As we all know Google has announced that it will be counting HTTPS as a ranking factor now. That means if you use HTTPS it will increase the chances of Google ranking you higher in it’s search results.
A free SSL certificate is usually a self-signed certificate and regardless of being there, the browsers will prompt visitors with a security warning (which in turn can actually be worse than not having an SSL certificate at all).
CloudFlare is a Content Delivery Network (CDN) service provider, and it offers not only a free plan but also premium plans. By signing up to CloudFlare, your website performance can increase by 60% handling tons of traffic. It can also shield you from a DDOS attack. You don’t have to pay anything to use the flexible SSL certificate from CloudFlare to put your site on HTTPS.
1. Requesting and setting up the free Flexible SSL on Cloudflare
Sign up for Cloudflare
Visit the Cloudflare sign up page. Enter your credentials and verify your email address.
Add your site
All you need to do in this step is enter the domain name of your site.
Select the free plan
Choose the free plan which should be all the way to the left.
Change your name servers
In order for the whole thing to work, you will have to point your nameservers to Cloudflare. You will need to configure this at your domain name registrar, which might be different from your hosting provider. After you have copied over the nameservers to your domain name registrar, click ‘Continue’ and you will be redirected to the settings for this domain.
Request the Flexible SSL Certificate
In case you are not seeing a page that looks like the one above, click on ‘Home’ and then click on the domain name that you added.
You will see a row of icons. Click on ‘Crypto’ and choose Flexible from the drop-down menu under SSL settings (it should be the second item in the drop-down list).
If you have pointed your nameservers to Cloudflare, as instructed in the previous step, the SSL should be active in 15 minutes approximately. This can vary depending on several factors like propagation time on your DNS, Cloudflare, etc.
If you have something else to do, check back later to see if the SSL is active and proceed.
2. Installing required WordPress plugins
CloudFlare Flexible SSL Plugin
In your WordPress dashboard, go to Plugins >> Add New, then search for the ‘Cloudflare Flexible SSL’ and install it. This plugin enables the Flexible SSL and prevents the infinite redirect loop which might occur.
HTTPS redirection plugin
The redirection plugins are required when installing CloudFlare SSL on WordPress to avoid the so-called “redirect loops”. The Cloudflare will force all of the traffic on your site to HTTPS. The server will have to respond via HTTPS as well. Therefore, you will need one of these two plugins. Depending on the site, hosting server and other settings, you might find that one plugin doesn’t work for you so you may try another one. One of them will work for you.
WordPress HTTPS (SSL)
Go to ‘Plugins’ section in your wp-admin dashboard and click on ‘Add new’. Search for the WordPress HTTPS (SSL) plugin. After installing the plugin, activate it then go to the settings and choose ‘Yes’ under Proxy.
3. Changing the WordPress Site URL
There are two URLs associated with WordPress sites: WordPress address and Site address.
The WordPress address points to the location of your admin pages, content, and other necessary directories and files. This is the core of your site which determines the way it is displayed and determines its functionality.
The Site address is where visitors land when they visit the site.
In the case of Flexible Cloudflare SSL on WordPress, we need the Site address to point to the HTTPS version of the site (served by Cloudflare). The WordPress address should remain the same as it is pointing to our hosting server which does not have an SSL certificate.
Changing WordPress address will break your site. Only change the Site Address.
Log in to your wp-admin dashboard, then go to ‘Settings’ -> ‘General’ and then just change the ‘http://’ prefix to ‘https://’. See the image bellow.
4. Enforce HTTPS via Cloudflare
After you’ve made all of the changes above in order to setup Cloudflare SSL on WordPress, there are some final redirection tweaks that you will have to make on Cloudflare. Follow these steps:
- Go back to your profile on Cloudflare
- Select your domain
- Choose ‘Crypto’ from the row of icons at the top
- Turn on the option ‘Always Use HTTPS’ (located approximately in the middle of the page)
- Check the ‘Opportunistic encryption’ and ‘Automatic HTTPS rewrites’ options. They should be enabled by default. If they aren’t, enable them now.
You can also create a Page Rule. It does exactly the same thing as the ‘Always Use HTTPS‘ option in the ‘Crypto’ tab. Page rule has a quicker response because it is processed at the edge of the Cloudflare.
Hopefully, now your website is running a Cloudflare SSL on WordPress and has a green lock. Let us know in the comments below if you enjoyed our guide.