Recently, Google has announced that it would be giving prominence to such sites those have the SSL certificate. Which means such sites should begin with HTTPS instead of HTTP. This means every traffic to and fro from the server should be encrypted so that each time visitors opens the web page it should be encrypted connectivity and the green lock in the browser address bar should be shown to start and make sure that it every connection to the site is properly encrypted.
A website with SSL (secure socket layer) does give huge benefits in terms of search engine optimisation as well as in the long run site loads quickly and loads faster. Most of the self-hosted WordPress sites do have HTTP protocol and buying an SSL protocol brings forward the extra amount of money and for this majority of webmasters avoid this. Most of WordPress website owners are single site owners and for this spending too much, money on SSL o HTTPS protocol does not feel comfortable for them.
SSL is a web cryptographic protocol which takes care of data which sends from server to user’s computer through a specific security layer and while browsing such site one green-lock on the left side of the navigation bar could be seen. This article aims to educate webmasters about how to turn self-hosted HTTP WordPress sites into HTTPS site without spending a penny.
By following this guide yours HTTP WordPress site should be converted into HTTPS (Hypertext transfer protocol secure) after enabling SSL with Cloudflare for your site. In this way, the receiving and sending of facts to your website is now properly encrypted and thus removing any chances of snooping, hijacking or spying on users as well as of your hosting.
How to Setup CloudFlare Free SSL for WordPress Blog:
SSL certificate has a public key and private key, after receiving information from the host, the servers of Cloudflare see the private key installed on the server and then with the available public key it decrypts data and then sends it to user’s computer.
In the past we have seen most of the critical websites such as banks and government agencies does need huge amount of secrecy of sending and receiving of pieces of information but with due course of time we have seen complete and much growth of use of SSL even in people sites and even Google encourages webmasters to carry out this HTTPS protocol so that internet assets can be well protected and a definite trust should be built upon all website visitors so that internet would be a safer and mightier places to roam around almost.
Before writing these tutorials, all safety measures have been taken but under any circumstances, the reader should not blame the writer as this tutorial is for the educational process and with it, the webmaster could garner and learn about it and then on his or her own idea should start implementing the forms of SSL on their site.
Due to recent Google announcement of giving prominence and importance to SSL or HTTPS as a ranking signal which also enables webmasters to go for SSL or HTTPS but due to the high amount of price associated with it most of the webmasters do not intend to move to this through hosting provider.
Cloudflare is one of the most dynamic CDN (content delivery network) services which provides the huge amount of encouragement for website owners to move towards the possibility of faster web access and now it is offering free SSL to non-HTTPS websites which means it is a boon for most word press websites to make it completely secure.
Different SSL options for Cloudflare:
Even free Cloudflare users can carry out SSL on their site and this is a great news for users. Cloudflare offers different SSL options such as off, flexible SSL, full SSL, Full SSL strict in its crypto option after adding the website with Cloudflare. Login to https://www.cloudflare.com/ and then register it and then log in to it and then add the site from the right-hand upper side of its dashboard and then add the site and click continue and Cloudflare should scan your site for DNS records for some time.
Then it should show the list of Cname, A records and MX records and then click on the grey clouds beside those and it should become the orange cloud and this means now your site is slowly moving to the Cloudflare cloud storages.
Changing of hosting name server to cloud flare name server:
Before implementing Cloudflare flexible SSL on yours HTTP site it is important that your site should be full with Cloudflare and for this, it is important to change the name servers of your hosting to Cloudflare name servers. It should show the names servers of cloud flare now and it should be two name servers considering the which plan you have been.
For the personal site the free plan is good and in the future, if you wish to shift to other plans can do it without any difficulties. Note down both the name servers of cloud flare and then open Cpanel hosting.
Login to it and reach to manage orders and then open domain registration and from there open name servers and click on it and after opening of it you should be seeing the nameservers provided to you by hosting provider and then cut both and then change both to the name server of Cloudflare which you have written just now and then update name servers. Name servers are used to point your domain name to your website or email service.
Cloudflare should give you at least two name servers and paste those servers and drop hosting name server and wait for one or two hours for DNS propagation to be completed or wait for at least 24 hours and in these time there could have been possibility of your site could be down for some time but do not worry about it and it should be live while the DNS change from yours hosting to Cloudflare DNS change completed.
Now the first part of connecting your site to Cloudflare DNS is completed. This means from now on all the A. AAAA, CNAME record of your traffic should be routed entirely through Cloudflare system. Before adding Cloudflare name server to your domain name server, it is important to remember to delete hosting nameservers and add the two assigned name servers of Cloudflare which has been assigned to you and it is important to remove all the other name servers from the system otherwise Cloudflare integration with your website should not start.
WordPress plus Cloudflare flexible SSL:
Those who have the SSL certificate from the host could carry out full SSL with Cloudflare. It could be accessed after logging into Cloudflare click on the name of the site you assigned Cloudflare which should be at the left-hand top of the website.
This tutorial is all about learning of how to make flexible SSL through Cloudflare on HTTP websites. After clicking on the name of the site in a series of menu buttons should appear from there. Click on crypto to appear its sub menus.
Crypt settings of Cloudflare manage cryptography settings for your website. The first submenu of crypto settings of Cloudflare is SSL which encrypt communications to and from your website using SSL even without an active SSL certificate and here we should be choosing flexibly. The benefits of using SSL are vast and enormous for webmasters.
It ensures that the sending and receiving pieces of information in encrypted cryptographic tunnels. The pieces of information put forward by visitors remain confidential. Your website contents have not been modified or stolen while receiving from the server to the client computer. Of course, as earlier, we have discussed the search engine rankings of your website to get the major boost from it.
Here, I perceive your website is on HTTP and in order to make it https with the help from cloud flare you should be using flexible SSL here there should be an encrypted connection between website visitors and Cloudflare but not from Cloudflare and your hosting server.
The benefits to having flexible SSL on your website is that you do not need to purchase expensive SSL certificate on your server and additionally your website visitors should see the SSL Lock green icon on their web browser. You can open https://mohanmekap.com on your web browser to see the flexible HTTPs in action.
If you disable Cloudflare settings within your host by deleting name servers then suo motto the SSL settings of your website should be deleted. In order to keep these settings on Cloudflare name servers should be there with your domain hosting provider.
The process of enabling flexible https on yours HTTP site:
Now, choose SSL and flexibility from its drop-down menu. Then reach to origin certificates and click on the create certificate to create the SSL certificate. It should show one public certificate and one private certificate. Copy the private certificate there and keep it in a secure place and then click on ok to create the certificate. Now, the next step is to paste that private certificate to your hosting server. Log into Cpanel hosting and then reach to the security of cPanle main and click on SSL/TLS. SSL/TLS manager will let you generate SSL certificate or install pre-purchased SSL certificate on hosting server.
Then reach to Private Key (Key) and open it and paste the private key you just have copied while generating the SSL original certificate from cloud flare server. Then save it and that is done and yours one part of free SSL certificate obtained from Cloudflare is now installed on your original hosting server. The public key should be staying with Cloudflare so that it could decrypt the connection to the users.
Now logout from cPanel. Wait for utmost 24 hours to see your website should be showing automatically https signs instead of HTTP. Then in crypto settings of Cloudflare scroll down further to enable ‘Authenticated Origin Pulls’, then ‘opportunistic encryption’ to turn it on. Lastly, scroll down further and reach to ‘Automatic HTTPS Rewrites’ and turned it on.
This function safely rewrites the unsecured or HTTP connection from an origin server to cloud flare server and then securely convert those resources to encrypt. Cloudflare server checked the checksum of the original HTML contents which sent to web browsers after converting from PHP and then rule set is checked so that everything should be accessible to HTTPS on.
Wait for 24 hours within these times and do not be worried about it and then on the next day open yours website with HTTP and you should be surprised to find it automatically, changes to HTTPS protocol but the green lock icon not showing and the reason for this and in the later article we would discuss it in detail.
You should be finding there could have been too much-redirected loop for your website and thus making and breaking all CSS and customisation to make your website look ugly and in the later stages we should discuss how to rectify it a must-have step but for now, after enabling of SSL on your website it has been seen that while accessing WordPress administration the front end server of WordPress, due to presence of such infinite indirect loop, it could not log into it and if you could not log into WordPress administration then how could post an update your posts and other clean up activities like removing of spam comments and so on.
How to prevent infinite redirect loop on WordPress administration the front end of word press after enabling flexible SSL:
On yours, Cloudflare dashboard and its site menu reach out to ‘Page Rules’. In simple term with page-rule, you control your Cloudflare settings by URL. In the free option of Cloudflare, three-page rules are allowed which should be enough to stop infinite redirect loop on WordPress administration at the front end and thus preventing the logging into it by the administrator.
First, create a page rule for your site;
1..Page Rule: http://yoursite.com/* (Here change it to your URL and your original URL that is with HTTP)
Then the settings are: Always Use HTTPS
Save and deploy: Click on it
2.Page Rule: http://yoursite.com/wp-admin/*
Then the settings are: Opportunistic Encryption: Off
Save and deploy: Click on it.
3.Page rule: http://yoursite.com/wp-login.php* (Watch the difference of this from page rule 1 and 2. Here at the end of wp-login.php only asterisk, not the slash. It is important)
Then the settings are: Opportunistic Encryption: Off
Save and Deploy: Click on it
Now, you have three sets of page rules out there, and the page rule 2 and 3 are meant for comfortable logging of word press administration as administrator and both these settings are turned on which means now you can smoothly logging into word press administration without facing the problems with indirect loops. Some other content delivery network did give some other option such as whitelisting of internet protocol addresses but that does not work while implementing flexible SSL on your site.
Essential WordPress plugins to be installed on WordPress administration:
After enabling flexible SSL options with your website now it is time to add some add-on at the front end of WordPress. The front end of WordPress is better known as WordPress administration where web administrator able to post articles, delete spam comments, installation of plugins and, soon.
When you run your website with cloud flare it is important to install ‘Cloudflare’ WordPress plugins so that complete assimilation of Cloudflare with front end through its plugin and back-end through its DNS settings which we have discussed in detail in earlier would be possible.
Install it on WordPress front end and then activate it. Go to its settings and login it with the same username and password of Cloudflare account you have enabled SSL for your site and then it should ask for API and for this you will have to login Cloudflare through web address and from its dashboard you could find information about API key and note down the private key and then paste it on the Cloudflare plugin of WordPress administration to authorise the same Cloudflare account.
In this way, you have enabled the option for complete synchronisation of Cloudflare account with the back end and front end of WordPress server and this creates another form of smooth sailing of your website to a considerable extent.
CloudFlare Flexible SSL
This plugin is part of CloudFlare Flexible SSL as it prevents infinite WordPress loop as the result of turning on flexible SSL. Infinite Flexible SSL does remove all customisation to the WordPress site and present only the bare bone of the WordPress site.
In order to stay afloat with the same WordPress site as it was before it is important to install this plugin into WordPress so that your site remains as it is as it was before when it was on HTTP. Download it and then activate it and no further configuration needed and you are done with it.
Install WordPress HTTPS (SSL):
That’s it and from now on, yours word press site should be loading with error-free HTTPS with green lock signal and this goes on to show how could a non HTTPS site without spending anything on it converted into fully functional flexible SSL or HTTPS site. In the later write-ups, I should be focussing more on about how to develop and generate good search engine optimisation techniques after installation of flexible SSL.
I hope you have enjoyed this article too much and should have tried on your website so that the benefits of HTTPS websites without spending anything should come at you and before doing so always go for thorough knowledge updating by reading such articles of Google search.
While implementing all these steps one need to be extremely careful and should have patience as DNS propagation takes time as well as approval of SSL certificate and authorisation of it does take time and for this you should wait for it and even if these pieces of information does not seem on your web browser, it is important to clear the privacy settings which deletes cookies and website pieces of information and then run your website to see the complete HTTPS on it. I hope you should succeed in it and enjoy the beauty of HTTPS too on your website without spending anything! Thanks to CloudFlare. Have a nice day.
- How To Use Varnish And Cloudflare For Maximum Caching?
- How to install a free TLS certificate signed by CloudFlare on your origin server?
- How To Setup Free CloudFlare CDN For Your WordPress Blog?