secure

To make a website HTTPS, firstly get an SSL certificate for the domain, install it on the server and change the website permalinks from http to https.

A lot of WordPress sites are on shared-hosting servers with cPanel provided as the control panel hence a shared-hosting will be use as the base of this tutorial. If your website is on a dedicated server or VPS, this tutorial is still applicable but the process on getting it done varies with servers.

To follow along with this tutorial, ensure your shared-hosting has SSL/TLS activated. If absent, contact your host and request it. They might charge to activate it.

To check if it is activated, login to cPanel and you should see an

SSL/TLS manager

under the Security widget.

Getting an SSL Certificate

There are various kinds of SSL certificates. They are basically categorized into three groups: Domain Validation, Organization Validation and Extended Validation.

Domain-level validation is the most basic type of SSL and are generally the least expensive.
These certificates provide basic encryption, are issued very quickly and involve a simple check to verify domain ownership.
Organization-validated SSL certificates include authentication of the business or organization behind the domain. This provides a higher level of security and lets customers know they can trust your server with their personal information.
Extended validation is top of the line. With extended validation, the certifying authority conducts a very in-depth examination of your business before issuing the certificate. This type of SSL provides the highest degree of security and user trust.

Here is a guide from Namecheap on what SSL certificate to choose.

There are lots of companies selling SSL Certificates online, such as SSLs.com, Media Temple, GoDaddy, Comodo and Namecheap.