Setting up HTTPS is now easier than ever. Nearly all modern web hosts — including Hostinger, SiteGround, WP Engine, GoDaddy, and GreenGeeks — provide free SSL certificates through services like Let’s Encrypt or AutoSSL. Even though SSL is now standard, forcing your website to load over HTTPS is still an essential step for security and SEO. In this updated guide, we’ll walk through enabling your SSL and ensuring your WordPress website loads securely. If you’d rather have this handled for you, our Website Design services include full site setup and security hardening.
1. Check Whether Your Host Already Provides SSL
Most hosts automatically install a free SSL certificate as soon as your domain is connected. To confirm, log into your hosting dashboard and look for an SSL or Security section. If the SSL is active, you should see a status such as “Active,” “AutoSSL Enabled,” “Let’s Encrypt Installed,” or similar.
If the SSL is not yet enabled, simply toggle it on, click “Add SSL,” or run “AutoSSL.” No email verification or special admin addresses are required anymore.
Not sure where to find it? Your host’s support can enable SSL for you in seconds.
2. Enforce HTTPS Using Your Hosting Provider (Recommended When Available)
Many modern hosting dashboards now include a built-in HTTPS enforcement option. This is the simplest and most reliable way to make sure all traffic loads securely, without needing a plugin.
- WP Engine: Under Site → Domains, toggle “Force HTTPS.”
- Hostinger: Under Advanced → SSL, enable “Force HTTPS” or “Redirect HTTP to HTTPS.”
- SiteGround: In Security → HTTPS Enforce, switch on “Enforce HTTPS.”
- GreenGeeks: Under Security → SSL, enable the HTTPS redirect.
If your host offers this toggle, use it — it’s more stable and faster than plugin-based enforcement.
3. Enable HTTPS Inside WordPress (If Your Host Does Not Provide Enforcement)
If your hosting provider does not include an HTTPS enforcement toggle, you can handle it inside WordPress using a redirection plugin.
- Log into WordPress.
- Install and activate Easy HTTPS Redirection or Really Simple SSL.
- Enable automatic HTTPS redirection for the entire domain.
- Browse your site and check for mixed-content warnings — these happen when images or scripts still load over http:// instead of https://.
Most mixed-content warnings can be fixed automatically by Really Simple SSL, or manually by updating URLs inside WordPress or your theme settings.
4. Verify Everything Is Secure
After enabling HTTPS, visit your site in an incognito window. You should see a padlock icon with no warnings. You can also test your site using Why No Padlock to ensure every resource is loading securely.
For more ways to maintain site security, see our guide to setting up iThemes Security.
Your site is now fully using HTTPS — improving both security and SEO.