How to enable HTTPS on WordPress using CloudFlare

Recently, Google said it will use HTTPS as a ranking signal. So, if you are a website owner, you might be thinking of switching to HTTPS. However, that meant purchasing an SSL certificate. Last month CloudFlare announced Universal SSL which will allow all its customers (including free users) to be able to use SSL on their sites. So now, we can have SSL on our websites without having to pay for an SSL certificate. In this article we will see how we can use CloudFlare to enable HTTPS on WordPress for free. This article assumes you are already using ClodFlare on your website.

CloudFlare provides different SSL options (Off, Flexible SSL, Full SSL, Full SSL Strict). Full SSL Strict requires purchasing an actual certificate, so I will not cover it in here. We can use Full SSL and Flexible SSL without having to purchase a certificate. For Full SSL we need an SSL certificate on your server, which can be a purchased or if you don’t want to buy one you can use a self-signed certificate. This method can be used if your host allows you to add a self-signed certificate. If you cannot add a self-signed certificate (most shared hosting don’t), then we cannot use Full SSL, instead will have to use Flexible SSL.

Flexible SSL

This method does not requires adding any SSL certificate on your server, so this will be easiest method to use if you are using shared hosting.
Important: Do not change your WordPress URL to use https. If you change the URLs then you won’t be able to access your site and get too many redirects or redirect loop error. If you see this error the only way to gain access back to your site is changing the URLs back to non-https in the database.
Here are steps for this method:
  1. Enabled Flexible SSL on CloudFlare
  2. Install CloudFlare Flexible SSL WordPress plugin
  3. Visit your site using https. The website should load in the same way as when browsing without https. If there are some issues, then some assets might be getting loaded from http instead of https. To fix this you should use protocol relative URLs in your site. Also, incase you are using forms (e.g search box), then make sure they submit to either a relative URL or a https URL, else you might see insecure content warning. You can also use plugins like WordPress HTTPS (SSL)
  4. Add a page rule on CloudFlare to redirect all traffic to HTTPS

Full SSL

This method can be used if you have purchased an SSL certificate or generated a self-signed SSL certificate. Here are the steps to enable SSL using this method.

  1. Add a self-signed or purchased certificate on your server
  2. Enable Full SSL on CloudFlare
  3. Visit your site using https and fix any issues as mentioned in step 3 for Flexible SSL
  4. Update the WordPress URLs to be HTTPS

Using either of the above two methods you can easily enable https on your WordPress site without purchasing any SSL certificate.

Related posts:

  1. Protocol relative URLs
  2. How to change WordPress username
  3. How to remove WordPress version number
  4. How to remove WordPress version parameter from JS and CSS files

5 thoughts on “How to enable HTTPS on WordPress using CloudFlare”

Leave a Reply