The HTTPS report in Google Search Console shows whether your site is being served securely and whether Google is seeing any mixed content or certificate issues. HTTPS is a confirmed Google ranking signal and a basic security requirement for any modern website. Here’s what the report shows and what to do if you see errors.
Why HTTPS matters for SEO
Google has used HTTPS as a ranking signal since 2014. Sites without HTTPS get a small ranking penalty — not enough to destroy rankings on its own, but in competitive niches every signal counts. More importantly, browsers like Chrome show a “Not Secure” warning on HTTP pages, which destroys user trust and increases bounce rates.
Beyond rankings, HTTPS encrypts the connection between your server and the visitor’s browser, protecting form submissions, login credentials, and payment data. It’s non-negotiable for any serious site.
What the HTTPS report shows
In Google Search Console → Experience → HTTPS, you’ll see:
- HTTPS pages: URLs Google found that are correctly served over HTTPS
- Non-HTTPS pages: URLs still being served over HTTP — these need fixing
- Reasons for non-HTTPS status: Google categorises the issues by type
Common HTTPS issues and fixes
Pages served over HTTP
The page URL starts with http:// instead of https://. Your SSL certificate may not be installed, or your WordPress site isn’t configured to use HTTPS.
Fix:
- Install an SSL certificate — most hosts (Hestia, cPanel, Cloudflare) provide free Let’s Encrypt certificates
- In WordPress → Settings → General, change the Site URL and WordPress URL from
http://tohttps:// - Add a 301 redirect from HTTP to HTTPS in your
.htaccess(Apache) or Nginx config
Mixed content
The page itself is served over HTTPS, but it loads resources (images, scripts, stylesheets) from HTTP URLs. Browsers block these or show warnings, and Google flags the page as not fully secure.
Fix: Find all HTTP resource references in your content and update them to HTTPS. Use a plugin like Better Search Replace to update URLs in your database, or use Cloudflare’s Automatic HTTPS Rewrites feature if you’re behind Cloudflare. Also check your theme’s hardcoded assets — any http:// URLs in your theme files need updating.
Invalid SSL certificate
Your SSL certificate is expired, self-signed, or configured incorrectly. Google treats this the same as no HTTPS.
Fix: Renew your SSL certificate. Let’s Encrypt certificates expire every 90 days — most hosts auto-renew them, but if the auto-renewal fails you’ll get this error. Check your host’s control panel or run certbot renew on the server if managing SSL manually.
Certificate doesn’t cover this domain
Your SSL certificate is valid but was issued for a different domain. Common when you’ve recently migrated from one domain to another, or if your certificate doesn’t cover both www and non-www variants.
Fix: Issue a new SSL certificate that covers your exact domain and the www variant.
Checking your HTTPS setup outside Search Console
Use these free tools to diagnose HTTPS issues in detail:
- SSL Labs: ssllabs.com/ssltest — comprehensive SSL certificate analysis, grades your configuration A through F
- Why No Padlock: whynopadlock.com — finds mixed content issues on any page
- RankAlSEO Meta Checker: rankalseo.com/tools/meta-checker.html — checks your page’s full SEO setup including canonical (which should use HTTPS)
How HTTPS and the RankAlSEO plugin interact
The RankAlSEO plugin outputs canonical tags, sitemap URLs, and Open Graph tags using the URL format WordPress is configured to use. If your WordPress Site URL is set to https:// in Settings → General, all of these will correctly use HTTPS. If it’s still on http://, the plugin will output HTTP URLs in meta tags — which can confuse Google about your canonical URL.
Always make sure your WordPress Site URL and Home URL both start with https:// before worrying about anything else.
Setting up the correct redirect
Once HTTPS is configured, make sure all HTTP traffic redirects to HTTPS with a 301 (permanent) redirect. For Apache, add to your .htaccess:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]For Nginx, add to your server block:
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
return 301 https://$host$request_uri;
}After adding the redirect, go to Settings → Permalinks → Save Changes in WordPress to flush rewrite rules — the same fix as for sitemap 404s. See: WordPress Sitemap Returns 404? Here’s the Fix
Action steps
- Go to Search Console → Experience → HTTPS
- Check the ratio of HTTPS to non-HTTPS pages
- If you have non-HTTPS pages, click in to see which URLs and what reason
- Run your site through SSL Labs to check your certificate
- Make sure WordPress Settings → General has
https://URLs - Confirm your
.htaccessor Nginx config redirects HTTP → HTTPS - Use Why No Padlock to check for mixed content on your homepage
That’s the complete Google Search Console series. You now understand every major report — Performance, Pages, Sitemaps, URL Inspection, Core Web Vitals, and HTTPS. The RankAlSEO plugin handles the SEO layer of all of these automatically — schema, sitemaps, canonicals, meta tags, and the webmaster verification codes for Search Console setup.
If you’re on the free plan and want to unlock the full suite — rank tracking, AI content generation, full-site audits, and priority support — upgrade to RankAlSEO PRO from €5.99/month.
RankAl SEO PRO gives you unlimited AI content generation, daily rank tracking, full-site audits, and WooCommerce SEO — all inside WordPress. From €8.99/month.
