There are several good reasons to set up HTTPS and SSL on your website. It gives your site a small SEO boost. You may need it for GDPR compliance, because the GDPR introduces a requirement to handle personal data securely. If you have an email sign-up form, this should use HTTPS, as GDPR considers emails to be personal data, and HTTP is not secure.
From July this year, the Chrome web browser will start labelling all web pages that do not have HTTPS as “Not secure“. This could cause some confusion, potentially giving your users the impression that your website has been hacked, or that it has some other security issue. Whatever else it does, it certainly won’t give a good impression.
HTTPS requires an SSL certificate, which will need to be installed on your web server by your hosting company, and they may have already done so. SSL Shopper have a simple form that you can use to check if you have a certificate (www.sslshopper.com/ssl-checker.html).
Simply enter your website address and click the button. The results include a lot of detail, but if they are all green ticks, then you have a certificate correctly installed. If you don’t have an SSL certificate, check your web hosting company’s documentation to find out how to add one. Some offer them for free, others charge extra. You can then use the SSL Shopper site to check that it is installed and set up.
Now that you have the certificate, you need to make sure that browsers actually view your pages over HTTPS instead of HTTP. If you’re using WordPress, I recommend the One Click SSL plugin.
Once it is installed and activated, go to the settings. It has a button to check that SSL is enabled. Assuming that check passes, you can then enable SSL. Make sure that SSL is enabled and that SSL Areas is set to “Everywhere” (see the screenshot above). Once that is done, every visitor to your website will use HTTPS instead of HTTP.
My WordPress hosting includes an SSL certificate and will serve all pages over HTTPS by default.