Get and install an SSL Certificate: First you need an SSL certificate, which is associated with your domain and hosting and does not sit within your WordPress installation. There are lots of companies that sell SSL Certificates online, such as SSLs.com, Media Temple, GoDaddy, Comodoand Namecheap. Let’s Encrypt is a valid option for getting a free SSL certificate, and many hosting providers work with them. It is easiest to first check what your hosting provider can offer. Many hosting providers offer free SSL but unless you look for it you might not know. Even if your hosting provider doesn’t offer free SSL, it is often easier to work with an SSL service provider that has a relationship with your host for a small additional fee.
Check your SSL Certificate: Once you have an SSL certificate installed on your site using the instructions provided with the certificate, it is good to verify it. There are SSL check tools that you can use to verify your SSL such as Qualys SSL
Change your WP dashboard: Update your site address in the WP dashboard to the https version.
Redirect HTTP to HTTPS: We recommend that you follow the instructions that your hosting company gives you with your SSL certificate, rather than using a plugin to do this.
Redirect Mapper to check that you don’t have too many redirects on your URL. Redirects are essential, but they can also slow down your site if there are too many.
Update your hard-coded links: You might have links in your website that link to the HTTP version of your site. You should update these, even though the SSL plugin will redirect them. The Better Search and Replace plugin can help you achieve this.
Update CDN: If you use a CDN, then update the address in the CDN plugin or console.
Check for mixed content: Mixed content warnings occur when you have unsecure content on a secure page. Use SSL Check to check for unsecured content. If you have already updated your links, this should not show too many errors.
Update your google search console profile: You need add a new property to your google search console that starts with Https:// and the resubmit the Https version of your sitemaps. If you have a disavow filefrom bad backlinks, you should resubmit this too. You can then delete the http version from the search console. You can update google analytics and any other search engine tools that you use.
Update your website link on other platforms: If you link to your site from YouTube, Twitter, Facebook, Instagram, Pinterest or other platforms, you should update the links there too.
You might see a small drop in your search rankings in the short term. This is because google sees your site as a new website under the Https address. Whilst there are redirects in place, you can lose 1–10% of your ranking because of the redirects. This is a short-term issue until google re-indexes your site on Https — then your rankings should improve over your unsecured site! Plus, you will be trusted by your site visitors and customers and will be contributing to making the web a more secure place.