

As a note, the page may look a little distorted after you click the button. But it will be resolved right after the next step.

Scroll down the page until you find the “Almost ready to migrate to SSL” header. Then, click on the Go ahead, activate SSL! Button.

Image for post
Image for post

Log out of your WordPress admin, and log back in again.

Your live website should be running in https now. Be sure to go through your website to make sure that everything is working as expected.


You may have been wondering why you have not been getting many leads on your website, even with the changes that you made to improve the design, make it mobile-friendly, and add clear calls to action.

The answer may be in your website security. With the warning now displayed in Google Chrome, people are more informed about the security of websites they visit.

But, in just seven steps you can improve your website experience for your visitors, and give them the piece of mind that their information is secure.

You can also potentially move your website up in the search results.

Did you notice any results from moving your WordPress website from http to https?

Written by

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store