How do I make my site say it’s “secure” in web browsers?

This page is showing a generic answer.
To see a more detailed answer customized for you, type your domain name here:

You can use SSL security for your website on our servers. Doing so allows you to display secure, encrypted pages to your visitors, and makes the browser say your page is “secure”. For example, it makes your site look like this in the Google Chrome browser:

SSL browser secure padlock

Adding SSL security to your site involves four steps:

1. Get an SSL certificate

The first thing you need to do is add an SSL certificate to your site using our “My Account” control panel. This is easy and free. (In many cases, we’ve automatically added an SSL certificate for you — our control panel will show you if we have.)

Adding the SSL certificate avoids the problem of a “not secure” icon showing when you try to load it via SSL, like this in Google Chrome:

SSL Not Secure warning

2. Change your URLs to prefer “https” instead of “http”

Adding an SSL certificate allows your site to use secure SSL connections, but doesn’t make web browsers connect securely. To actually use the certificate, web browsers need to use https:// at the beginning of the URL address for each page, instead of http://. So you should now use URLs beginning with:

https://www.example.com/

... instead of:

http://www.example.com/

To do this, look through your site pages for http:// URLs and change them to https://.

If you’re using WordPress, you can do this for most URLs by logging in to the WordPress dashboard, clicking Settings > General, and changing both the “WordPress Address (URL)” and “Site Address (URL)” so they begin with https:// (that is, add an s after “http” and before the colon).

3. Make sure your site shows as “secure”

After doing steps 1 and 2, your site should show the “secure” padlock icon when you load it as https://www.example.com/.

If it doesn’t show as secure, or if it looks like this:

SSL Warning icon

... it means some part of the page “source code” is still using http://. You can follow the troubleshooting steps on our "Partially Secure" SSL Pages page to fix this.

4. Force all requests to use SSL security (optional)

After doing steps 1-3, your pages should show as “secure” whenever anyone views them using https://www.example.com/.

You may wish to force every page to always display as “secure”, even if someone types it as http:// or uses an outdated bookmark or search result. If you want to do that, our Forcing SSL Connections page explains how.