A WordPress site is not really live until two things have happened: the domain you want visitors to type points to your hosting, and the site is served securely over HTTPS. Both sound trivial and both occasionally go sideways — propagation delays, mixed-content warnings, certificates that will not issue because DNS has not caught up yet. This guide walks through every step from buying a domain to forcing HTTPS site-wide on a smartxhosting.uk plan, with the common failure modes called out as we go.
Why domains and SSL matter · Registering a domain · Pointing DNS to SmartXHosting · Adding the domain in Plesk · Installing the free Let's Encrypt SSL certificate · Forcing HTTPS across WordPress · Fixing mixed-content warnings · www or non-www: picking a canonical host · When you need an OV or EV certificate · Why HTTPS still matters (and what it changed in 2018) · Frequently asked questions
Your domain name is the address visitors type into a browser to reach the site. It is the signage on the shop window. An SSL/TLS certificate is the encryption layer that keeps the conversation between visitor and server private — the padlock in the address bar confirms that nobody can read, intercept or tamper with the traffic between the two. Without it, Chrome, Firefox, Safari and Edge all display a "Not Secure" warning on every page.
For a UK business these are not "nice to have" items. The ICO regularly points to transport-layer encryption as a baseline requirement under UK GDPR for any site collecting personal data. Google has used HTTPS as a ranking signal since 2014, and as of 2018 Chrome marks any plain-HTTP page with an unmissable warning. There is no credible reason to run a modern WordPress site without a domain and a working certificate.
If you do not already own a domain, you can buy one through smartxhosting.uk or any registrar — Namecheap, Google Domains (now part of Squarespace), GoDaddy, Nominet-accredited registrars for .uk. For a UK-focused audience the usual choices are:
.co.uk — the classic UK business domain, Nominet-registered, widely trusted by UK visitors. Typical price GBP 8–12 per year..uk — the shorter second-level version of the same registry. Harder to find available, often held by the owner of the matching .co.uk..com — fine if your business trades internationally, still the default for global brands. Typical price GBP 10–15 per year..org.uk — conventional for charities and community organisations..wales / .cymru, .scot, .london — regional extensions if your audience is specifically Welsh-, Scottish- or London-focused.Domain naming guidance — keep it short, avoid numerals and hyphens, make it easy to say out loud without spelling. Avoid using someone else's registered trade mark even in a subdomain; Companies House and the Intellectual Property Office are both forgiving in isolated cases but unpleasant if they catch someone trying to coast on a competitor's name.
When you register a domain through smartxhosting.uk, DNS is configured automatically to point at your hosting account — no manual nameserver changes are needed. This is the simplest path because there is no waiting on a third-party registrar's change.
If you registered the domain somewhere else, you need to update its nameservers to the values in your smartxhosting.uk welcome email. In practical terms:
Nameserver changes propagate across the global DNS infrastructure over 1–48 hours. In practice most change within 1–4 hours for users with standard ISP DNS resolvers. During this window some visitors will see the new server and some the old; you cannot force it faster than the original TTL allows.
If you want to verify propagation without guessing, use a free DNS propagation checker (dnschecker.org, whatsmydns.net, etc.) and paste your domain. You will see a map showing where the new nameservers have taken effect and where they have not.
Once DNS is pointing at smartxhosting.uk, the server still needs to know it should answer requests for that domain.
Use the Plesk URL and credentials from your smartxhosting.uk welcome email. The Plesk login URL is typically on port 8443 and looks like https://your-server.smartxhosting.uk:8443.
In the left sidebar: Websites & Domains > Add Domain. Enter the domain (e.g. yourdomain.co.uk), choose hosting type (Website Hosting with default WordPress toolkit is usual), and save. Plesk creates the document root, DNS zone and mail configuration in one go.
Plesk sets up the standard records automatically:
www pointing at the bare domainDefaults are correct for almost every site. Review under Websites & Domains > DNS Settings if you need to add records for external services (Google Workspace email, Cloudflare proxy, DMARC, etc.).
If you had WordPress running on a temporary domain or subdomain and want to switch to the new one, change the primary domain in Plesk (Websites & Domains > Hosting Settings), then update Settings > General inside WordPress. Clear all caches afterwards — Plesk, LiteSpeed Cache, browser, CDN.
Every smartxhosting.uk WordPress plan includes free Let's Encrypt SSL. The certificate is issued through Plesk and automatically renews every 60–90 days. You never have to do anything after the initial setup.
In Plesk, go to Websites & Domains, pick the domain, and click SSL/TLS Certificates. You will see the Let's Encrypt section at the top and a list of any existing certificates below.
Click Install (or Get it free) under Let's Encrypt. Tick:
www., mail., staging., etc.) in one certificate. Recommended.webmail. subdomain used by Roundcube.Double-check the email address — Let's Encrypt uses it for renewal failure notifications.
Click Get it free. Plesk performs an HTTP-01 challenge (a wildcard certificate requires DNS-01, which Plesk handles automatically if you use the built-in DNS). The check, the certificate signing request, and the install usually complete in under a minute. When done, a green padlock appears next to the domain in the Plesk Websites & Domains list.
Common cause of failure: DNS not yet propagated to the Let's Encrypt validation servers. If issuance fails, wait 15–30 minutes and try again, or check propagation with dnschecker.org first.
An installed SSL certificate does not automatically redirect HTTP visitors to HTTPS. You need a redirect, or else visitors typing http://yourdomain.co.uk will see the insecure site and a "Not Secure" warning even though the padlock works when they visit https://.
The fastest and most reliable method because it redirects before PHP or WordPress is even invoked.
All HTTP requests are now issued a 301 redirect to the HTTPS equivalent, which preserves SEO link equity.
Regardless of the redirect method, update the WordPress URL fields:
https:// version.Only do this after the SSL certificate is working. Changing to HTTPS before the certificate is installed will lock you out of the dashboard. If that happens, use WP-CLI in Plesk:
wp option update siteurl 'http://yourdomain.co.uk' wp option update home 'http://yourdomain.co.uk'
Reverts the URLs to HTTP so you can get back in, fix the certificate, and try again.
Once the site has been running cleanly on HTTPS for a few weeks, consider enabling HSTS. This tells browsers "always use HTTPS for this domain, even if the user types http". In Plesk: Websites & Domains > Apache & nginx Settings > Additional HTTP response headers or via an .htaccess entry:
Strict-Transport-Security "max-age=31536000; includeSubDomains"
Once HSTS is active, removing HTTPS from the site becomes difficult — browsers remember the instruction for up to a year. Only enable it when you are sure the HTTPS setup is solid.
After switching to HTTPS the padlock may still show a warning or be missing entirely. The usual culprit is mixed content — the HTML page is served over HTTPS, but some resource (an image, stylesheet, script or font) is still referenced with an http:// URL hard-coded in the database or a theme file.
Browsers either block mixed content outright (scripts, stylesheets) or load it but strip the padlock (images, media).
Best for non-technical owners.
http://yourdomain.co.uk. Replace with: https://yourdomain.co.uk.Plesk's WordPress Toolkit has a WP-CLI button for every site. Run:
wp search-replace 'http://yourdomain.co.uk' 'https://yourdomain.co.uk' --all-tables --dry-run
Review output, remove --dry-run, run for real. Completes in seconds for all but the largest sites. WP-CLI is also PHP-aware, which means it handles serialised data correctly — some plugins store URLs inside serialised arrays that a raw SQL search-and-replace would break.
A popular plugin that fixes mixed content automatically at page-render time using output filtering. Trade-off: it adds a runtime cost to every page load. Worth considering on sites where you cannot easily edit the database but not ideal as a permanent solution.
Cached HTML still contains the old HTTP URLs until refreshed. After running search-and-replace:
Every site has two versions of its URL — with and without the www prefix (www.yourdomain.co.uk vs yourdomain.co.uk). Both usually work once DNS and hosting are set up, but Google treats them as two separate sites. Pick one as canonical and redirect the other.
Which one? Historically www was the convention; modern taste leans toward the bare domain (shorter, cleaner). Either is fine — but pick one and stick with it. In Plesk you can set the redirect under Websites & Domains > Hosting Settings. In WordPress, make sure the URL you pick matches what is set in Settings > General.
Free Let's Encrypt certificates are "Domain Validated" (DV) — the Certificate Authority simply checks that the person requesting the certificate controls the domain. For most UK sites that is sufficient; browsers show the padlock identically regardless of validation level.
Two higher-validation tiers exist:
Historically EV certificates showed a green bar with the company name in the browser address field — that UI treatment has been removed from every major browser since 2019, so the visual benefit is gone. EV is still occasionally required for compliance reasons (PCI-DSS Level 1 merchants, regulated financial services, high-security government suppliers) but rarely a commercial necessity for a typical UK SME.
For most smartxhosting.uk WordPress sites, the free Let's Encrypt DV certificate is fully sufficient.
Running over HTTPS gives five tangible benefits:
How long does DNS propagation actually take?
Officially up to 48 hours. In practice, most ISP resolvers pick up nameserver changes within 2–4 hours. If a specific visitor is still seeing the old IP after 24 hours, the issue is usually their router or local machine caching DNS — flushing the cache or rebooting the device typically fixes it.
Can I get SSL before my domain propagates?
No. Let's Encrypt validates by connecting to your domain and fetching a challenge file. If the domain still points elsewhere, validation fails. Wait for propagation (check with dnschecker.org) before issuing the certificate.
What happens when my Let's Encrypt certificate expires?
Plesk renews automatically every 60–90 days. If renewal fails (usually because of a DNS change that broke the validation), you get an email from Let's Encrypt 20 days before expiry and the Plesk dashboard flags it visibly. Worst case, re-issue manually from the SSL/TLS Certificates page — it is the same two-click process as the original install.
Do I need SSL on my staging site?
Yes, if staging is publicly accessible. smartxhosting.uk's staging clones via Plesk WordPress Toolkit inherit SSL from the primary domain's wildcard certificate, so staging URLs are automatically HTTPS. This prevents mixed-content issues when you promote staging changes to production.
Can I move my domain from another registrar to SmartXHosting later?
Yes. Get an authorisation code from the current registrar, initiate the transfer on the SmartXHosting side, and approve any confirmation emails. Domain transfers take 5–10 days to complete, during which the existing DNS continues working uninterrupted.
Why does my site still say "Not Secure" after installing SSL?
Either the WordPress URL fields are still set to http:// (Settings > General), the hosting-level HTTP → HTTPS redirect is not enabled, there are mixed-content resources in pages or CSS, or a stale cache is serving the old version. Work through those in order.
Is Cloudflare's free SSL enough, instead of Let's Encrypt at the server?
Cloudflare's "Flexible SSL" mode encrypts only between visitor and Cloudflare — the link from Cloudflare to your origin server is still HTTP. That is weaker than end-to-end encryption. Use Cloudflare in "Full (Strict)" mode with Let's Encrypt (or an Origin CA certificate) on the origin. For most UK sites, Let's Encrypt directly on Plesk without Cloudflare in front is simpler and just as secure.
What about multi-domain certificates?
The Plesk Let's Encrypt integration can issue a Subject Alternative Name (SAN) certificate covering multiple unrelated domains if they are hosted on the same Plesk account. Useful for bundling hosts together. The wildcard option covers all subdomains of one domain, which is the more common need.
Can I use the same SSL certificate for email?
Yes. Tick Secure the mail server when issuing the certificate. This installs the certificate on the SMTP and IMAP services too, so mail clients connect over TLS without certificate warnings. For most UK customers using smartxhosting.uk's bundled email this is already covered by the wildcard option.
Where do I change the WordPress URL if I am locked out?
Two ways: edit wp-config.php and add define( 'WP_HOME', 'https://yourdomain.co.uk' ); and define( 'WP_SITEURL', 'https://yourdomain.co.uk' );, or use WP-CLI in the Plesk Toolkit with wp option update siteurl. The wp-config approach overrides the database values and is fastest for emergency recovery.
Launch your WordPress site on smartxhosting.uk
UK hosting with the Plesk WordPress Toolkit, LiteSpeed Cache, Redis object caching, free Let’s Encrypt SSL, free CDN and daily backups — from £2/month.
View WordPress hosting plans →