How do I make my site say it’s “secure” in web browsers?
You can use SSL security for your website on our servers. Doing so allows you to display secure, encrypted pages to your visitors, and makes the browser say your page is “secure”. For example, it makes your site look like this in the Google Chrome browser:
Adding SSL security to your site involves four steps:
1. Get an SSL certificate
The first thing you need to do is add an SSL certificate to your site using our “My Account” control panel. This is easy and free.
Adding the SSL certificate avoids the problem of a “not secure” icon showing when you try to load it via SSL, like this in Google Chrome:
2. Change your URLs to prefer “https” instead of “http”
Adding an SSL certificate allows your site to use secure SSL connections, but doesn’t force web browsers to connect securely. To actually use the certificate, you need to load each page of your site in a browser using https:// at the beginning of the URL address, instead of http://. So you should now use URLs beginning with:
... instead of:
To do this, look through your site pages for http:// URLs and change them to https://.
If you’re using WordPress, you can do this for most URLs by logging in to the WordPress dashboard, clicking Settings > General, and changing both the “WordPress Address (URL)” and “Site Address (URL)” so they begin with https:// (that is, add an s after “http” and before the colon).
3. Make sure your site shows as “secure”
After doing steps 1 and 2, your site should show the “secure” padlock icon when you load it as https://www.example.com/.
If it doesn’t show as secure, or if it looks like this:
... it means some part of the page “source code” is still using http://. You can follow the troubleshooting steps on our "Partially Secure" SSL Pages page to fix this.
4. Force all requests to use SSL security (optional)
After doing steps 1-3, your pages should show as “secure” whenever anyone views them using https://www.example.com/.
You may wish to force every page to always display as “secure”, even if someone types it as http://. If you want to do that, our Forcing SSL Connections page explains how.