move-your-wordpress-site-to-https

in Development

How to Get a Free SSL Certificate & Setup your WordPress Site to use HTTPS

SSL (Secure Socket Layer) is a cryptographic protocol to provide security over internet communications and protect data being transferred through a computer network.

Sites’ URLs that are encrypted using SSL begin with HTTPS (Hypertext Transfer Protocol Secure) rather than HTTP.

Our Progressive Web Apps (PWAs) are always served over HTTPS, ensuring a connection that protects sensitive information. This way visitors and site data do not get exposed to attacks and other vulnerabilities.

Another benefit of SSL encryption is that Google takes note of HTTPS in their search ranking algorithms. In other words, it is a ranking factor in search results and can have a positive impact on your SEO.

In this post, we will show you how to get a free SSL certificate and setup your WordPress site to use HTTPS.

How to add a free SSL certificate in WordPress and move to HTTPS

The first step to enable HTTPS on your website is to acquire an SSL certificate. Some WordPress hosting providers already offer free certificates with their plans. If this is not your case, you can purchase one or add a free certificate in your site.

There are different ways to get a free SSL certificate for your website’s domain. But in this article, we will only cover how to set it up from CloudFlare.

This is the easiest way to enable HTTPS because it doesn’t require installing an SSL certificate on your origin. It is not as secure as the Let’s Encrypt certificate or other options, but it does protect your visitors from a large class of threats.

There are two main phases in all this process. The first one is setting up the certificate from CloudFlare. And the second one is preparing your WordPress for the certificate. Let’s go over them in detail.

Please note: the following post is based on this guide from Jonny Jordan.

1. Setup a free SSL certificate from CloudFlare

1. Sign up to CloudFlare and select the free plan.

2. Add your domain name and follow the steps to set it up.

3. When you have registered, click on your domain name (at the upper left hand corner), and then on the Crypto section.

03_-_Cloudflare_-_Crypto_section

4. Once in the Crypto section, the first option you will see is SSL. Select Flexible from the drop down menu.

04-CloudFlare-FlexibleCertificate

Once requested, CloudFlare may take up to 24 hours to issue a certificate for you. When your Flexible SSL is active, you’ll see a green active box below the drop down menu. Please note that only when the certificate is active you can continue this process.

2. Enable CloudFlare Flexible SSL On WordPress

In order to prepare your WordPress site for Cloudflare’s Flexible SSL certificate, you will have to install the two plugins below.

CloudFlare Flexible SSL Plugin

Install this plugin from WordPress.org and activate it.

CloudFlare_Flexible_SSL_—_WordPress_Plugin

WordPress HTTPS Plugin

Install this plugin from WordPress.org and activate it.

The WordPress HTTPS plugin is useful to change all the links on your website to HTTPS but it is not mandatory.

WordPress_HTTPS__SSL__—_WordPress_Plugins

Once activated, a new HTTPS menu item should appear on the left menu of your WordPress dashboard. Click on it to go into the plugin’s settings. Then select yes for the proxy setting and save this change.

https-plugin-settings

3. Use CloudFlare to redirect your visitors to HTTPS

Go back to CloudFlare and click on the Page Rules section for your domain.

create-page-rules-cloudflare

1. Once in the Page Rules section, click on Create Page Rule.

2. Add your domain name between two asterisks. For example: http://*worona.org/*

3. Select “Always use HTTPS” from the Settings drop down menu.

4. Click Save and Deploy.

4. Change your Site Address (URL) to HTTPS

Go back to your WordPress dashboard > Settings > General.

Then change your Site Address (URL) to https:// and save.

⚠️ Make sure that you do NOT change your WordPress Address (URL). You have to leave this field as it is (http://). Otherwise, it will break your site.

Change-site-address-to-https

5. Check your site has been fully setup

After changing your site address to HTTPS, make sure that your Cloudflare Flexible SSL certificate is up and running. Visit your website in a browser and check the green lock is showing up on your address bar.

site-address-bar

That’s it!