Recently, Google said it will use HTTPS as a ranking signal. So, if you are a website owner, you might be thinking of switching to HTTPS. However, that meant purchasing an SSL certificate. Last month CloudFlare announced Universal SSL which will allow all its customers (including free users) to be able to use SSL on their sites. So now, we can have SSL on our websites without having to pay for an SSL certificate. In this article we will see how we can use CloudFlare to enable HTTPS on WordPress for free. This article assumes you are already using ClodFlare on your website.
CloudFlare provides different SSL options (Off, Flexible SSL, Full SSL, Full SSL Strict). Full SSL Strict requires purchasing an actual certificate, so I will not cover it in here. We can use Full SSL and Flexible SSL without having to purchase a certificate. For Full SSL we need an SSL certificate on your server, which can be a purchased or if you don’t want to buy one you can use a self-signed certificate. This method can be used if your host allows you to add a self-signed certificate. If you cannot add a self-signed certificate (most shared hosting don’t), then we cannot use Full SSL, instead will have to use Flexible SSL.
- Enabled Flexible SSL on CloudFlare
- Install CloudFlare Flexible SSL WordPress plugin
- Visit your site using https. The website should load in the same way as when browsing without https. If there are some issues, then some assets might be getting loaded from http instead of https. To fix this you should use protocol relative URLs in your site. Also, incase you are using forms (e.g search box), then make sure they submit to either a relative URL or a https URL, else you might see insecure content warning. You can also use plugins like WordPress HTTPS (SSL)
- Add a page rule on CloudFlare to redirect all traffic to HTTPS
This method can be used if you have purchased an SSL certificate or generated a self-signed SSL certificate. Here are the steps to enable SSL using this method.
- Add a self-signed or purchased certificate on your server
- Enable Full SSL on CloudFlare
- Visit your site using https and fix any issues as mentioned in step 3 for Flexible SSL
- Update the WordPress URLs to be HTTPS
Using either of the above two methods you can easily enable https on your WordPress site without purchasing any SSL certificate.