HTTPS relies on encryption—SSL or TLS—to securely connect a browser or app with websites. So data sent using HTTPS is secured either via Transport Layer Security protocol (TLS) or via Secure Sockets Layer (SSL). In fact, SSL and TLS are both cryptographic protocols that provide authentication and data encryption between servers, machines, and applications. Secure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between a web server and an end user. This feature always keeps a healthy atmosphere within your web projects.
Therefore, you should always protect all of your websites with HTTPS, even if they don’t handle sensitive communications. If your website isn’t secure, there are consequences. Google Is now requiring HTTPS for securing data in Chrome, labeling all non-HTTPS websites as “Not Secure.” According to their experts, if you don’t switch to HTTPS, your website could endup loosing SEO rankings and a big chunk of organic traffic.
Types of SSL Certificates
Basically, there are 6 types of SSL certificates available in the web world market that you can purchase:
- Extended Validation Certificates (EV SSL)
- Organization Validated Certificates (OV SSL)
- Domain Validated Certificates (DV SSL)
- Wildcard SSL Certificate
- Multi-Domain SSL Certificate (MDC)
- Unified Communications Certificate (UCC)
Inwhich, the DV SSL and the Wildcard SSL are the most affordable SSL certificates. Nowadays, most web hosting companies provide these SSL certificates free with their hosting plans. Even, you could find a number of trusted websites (Certificate Authorities) like SslForFree, LestsEncrypt, Cloudflare, ZeroSSL and many more who also give these SSL certificates totally free of cost.
There’s available another type of SSL certificate called the self-signed SSL certificate, which is signed by the person creating it rather than a trusted certificate authority. You can use this free SSL certificate for test and development servers where security is not a big concern.
To say, all these free SSL certificate providers are the same. On their sites, you just put some of your website’s information and validate your domain ownership. Then they will provide you a free SSL certificate within minutes which you can add to your website on your hosting panel (cPanel/Plesk), that’s it.
But today I will discuss about Cloudflare ― one of the most popular and trusted free SSL providers in the world ― which is totally different from others. Cloudflare provides you a free SSL Certificate as well as some important extra features totally free of cost to enhance your website performance. That’s why it’s different from others and I always recommend their quality products and services.
What is Cloudflare?
You can also build a security firewall as well as deploy an SSL protection around your origin server through the CDN servers to protect from harmful visitors, hackers and malicious bots.
To say, CDN servers are like the bodyguards of your origin server who always protect you and really do care for you and your real visitors.
What are the benefits of using a CDN?
The primary benefits of CDN for most users can be broken down into 4 different components:
- Improving website load times
- Reducing bandwidth costs
- Increasing content availability and redundancy
- Improved website security
To know more about Cloudflare CDN Service, read here.
Now let’s come to the point.
How to setup Cloudflare CDN service and its free SSL on your WordPress website:
Adding Cloudflare Free SSL to your WordPress website is as easy as abc with a simple 10 mins procedure. Here, I have precisely described the procedure step by step. So read carefully.
When you Add and Install WordPress on your hosting admin panel (cPanel/Plesk), choose protocol “http://” and leave blank the In Directory option. After installing, open and check your site url and WordPress admin url (http://domain.com/wp-admin). If all is ok then let’s go to the next steps to activate Cloudflare CDN service and enable its free SSL (HTTPS) on your WordPress website.
After that, Add/Enable your site on it by creating a new cloudflare account (or activate it by signing in to your existing account). To reset and activate your new cloudflare account, check your mail inbox (check also the spam or promotions sections). There will be a mail sent from Cloudflare where you can find a link to claim (reset) your new Cloudflare pasword. Your cPanel/Plesk email address will be the default email address (username) for your new cloudflare account. Note down your cloudflare login details.
Now go to your WordPress admin panel through your wp-admin link means: http://domain.com/wp-admin (*change “domain” with your own domain name). Here you can customize and edit your wordpress site.
Now add new plugin “Cloudflare by John Wineman, Furkan Yilmaz, Junade Ali (Cloudflare Team)” and activate it.
Go to your WordPress Panel Setting then click on the Cloudflare option.
Now, login/add your cloudflare account to it by giving your cloudflare Email address and API Key. API key works as an One Time Password.
To get your API key, click on the hyper-linked “here” located just below the login box. It will popup a new browser tab with your cloudflare account where you have to find API Tokens option. At the bottom of the webpage, you can find Global API Key.
Just view this Global API key to generate a new API code then copy the code and come back to your wordpress cloudfale tab and add your cloudflare account to your wordpress by pasting the API key.
After adding cloudflare:
Toggle on “Always Online” option, Apply Purge Cache on All Over Site, Apply Optimize cloudflare for wordpress and etc. (You could also setup these settings directly by signing in your cloudflare account as mentioned in the next step).
Now open a new browser tab in desktop version then go to Cloudflare sign in page and login in to your account. Select the domain you have already added. Here you have to do two things:
i) Go to SSL/TLS and select Flexible for SSL.
After that click on “Edge Certificate” option next after Overview option then toggle on “Always Use HTTPS” and “Automatic HTTPS Rewrites” options.
ii) Go to “Page Rules” and create page rule by filling up the blank with domain.com/* (replace “domain” with your own domain) and choose “Always Use HTTPS” from drop down. Save and Deploy.
After that again create another page rule by filling up the blank with www.domain.com/* (replace “domain” with your own domain) and choose the setting “Always Use HTTPS” from the drop down. Save and Deploy.
Now come back your WordPress admin panel go to Settings>General
Rename your SITE URL and SITE URL HOME from http://domain.com to http://www.domain.com (*don’t forget to replace “domain” with your own domain name). Note that the “Step 10” will be repeated again in the final “Step 12.”
Now this is the time to work with two separate free wordpress plugins on wp-admin panel that will solve all the upcoming problems related to HTTPS on your site.
i) The first plugin is “Cloudflare Flexible SSL By One Dollar Plugin.” Install and activate it.
ii) The second plugin is “WordPress HTTPS By Mike Ems.”
Go to WordPress HTTPS plugin settings and select Proxy: Yes.
The final step is nearly same as the “Step No 10.” Go to your WordPress Settings>General, now rename your SITE URL and SITE URL HOME from http://www.domain.com to https://www.domain.com (*replace “domain” with your own domain name)
Cheers! Now you have a Cloudflare enabled, SSL (HTTPS) protected WordPress website. If you face any problems to complete these steps, let us know in the comment section. We will help you.