Installing an SSL certificate is a key step in making your website secure, but the job isn't done yet.
After installation, you need to take a few important steps to make sure your site runs fully over HTTPS and avoids security warnings like “Not Secure” messages or mixed content errors.
This guide walks you through what to do right after installing an SSL certificate on your Cloudways-hosted website — including how to force HTTPS, fix common issues, and check if everything is working correctly.
These steps are especially useful for WordPress users, but some tips apply to other web apps as well.
Table of Contents:
Recommended Measures After Installing SSL Certificate
Once your SSL certificate is installed, it’s important to apply a few extra measures to make sure your site is fully protected.
An SSL certificate alone does not guarantee complete security — issues like unsecured links, redirect conflicts, or mixed content can still expose your visitors to risks.
To help strengthen your website’s protection, Cloudways recommends the following post-installation steps.
These actions will ensure your site consistently loads over HTTPS, avoids browser warnings, and maintains a trusted experience for your users.
Following are some security measures that you should take after deploying an SSL Certificate.
1. Force Redirection from HTTP to HTTPS
Even after installing an SSL certificate, users can still access your website by typing http:// instead of https://, which can leave connections vulnerable.
To ensure that all traffic to your site is encrypted and secure, it's essential to redirect all HTTP requests to HTTPS.
Redirecting to HTTPS ensures visitors are always served the secure version of your website, helping prevent security risks and browser warnings.
How to do it:
If you’re using the Cloudways Platform, you can easily enable HTTPS redirection from the application settings.
If your website is built with WordPress, you can also use plugins like Really Simple SSL to manage redirection.
Avoid setting up multiple redirection rules from different sources (e.g., Cloudflare, web server, plugin) as this may cause conflicts.
2. Enable HSTS (HTTP Strict Transport Security)
To take HTTPS security a step further, Cloudways recommends enabling HSTS — a browser-side policy that tells browsers to only connect to your website over HTTPS, even if a user or third-party tries to use HTTP.
HSTS helps:
Block SSL protocol downgrade attacks.
Prevent cookie hijacking.
Speed up repeat visits by removing the need for a redirect from HTTP to HTTPS.
One common vulnerability without HSTS is SSL Stripping, a form of Man-in-the-Middle (MITM) attack where an intruder downgrades the secure connection back to HTTP.
HSTS protects your site against this type of attack by enforcing HTTPS at the browser level.
Read more about this and about the procedure of enabling the HSTS policy here.
These essential steps will ensure that you are making the most out of security features offered by Cloudways to protect your visitors and make the communication between visitors and your website as secure as possible.
That’s it! We hope this article was helpful.
Need Help?
If you need assistance, feel free to:
Visit the Cloudways Support Center
Chat with us: Need a Hand > Send us a Message
Or create a support ticket anytime.
We're here 24/7 to help you!