WordPress SSL Guide: HTTPS Setup Made Easy

Published April 21, 2026

WordPress SSL Guide

SSL (HTTPS) is mandatory for WordPress sites in 2026. Google marks non-HTTPS sites as "Not Secure," browsers block form submissions on HTTP pages, and search rankings factor in HTTPS as a positive signal. Setting up SSL is straightforward with modern hosting.

How SSL Works

SSL encrypts data in transit between your server and the visitor's browser. The padlock icon in the browser address bar indicates an active SSL certificate. Certificates are issued by Certificate Authorities (CAs) — Let's Encrypt provides free certificates automatically. Paid certificates from DigiCert or Sectigo add warranty coverage and extended validation (EV) indicators for business sites.

Getting an SSL Certificate

Most managed WordPress hosts provision SSL automatically. SiteICO uses Caddy's On-Demand TLS to automatically issue and renew Let's Encrypt certificates for every domain — including custom domains — without any manual steps. Simply point your DNS to SiteICO and HTTPS works immediately.

Forcing HTTPS in WordPress

After the certificate is active, update WordPress settings: go to Settings → General and change WordPress Address and Site Address to use https://. Then configure your server to redirect HTTP to HTTPS. In Caddy, this is automatic. In Nginx or Apache, add a redirect rule. For SiteICO-hosted sites, HTTPS is enforced at the Caddy gateway level.

Fixing Mixed Content Errors

Mixed content occurs when an HTTPS page loads resources (images, scripts, styles) over HTTP. Symptoms: padlock shows with warning, browser console reports mixed content errors. Fix using the Better Search Replace plugin to update all HTTP URLs in the database to HTTPS. Run a site crawl with Screaming Frog afterwards to confirm no mixed content remains.

SSL Impact on Performance

Modern TLS 1.3 adds negligible overhead — typically 1-2ms. The HTTPS handshake is cached after the first request (session resumption). HTTP/2 and HTTP/3 require HTTPS and deliver significant performance benefits that far outweigh any TLS overhead. The net effect of adding SSL properly is a faster, more secure site.

SSL and SEO

HTTPS is a confirmed Google ranking factor. More importantly, non-HTTPS sites display security warnings that crush conversion rates. Check Google Search Console after adding SSL — monitor for any indexing issues caused by the transition from HTTP to HTTPS, particularly if 301 redirects weren't implemented correctly.