An SSL certificate encrypts traffic between your visitors and your site, shows the padlock in the browser, and is a confirmed ranking signal for Google. On Hostnasi hosting it’s free and mostly automatic. Here’s how to get it live and fix the mixed-content warnings that sometimes follow.
Getting the certificate
Every domain on our servers is covered by AutoSSL, which issues and renews free Let’s Encrypt certificates automatically. To check or trigger it:
- Log in to cPanel and open SSL/TLS Status.
- Find your domain in the list. A green padlock means it’s covered.
- If it isn’t, tick the domain and click Run AutoSSL. Within a few minutes the certificate issues.
Point WordPress at HTTPS
In WordPress, go to Settings → General and make sure both the WordPress Address and Site Address begin with https://. Save. This tells WordPress to load itself over the secure connection.
The mixed content problem
After switching to HTTPS, you may see a warning that the connection isn’t fully secure, or the padlock shows with a caution. This is mixed content: your page loads over HTTPS but still references some images, scripts or stylesheets over plain HTTP. Browsers flag this because it partially defeats the encryption.
Fixing mixed content
The cleanest fix is a search-and-replace across the database to update old http:// URLs to https://. A dedicated “better search replace” plugin does this safely — point it at your domain and swap http://yourdomain.com for https://yourdomain.com. Always back up the database first.
Force HTTPS for everyone
Finally, redirect all HTTP traffic to HTTPS so nobody lands on the insecure version. Add this to the top of your .htaccess:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Reload with the browser console open to confirm no more mixed-content warnings appear. Once it’s clean, that padlock is solid — good for trust and good for SEO.