Sad face unlocked icon turns into green face lock icon

Get Your Nonprofit’s WordPress Website on HTTPS

Updated February 9, 2018 following Chrome announcement of expanded “Not Secure” labeling.


One of the three keys to a healthy WordPress site is security, and one of the keys to security is getting your site on “HTTPS”.

Let’s figure out if you’re using HTTPS right now:

  1. Copy the address of your nonprofit’s home page and paste it somewhere.
  2. Does it start with “http” or “https”?

If it starts with “http”, then you’re missing out on all the benefits of the “s” in “https” which stands for—you guessed it—”secure”.

The benefits of HTTPS

As with many things, there are both carrots and sticks to get your site on HTTPS. It’s always nice to stay positive, so let’s start with the carrots!

Why HTTPS is Important

When your site is on HTTPS:

  • All traffic between your site and the browser is “encrypted.” That keeps a hacker using public wifi in a coffeeshop or airport from easily stealing your user account password or a potential volunteer’s address.
  • Users trust your site more because the browser will show the green lock icon (i.e. the encryption).

HTTPS & green lock icon in browser address bar

Hopefully those reasons are enough to convince you already. If not, Google Chrome is about to start waving around a pretty big stick!

Why You Should Stop Using Plain HTTP ASAP!

In October 2017, users started seeing a “Not Secure” warning when they used any form on a site using HTTP (no S).

"Not Secure" warning in Google Chrome 62
Engadget has a great animated GIF showing the behavior.

Chrome had been doing this already for password fields which you may have noticed when logging into WordPress if your site is on HTTP.

As of July 2018, Chrome users will see a “Not Secure” warning for any web page not using HTTPS.

Difference between Chrome 64 and 68: URL bar will show "Not Secure" warning for websites without https.
The new warning message in Chrome starting July 2018. (Image from Chrome announcement post.)

While this doesn’t mean your site has gotten less secure than it was before, your visitors likely don’t know the difference or care. You can expect a decrease of trust in your website and probably complaints from visitors if you don’t upgrade to HTTPS soon.

How to upgrade your WordPress site to HTTPS

To get HTTPS, you’ll have to start by getting an SSL certificate. Many hosts now support a free SSL certificate from an open source initiative called “Let’s Encrypt.” Both our recommended hosts SiteGround and WP Engine offer free SSL!

Once that’s set up, you still need to actually change your site address to include the “s” in “https://”:

  • If you’re making a brand new website, get the SSL certificate first and then just build the site on HTTPS from the start! No further action required.
  • If you have an existing HTTP site, Really Simple SSL is a great plugin to help you get started. Unfortunately, depending on your theme and plugins, you may need to update additional settings or contact a developer to help fully switch to HTTPS. Many hosts will help you with this change if you contact support.
  • If you use SiteGround or WP Engine, both offer tools to convert your sites from HTTP to HTTPS for you! You pretty much just need to click the right button.

Visitor Trust Leads to More Impact

You don’t need anyone to tell you that it’s critical for your stakeholders trust you as an organization. The same goes for the importance of trust by your website’s visitors.

Trusting visitors will be more likely to sign up for your newsletter. Even more critically, distrusting users will be less likely to make an online donation.

Right now is the time to move your website to HTTPS if you haven’t yet. Your visitors will both be more secure and feel more secure.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.