If you've already installed WordPress, but your website is loading with http:// and displaying "Not Secure" in your browser, then this article is for you. We will address how to install a free SSL certificate on cPanel, setup WordPress to use https://, and ensure all traffic is routed to it properly. This article will be broken down into three steps, you must follow them in order.
It's important to mention that WordPress supports SSL (https://) out of the box, you do not need to install any sort of plugin to implement it.
Step 1 - Issue an SSL Certificate
Login to your cPanel account. If you are unsure on how to login, please review this article first.
Once inside cPanel, scroll down, find the Security section, and click on "SSL/TLS Status" under Security.
You should see all of the domains and subdomains listed here. If the domain(s) you want to issue SSL for is already green, then you can skip to Step 2. If the domain(s) is red, you'll want to click on the domain and click "Run AutoSSL".
You'll see "AutoSSL in-progress..." and after some time, the page will automatically refresh, and you'll see "AutoSSL Domain Validation" in green.
If the SSL certificate fails to issue, you may have some problems with your DNS, or your nameservers are not pointed to BigScoots. Please search our Knowledge Base for articles on DNS and Nameservers for further assistance.
We are now ready to move on to Step 2...
Step 2 - Configure WordPress to use https://
Log into your WordPress administrative interface, typically you'd add /wp-admin/ or /wp-login.php/ to the end of your website's URL. You can also login through Softaculous within cPanel.
Once inside your /wp-admin/ please navigate to Setings -> General
Once inside General, you'll want to change http:// to https:// after both "WordPress Address (URL)" and "Site Address (URL)".
After adding the "s" be sure to scroll to the bottom and click "Save Changes"
Once the changes are saved, you'll be logged out of /wp-admin/ and will probably need to solve a Google ReCaptcha before you can log back in.
That's it for setting WordPress to use https://. Your website should now load with an SSL certificate when you visit it using https://yourdomain.com/
Time to move on to Step 3...
Step 3 - Route All Traffic From http:// to https://
Not all traffic will automatically use the https:// version of your website, especially if they are using an older browser. You'll want to tell cPanel to force an HTTPS redirect on all visitors to your domain.
You'll want to log in to your cPanel account again, navigate to the Domains section, and click on "Domains".
Once inside Domains, you'll see an option that says "Force HTTPS Redirect". Go ahead and toggle that "On".
That's it! All of your traffic that reaches your WordPress site will now be automatically routed from http:// to https:// when they visit your website.