← All tips

Switch Your Website to HTTPS

security

The vast majority of websites now use HTTPS. If yours doesn’t, it sticks out — and not in a good way. Browsers flag it as insecure, Google ranks it lower, and visitors lose trust before they’ve read a word.

What HTTPS means

HTTPS stands for Hypertext Transfer Protocol Secure. It’s the standard HTTP protocol wrapped in a layer of encryption called TLS (Transport Layer Security), formerly known as SSL (Secure Sockets Layer). When your site uses HTTPS, the data exchanged between your visitor’s browser and your server is encrypted and cannot be intercepted.

HTTPS is secure and considerate

Without HTTPS, any data your visitors send through your website — contact forms, login credentials, search queries — travels across the internet as plain text. Anyone on the same network can potentially read it. Using HTTPS is a basic act of respect for your visitors’ privacy.

Avoid the “Not Secure” label

Modern browsers now mark all HTTP pages as “Not Secure” in the address bar. This warning erodes trust immediately. A visitor seeing that label on your website may well leave before reading a single word.

HTTPS affects Google ranking

Google has confirmed that HTTPS is a ranking signal. More importantly, an HTTP site now actively hurts you — browsers display a prominent “Not Secure” warning, which increases bounce rates. Google notices that too.

How to get a certificate

The good news: SSL/TLS certificates are now free and easy to obtain.

  • Let’s Encrypt — a free, automated certificate authority. Most hosting providers support it with one-click installation.
  • Cloudflare — provides free SSL even on their free plan, acting as a proxy between visitors and your server.
  • Your hosting provider — most managed WordPress hosts include free SSL certificates and will handle the setup for you. Many do it automatically.

After switching

Once HTTPS is active, make sure to:

  1. Redirect HTTP to HTTPS — so visitors who type your old URL or follow old links are automatically sent to the secure version
  2. Update internal links — change any hardcoded http:// references in your content to https://
  3. Update Google Search Console — add your HTTPS property
  4. Check for mixed content — make sure all resources (images, scripts, stylesheets) are also loaded over HTTPS

The switch is straightforward — in many cases your hosting provider can do it for you in minutes. There is no reason to still be on HTTP.