Recently, Google has announced that it would be giving prominence to such sites those have the SSL certificate. Which means such sites should begin with HTTPS instead of HTTP. This means every traffic to and fro from server should be encrypted so that each time visitors opens the web page it should be encrypted connectivity and the green lock in the browser address bar should be shown to start and make sure that it every connection to the site is properly encrypted.
A website with SSL (secure socket layer) does give huge benefits in terms of search engine optimisation as well as in the long run site loads quickly and loads faster. Most of self-hosted WordPress sites do have HTTP protocol and buying a SSL protocol brings forward extra amount of money and for this majority of webmasters avoid this. Most of WordPress website owners are single site owners and for this spending too much, money on SSL o HTTPS protocol does not feel comfortable for them.
SSL is a web cryptographic protocol which takes care of data which sends from server to user’s computer through a specific security layer and while browsing such site one green-lock on the left side of the navigation bar could be seen. This article aims to educate webmasters about how to turn self hosted HTTP WordPress sites into HTTPS site without spending a penny.
By following this guide yours HTTP wordpress site should be converted into HTTPS (Hypertext transfer protocol secure) after enabling SSL with cloudflare for your site. In this way, the receiving and sending of facts to your website is now properly encrypted and thus removing any chances of snooping, hijacking or spying on users as well as of your hosting.
How to Setup CloudFlare Free SSL for WordPress Blog:
SSL certificate has a public key and private key, after receiving information from host, the servers of cloudflare see the private key installed on the server and then with the available public key it decrypt data and then send it to user’s computer. In the past we have seen most of critical websites such as banks and government agencies does need huge amount of secrecy of sending and receiving of informations but with due course of time we have seen complete and much growth of use of SSL even in people sites and even Google encourage webmasters to carry out this HTTPS protocol so that internet assets can be well protected and a definite trust should be built upon all website visitors so that internet would be a safer and mightier places to roam around almost.
Before writing this tutorials, all safety measures has been taken but under any circumstances the reader should not blame the writer as this tutorial is for educational process and with it the webmaster could garner and learn about it and then on his or her own idea should start implementing the forms of SSL on their site. Due to recent Google announcement of giving prominence and importance to SSL or HTTPS as a ranking signal which also enable webmasters to go for SSL or HTTPS but due to high amount of price associated with it most of webmasters does not intended to move to this through hosting provider.
Cloudflare is one of the most dynamic CDN (content delivery network) services which provides huge amount of encouragement for website owners to move towards the possibility of faster web access and now it is offering free SSL to non-HTTPS websites which means it is a boon for most word press websites to make it complete secure.
Different SSL options for cloudflare:
Even free cloudflare users can carry out SSL on their site and this is a great news for users. Cloudflare offers different SSL options such as off, flexible SSL, full SSL, Full SSL strict in its crypto option after adding website with clouflare. Login to https://www.cloudflare.com/ and then register it and then login to it and then add site from the right hand upper side of its dashboard and then add the site and click continue and cloudflare should scan your site for DNS records for some time. Then it should show the list of Cname, Arecords and MX records and then click on the grey clouds beside those and it should become orange cloud and this means now your site is slowly moving to the cloudflare cloud storages.
Changing of hosting name server to cloud flare name server:
Before implementing cloudflare flexible SSL on yours HTTP site it is important that your site should be fully with cloudflare and for this it is important to change the name servers of your hosting to cloudflare name servers. It should show the names servers of cloud flare now and it should be two name servers considering the which plan you have been. For personal site the free plan is good and in the future if you wish to shift to other plans can do it without any difficulties. Note down both the name servers of cloud flare and then open cpanel hosting.
Login to it and reach to manage orders and then open domain registration and from there open name servers and click on it and after opening of it you should be seeing the name servers provided to you by hosting provider and then cut both and then change both to the name server of cloudflare which you have written just now and then update name servers. Name servers are used to point your domain name to your website or email service. Cloudflare should give you at least two name servers and paste those servers and drop hosting name server and wait for one or two hours for DNS propagation to be completed or wait for at least 24 hours and in these time there could have been possibility of yours site could be down for some time but do not worry about it and it should be live while the DNS change from yours hosting to cloudflare DNS change completed.
Now the first part of connecting your site to cloudflare DNS is completed. This means from now on all the A. AAAA, CNAME record of your traffic should be routed entirely through cloudflare system. Before adding cloudflare name server to yours domain name server, it is important to remember to delete hosting name servers and add the two assigned name servers of cloudflare which has been assigned to you and it is important to remove all the other name servers from the system otherwise cloudflare integration with yours website should not start.
WordPress plus cloudflare flexible SSL:
Those who have the SSL certificate from the host could carry out full SSL with cloudflare. It could be accessed through after logging into cloudflare click on the name of the site you assigned cloudflare which should be at the left hand top of website. This tutorial is all about learning of how to make flexible SSL through cloudflare on HTTP websites. After clicking on the name of the site in a series of menu buttons should appear from there. Click on crypto to appear its sub menus.
Crypt settings of cloudflare manage cryptography settings for your website. The first sub menu of crypto settings of cloudflare is SSL which encrypt communications to and from your website using SSL even without an active SSL certificate and here we should be choosing flexible. The benefits of using SSL are vast and enormous for webmasters. It ensures that the sending and receiving informations in encrypted cryptographic tunnels. The informations put forward by visitors remain confidential. Yours website contents have not been modified or stolen while receiving from the server to the client computer. Of course as earlier we have discussed the search engine rankings of your website to get the major boost from it.
Here, I perceive your website is on http and in order to make it https with the help from cloud flare you should be using flexible SSL here there should be an encrypted connection between website visitors and cloudflare but not from cloudflare and your hosting sever. The benefits to having flexible SSL on your website is that you do not need to purchase expensive SSL certificate on your server and additionally your website visitors should see the SSL Lock green icon on their web browser. You can open https://mohanmekap.com on your web browser to see the flexible HTTPs in action.
If you disable cloudflare settings within yours host by deleting name servers then suo motto the SSL settings of your website should be deleted. In order to keep these settings on cloudflare name servers should be there with your domain hosting provider.
The process of enabling flexible https on yours http site:
Now, choose SSL and flexibility from its drop down menu. Then reach to origin certificates and click on the create certificate to create the SSL certificate. It should show one public certificate and one private certificate. Copy the private certificate there and keep it in a secure place and then click on ok to create the certificate. Now, the next step is to paste that private certificate to your hosting server. Log into cpanel hosting and then reach to security of cPanle main and click on SSL/TLS. SSL/TLS manager will let you generate SSL certificate or install pre purchased SSL certificate on hosting server. Then reach to Private Key (Key) and open it and paste the private key you just have copied while generating the SSL original certificate from cloud flare server. Then save it and that is done and yours one part of free SSL certificate obtained from Cloudflare is now installed on your original hosting server. The public key should be staying with cloudflare so that it could decrypt the connection to the users.
Now logout from cPanel. Wait for utmost 24 hours to see your website should be showing automatically https signs instead of http. Then in crypto settings of cloudflare scroll down further to enable ‘Authenticated Origin Pulls’, then ‘opportunistic encryption’ to turn it on. Lastly, scroll down further and reach to ‘Automatic HTTPS Rewrites’ and turned it on. This function safely rewrites the unsecured or http connection from an origin server to cloud flare server and then securely convert those resources to encrypt. Cloudflare server checked the checksum of the original HTML contents which sent to web browsers after converting from PHP and then rule set is checked so that everything should be accessible to HTTPS on.
Wait for 24 hours within these times and do not be worried about it and then on the next day open yours website with HTTP and you should be surprised to find it automatically, changes to HTTPS protocol but the green lock icon not showing and the reason for this and in the later article we would discuss about it in detail. You should be finding there could have been too much redirect loop for yours website and thus making and breaking all css and customisation to make yours website look ugly and in the later stages we should discuss how to rectify it a must have step but for now, after enabling of SSL on yours website it has been seen that while accessing WordPress administration the front end server of WordPress, due to presence of such infinite indirect loop, it could not log into it and if you could not log into WordPress administration then how could post and update yours posts and other clean up activities like removing of spam comments and so on.
How to prevent infinite redirect loop on WordPress administration the front end of word press after enabling flexible SSL:
On yours cloudflare dashboard and its site menu reach out to ‘Page Rules’. In simple term with page-rule you control your cloudflare settings by URL. In the free option of cloudflare, three page rules are allowed which should be enough to stop infinite redirect loop on wordpress administration at the front end and thus preventing the logging into it by administrator.
First create a page rule for your site;
1.Page Rule: http://yoursite.com/* (Here change it to your URL and your original URL that is with HTTP)
Then the settings are: Always Use HTTPS
Save and deploy: Click on it
2.Page Rule: http://yoursite.com/wp-admin/*
Then the settings are: Opportunistic Encryption: Off
Save and deploy: Click on it.
3.Page rule: http://yoursite.com/wp-login.php* (Watch the difference of this from page rule 1 and 2. Here at the end of wp-login.php only asterisk not the slash. It is important)
Then the settings are: Opportunistic Encryption: Off
Save and Deploy: Click on it
Now, you have three set of page rules out there, and the page rule 2 and 3 are meant for comfortable logging of word press administration as administrator and both these settings are turned on which means now you can smoothly logging into word press administration without facing the problems with indirect loops. Some other content delivery network did give some other option such as white listing of internet protocol addresses but that does not work while implementing flexible SSL on your site.
Essential WordPress plugins to be installed on WordPress administration:
After enabling flexible SSL options with your website now it is time to add some add on at the front end of wordpress. Front end of wordpress is better known as wordpress administration where web administrator able to post articles, delete spam comments, installation of plugins and, so on. When you run your website with cloud flare it is important to install ‘Cloudflare’ wordpress plugins so that complete assimilation of cloudflare with front end through its plugin and back end through its DNS settings which we have discussed in detail in earlier would be possible.
Install it within wordpress front end and then activate it. Go to its settings and login it with the same user name and password of cloudflare account you have enabled SSL for yours site and then it should ask for api and for this youwill have to login cloudflare through web address and from its dashbaord you could find information about API key and note down the private key and then paste it on the cloudflare plugin of wordpress adminstration to authorise the same cloudflare account. In this way, you have enabled the option for complete synchronisation of cloudflare account with the back end and front end of wordpress server and this creates another form of smooth sailing of your website to a considerable extent.
This plugin is part of CloudFlare Flexible SSL as it prevents infinite wordpress loop as the result of turning on flexible SSL. Infinite Flexible SSL does remove all customisation to wordpress site and present only the bare bone of wordpress site. In order to stay afloat with the same wordpress site as it was before it is important to install this plugin into wordpress so that your site remains as it is as it was before when it was on http. Download it and then activate it and no further configuration needed and you are done with it.
That’s it and from now on, yours word press site should be loading with error free HTTPS with green lock signal and this goes on to show how could a non HTTPS site without spending any thing on it converted into fully functional flexible SSL or HTTPS site. In the later write ups I should be focussing more on about how to develop and generate good search engine optimisation techniques after installation of flexible SSL. I hope you have enjoyed this article too much and should have tried on your website so that the benefits of HTTPS websites without spending anything should come at you and before doing so always go for thorough knowledge updating by reading such articles of Google search.
While implementing all these steps one need to be extremely careful and should have patience as DNS propagation takes time as well as approval of SSL certificate and authorisation of it does take time and for this you should wait for it and even if these informations does not seem on yours web browser, it is important to clear the privacy settings which deletes cookies and website informations and then run yours website to see the complete HTTPS on it. I hope you should succeed on it and enjoy the beauty of HTTPS too on your website without spending anything! Thanks to CloudFlare. Have a nice day.