1. Install and activate an SSL certificate
The simplest and cheapest (free!) option for this is using Let’s Encrypt. You may alternatively purchase and install a commercial certificate.
2. How to force HTTPS
only pick ONE of the options below
Option 1: Use Plesk to force HTTPS
- Log in to Plesk
- Select “Hosting Settings” under the domain for which you wish to enable HTTPS
- Look under the “Security” header and check the box that says: Permanent SEO-safe 301 redirect from HTTP to HTTPS.
- Click Apply or OK.
Option 2: Use Apache to force HTTPS
If you’re not using nginx/php-fpm performance mode, then you can simply use an .htaccess file to force https. Create a file called .htaccess (if it doesn’t already exist) within your web root, then enter the following within it:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Option 3 Use Really Simple SSL Wordpress plugin:
- Login to your Wordpress site
- Go to Plugins > Add new
- Type 'Really Simple SSL' on Search box
- Install and activate
- Please click "Go Ahead and activate SSL".
Be sure to check any mixed contents (images or links) which were hard coded on your posts and pages.