Fix WordPress Not secure SSL Certificate

Fix WordPress Not secure SSL Certificate

What is an SSL Certificate and Why is vital to have one.

SSL is the backbone of our secure Internet and it protects your sensitive information as it travels across the world’s computer networks. SSL is essential for protecting your website, even if it doesn’t handle sensitive information like credit cards. It provides privacy, critical security, and data integrity for both your websites and your users’ personal information.

SSL Encrypts Sensitive Information

The primary reason why SSL is used is to keep sensitive information sent across the Internet encrypted so that only the intended recipient can access it. This is important because the information you send on the Internet is passed from computer to computer to get to the destination server.

Any computer in between you and the server can see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted with an SSL certificate.

When an SSL certificate is used, the information becomes unreadable to everyone except for the server you are sending the information to. This protects it from hackers and identity thieves.

SSL Provides Trust

Web browsers give visual cues, such as a lock icon or a green bar, to make sure visitors know when their connection is secured. This means that they will trust your website more when they see these cues and will be more likely to buy from you.

SSL providers will also give you a trust seal that instills more trust in your customers.

So let’s get back to our point. If your WordPress website has the “Not Secure” status in browsers there may be two or more reasons:

WordPress Not secure SSL Certificate
  1. Your hosting comapany is not oferit you a valid SSL Certificate and you have to buy one, get in touch with them.

2. This is the most common reason if you have a valid SSL Certificate and your website it’s still not secure:

  • You have in your WordPress source code links with “HTTP” prefix instead “HTTPS” like you see in the photo below:
WordPress Not secure SSL Certificate

How to fix it?

In the old days we change those links manually 1 by 1, but not today. You need to install WP Force SSL & HTTPS Redirect and this WordPress plugin will rename all “HTTP” links to “HTTPS”.

What is WP Force SSL & HTTPS Redirect?

WP Force SSL helps you redirect insecure HTTP traffic to secure HTTPS one without touching any code. Just activate Force SSL and everything will be configured for you and SSL enabled.

The entire site will move to HTTPS using your SSL certificate. It works with any SSL certificate. It can be free SSL certificate from Let’s Encrypt or a paid SSL certificate.

How to add SSL & enable SSL? Most hosting companies support the free SSL certificate from Let’s Encrypt, so just login to your hosting panel and add SSL certificate for free.

You’ll probably see a button labeled “Add SSL Certificate” or “Add Let’s Encrypt Certificate” and after that it’s 1 click to have the SSL enabled on your site.

To keep things fast & simple WP Force SSL is very lightweight – there are only two settings.

Access options via main Settings menu – Force SSL.


  • Get an SSL certificate (yea, you need one, sorry).
  • Activate WP Force SSL.
  • Test certificate & you’re done!


WP Force SSL comes with an SSL certificate testing tool. Simply click “Test SSL certificate” and it’ll test if the certificate is valid, properly installed, up-to-date, and generally in good shape to be used on your site so you can force SSL.


  • Force SSL – automatically redirect all traffic from HTTP to HTTPS
  • Enable HTTP Strict Transport Security (HSTS) – HSTS is a web security policy mechanism that helps to protect your site against protocol downgrade attacks and cookie hijacking.
  • It allows web servers to declare that web browsers should interact with it using only HTTPS connections. HSTS adds additional security to your site.

Related Posts

0 thoughts on “Fix WordPress Not secure SSL Certificate

Leave a Reply

Your email address will not be published.