Wordpress site not secure [2025] 💥
Especially if you run a webshop, it is very harmful if your visitors see messages on your website as "Wordpress site not secure". There are a lot of other variants that all come down to the same thing, it immediately scares off your visitors. Nobody wants to buy something and make a payment on a website that already indicates itself not to be safe. The problem is that your site doesn't have an active SSL-certificate. We will quickly explain to you how to solve this problem as quickly as possible!
Advertisement
NB: Always back up your website before making any changes.
Secure websites run on https:// and not on http:// and thus before we do anything else we have to re-direct all pages/posts to https:// The best way to do this for a Wordpress websites is using a plugin that does it all for us. Go to "Plugins" >> "Add new" in your Wordpress backend. Use the searchbox, type "ssl".
Install and activate the "Really simple SSL" plugin (free), used by over 5 million people. The plugin itself will guide you through all steps, see screenshot below. If there is a SSL certificate installed for your site you are ready now. Otherwise follow with one of the 5 options below.
1. Put your site on Cloudflare CDN (free)
This is the easiest and best solution to fix the issue, get a free certificate without having to install it, and get Cloudflare protection and CDN for free. A CDN makes your websites available from hundreds of servers all over the world for fast access for your visitors. Cloudflare gives you this for free. All you have to do is follow this link and sign up, add your website, and then go to your domain registrar and change your nameservers to those of Cloudflare. Cloudflare itself will guide you through all the steps. The option "Free plan" is at the bottom, see screenshot below.
2. If you have server control
This is for anybody that has control over a VPS, VDS or dedicated server. I will explain the situation for WHM (Cpanel) but other systems like Plesk or DirectAdmin have this too. Logion to your WHM panel. Use the searchbox. Type: "ssl". In the menu click on "Manage AutoSSL". In the middle of the screen click "Run AutoSSL for all users". The server needs some time to execute this, give it an hour and then check your website. It will be secure.
3. If you have a hosting panel
If you are on a shared hosting, you have to look for the "Let's Encrypt" function in your hosting panel. Hosters is know that provide this are WP Engine, Kinsta, A2 Hosting, Cloudways, InMotion Hosting, GreenGeeks, HostGator, Bluehost, Siteground and Hostpapa. Just login to your Cpanel anyway and see if your hoster provides this. Click on "Let's encrypt". This will bring you to a list all of your domains. If you have multiple domains, select the one that you are currently working on and then choose "Issue".
Can't find "Let's Encrypt"? Then find "SSL/TLS Status" and click on it. This will lead you to the following page. See screenshot below.
Number 2 in the screenshot, mark all the boxes you see there, then click "Run AutoSSL". Give the server some time to take care of the issue, this will not be instantly done. Do something else, come back in 1 hour and check if your site is secure now.
NB: If you are using Cloudflare, then Cloudflare will take care of the SSL-certificate. Running AutoSSL here if you are on Cloudflare nameservers won't change anything. You should not be worried about the warnings here in that case, as there is no more stable certificate then being on Cloudflare. They take care of it for you, and all for free.
4. Using a free Wordpress plugin
The best plugin for this type is called " One Click Free SSL Certificate Plugin". In your Wordpress backend, go to "Plugins" >> Click "Add New". Look for the name of your plugin. It is now possible to install and activate it. Now you will receive a confirmation email. Click on the link in your email. Select the free plan.
To learn how to install the certificate, watch their video. You can also get a fully automated version. This will take you out of the process but cost you only 27 dollars, or 45 dollars per year. I can tell you that this is the best and most efficient option.
5. Ask your hostingprovider
Installing a certificate yourself manually is not a task for beginners. Even if I explain all steps here you will certainly run into trouble. If you don't know how to do this already, then hire someone cheap to do it for you on Fiverr.com for example or ask your hostingprovider to do it for you. If you are stubborn and want to try it yourself anyhow then google on it and you will find a tutorial for it, but I advise against it.
Advertisement