How to Fix HTTPS and SSL Issues in Your WordPress Website?


Google has consistently taken steps to allow website owners to prioritize protection with best practices in order to protect their customers. One of these steps is a website’s “Site Not Safe” warning. It means that SSL is not installed on the website.

As website owners, we obviously want to have the best experience for our users, so we want the best WordPress security measures for our pages.

So, if your WordPress site isn’t secure, this article will show you how to fix it and make your site safe for your visitors and their information.

TL;DR version

To fix the WordPress site, not a safety problem, install an SSL certificate, redirect the site to HTTPS, change all internal links to secure links, and upgrade the Google Search Console. Before you make any updates, make a backup of your entire site.

Why are you getting a warning that your WordPress site isn’t secure?

Since your site has no SSL certificate or an SSL certificate that was not properly installed during installation, you’re seeing the WordPress site, not a safe note. Installing an SSL certificate enhances your user experience while also adding a layer of protection. If there’s a problem with your SSL, Google will display a “Not Safe” message.
There are two main advantages of using SSL or HTTPS on your website. To begin, all traffic to and from your website is encrypted. This has a lot of privacy and protection benefits. Second, the not safe alert on the WordPress website has been replaced with a more reassuring green lock.

How to fix a WordPress site, not secure warnings?

We’ve broken the process down into manageable chunks for you to obey. The method takes a few hours in total, so we suggest bookmarking this page and going through it in stages.

Even, don’t be surprised if the next few sections seem to be a little technical. If you carefully follow the directions, you will be able to resolve the WordPress site, not safe alert. Before you begin, make a backup of your website for extra peace of mind.

Start with an SSL pre-check

When a website goes online, some web hosts or developers can install an SSL certificate. Check if the SSL certificate is already installed by visiting your website in an incognito window.

If your site’s URL is, add an “HTTPS://” before it and enter in the browser address bar.

By using the “HTTPS://” in your URL, your browser will attempt to connect to the encrypted version of your website. You’re in luck if you see the green padlock. You should miss downloading the SSL certificate and instead focus on fixing your site’s mixed content issues.

Backup your site

You should certainly take a complete WordPress site backup before taking any more action to repair the WordPress site,’s not a safety alert. Before making any changes to your website, it is a good idea to make a backup, particularly if the changes are significant.

To back up your site, we suggest using BlogVault. If something goes wrong, you can easily restore your site with a single click.

You will allow real-time updates once your site is connected to BlogVault. Real-time backups begin automatically saving changes to your site. This means you can easily pick the most recent working version of your site backup and avoid losing all of your work due to a single blunder.

Install the SSL certificate to make the link more reliable

Most people are apprehensive about downloading an SSL license, and they would have been justified a long time ago. Things are much easier now, thanks to plugins that do the majority of the heavy lifting.

However, it is a lengthy procedure. Carefully follow our instructions for installing an SSL certificate. It covers everything you need to know about SSL certificates, including:

  • Choosing an SSL certificate
  • Installing a custom certificate
  • Verifying the SSL certificate

If you have any questions about the different types of certificates available, as well as how and where to purchase them, this article will answer them all.

Return to this article and complete the remaining steps after you’ve finished downloading the certificate.

It’s important to note that simply downloading the certificate is insufficient.

Redirect Links From HTTP to HTTPS

The next move involves some technical jargon, which you should be familiar with as a website owner. Knowing the difference between HTTP and HTTPS is useful.

Now you must ensure that every page on your site is served safely, meaning that all visitors are directed to the SSL version of your site. An HTTP to HTTPS redirection is used in this case.

Don’t be concerned if this seems to be a little difficult. You can redirect URLs from HTTP to HTTPS in two ways, just like everything else in WordPress:

  • With a plugin
  • Without a plugin

We strongly advise you to use a plugin like Very Simple SSL to convert your site from HTTP to HTTPS. Forcing the site to redirect to SSL manually can have a number of unintended effects since it necessitates fiddling with WordPress core files that should be avoided.

In either case, we’ve put together a comprehensive guide to help you force a redirect from HTTP to HTTPS. To get step-by-step instructions, go ahead and read through the post. Then return to this page and finish the rest of the post.

You’ll see some mixed content problems if the forced redirection didn’t work properly. Going to one of these pages and looking for mixed content problems is a really easy way to find out:


Search and replace all internal links to the HTTPS version

Mixed content refers to the fact that your website serves both safe and unsecure URLs. This means that even though your site has an SSL license, some older pages are only served with HTTP URLs.

With WordPress themes and photos, this is a very popular issue.

You can do this in two ways:

  • With a plugin
  • Without a plugin

Manually removing mixed content problems is risky because it requires modifying database entries. You’ll end up destroying your whole site if you do it incorrectly. So, right now, use BlogVault to create a complete backup of your website.

We’ll do whatever we can to reduce the risk, but using a plugin to address mixed content issues is always the safer choice. WPBeginner demonstrates how to use the SSL Insecure Content Fixer plugin in this article.

However, if you insist on doing it manually, we suggest the following steps:

  • Take another backup: If there was ever a time to back up the whole website, now is the time.
  • Make a list of HTTP URLs as follows: To find HTTP URLs and make a list, use WhyNoPadlock.
  • Replace: Install Better Search Use the plugin to find HTTP connections and replace them with HTTPS.

Adjust the link from HTTP to HTTPS by “searching for” the HTTP URL and pasting the same URL into “Replace with.”

The main disadvantage of this approach is that, through the use of a plugin, it still allows you to do this manually for each URL one at a time.

Update Google Search Console and Analytics

Now that you’ve finished downloading the SSL certificate and ensuring that your WordPress site is served in HTTPS mode, it’s time to notify Google. If you do not make this move, Google Search Console will continue to collect data from the HTTP version, which will receive less and less traffic in the future.

    1. Go to Google Search Console and create a new property for the HTTPS version.
    2. Adding a property to the Google Search Console for the HTTPS edition of a WordPress site
    3. Then, with the latest HTTPS versions, re-submit your sitemap files.
    4. Submitting a modified sitemap in Google Search Console with the HTTPS version
    5. Go to the Google Disavow Tool and choose your HTTP version if your site has any connection disavow files in Search Console. Save the file to your computer and then upload it to your new profile. Then permanently uninstall the old profile.
    6. After you’ve completed this, go to Google Analytics and update your property and view. If your Analytics account is linked to your Search Console, all you have to do is go to Property Settings >> Default URL >> pick “HTTPS://” from the dropdown.
    7. Changing the default URL for a Google Analytics property to HTTPS
    8. Apply the same logic to the view. Select “HTTPS://” from the dropdown menu under View Settings >> Website’s URL.

That’s all you have to do to get rid of the WordPress site, not safe alert.

Why you should implement SSL on your website?

The crucial thing to note is that the benefits of this procedure will outweigh any slight discomfort you may feel as a result of venturing into unfamiliar territory.
In your browser, there is an alert that your link to this site is not completely secure.

You’ll get the following:

Enhanced site security

When you serve a site over HTTPS, you encrypt your site’s information using an SSL/TLS link, making your WordPress site safer. In layman’s terms, this ensures that even though a hacker intercepts your website’s data, they won’t be able to decode the confidential data and decipher what it really says.

This is especially important for eCommerce sites that handle financial transactions. A hacker might steal financial information directly from your site if the transaction isn’t encrypted.

There will be no more Chrome warnings

Chrome has a market share of over 73 percent of the browser market. As a result, a Chrome alert will affect a significant portion of your web traffic. The WordPress site, not a safety problem would be permanently resolved by resolving a few minor technical issues.

This issue, however, affects all major browsers, including Firefox and Mozilla. You may start getting Google Search Console warnings as well. For a permanent repair, we suggest that you follow the exact steps outlined in this post.

The pace of site loading

The new HTTP/2 protocol for connecting to a website is significantly faster than HTTP. HTTP/2 now necessitates SSL connections. As a result, installing an SSL certificate will significantly increase the speed at which your site loads.

Since not all web hosts can automatically have HTTP/2 protocols, we say “may.” Before using GTMetrix to evaluate your results, check with your web host to see if HTTP/2 is enabled for your accounts.

Traffic from SEO

HTTPS is a ranking factor on Google SERPs, according to a Google Search Central post. You pay attention as Google tells you how to improve your SEO rankings and traffic. There’s no way around it. But it isn’t just Google Search Central. Independent SEO blogs carried out a slew of research studies, all of which reached the same conclusion.

The credibility of the brand

According to GlobalSign, a well-known SSL certificate provider, 77 percent of online users are concerned about their personal information being compromised or misused. Having the green padlock on your site simply adds to the prestige of your company.

It’s basically a requirement for eCommerce sites now, as no one trusts an online store with a site, not safe alert. Extended Validation SSL certificates are even used by financial institutions and major marketplaces. Easy portfolio pages, on the other hand, should have SSL installed for the sake of brand reputation.

Referral Traffic

This is more of a marketing justification than a security reason, similar to SEO. However, HTTPS can provide a more accurate image of referral traffic. The majority of marketers are unaware that Google Analytics blocks HTTPS to HTTP referral info. If your HTTP site receives referral traffic from an HTTPS site, the data is categorized as “Direct Traffic.”

This is extremely deceptive and can lead you to make some very poor marketing decisions. So, if you’re wondering why your Direct Traffic has increased while your Referral Traffic has decreased in Google Analytics, this may be a major factor.


There’s a lot more to solving the WordPress site not safe problem than you would think, as you certainly discovered the hard way. In terms of site protection, properly installing the SSL certificate is a positive move in the right direction. That isn’t enough, though.

We strongly advise you to sign up for MalCare. MalCare is a WordPress protection plugin that checks the site for malware automatically. If your website is hacked or corrupted, MalCare can assist you in removing the malware with a single click.

You also get a powerful WordPress firewall to keep your site secure from hackers and bots. The firewall, which is driven by a strong learning algorithm, automatically blocks malicious IPs discovered across all of MalCare’s 250,000+ pages.