It’d be hard to overstate the importance of security when hosting a public-facing website. Every site on the Web is under the constant threat of attack. So, what can you do?
One way to help protect your site and the people visiting it is through the use of SSL certificates. SSL certificates allow all traffic going between your site and its visitors to be encrypted, preventing attackers from viewing or modifying it.
It’s not always easy to get SSL certificates set up on a WordPress site. A large number of WordPress sites run on shared hosting, which is usually very limited. If you’re on shared hosting, your host is probably preventing you from installing your SSL certificates in order to sell you theirs, or they’re going to charge you a premium to do so. Either way, that doesn’t make a whole lot of sense to spend a bunch of money and probably double your hosting costs to get SSL on your small WordPress site. CloudFlare offers a reasonable alternative in the form of its free Flexible SSL certificate.
Create a CloudFlare Account
Go over to CloudFlare and sign up. You need to give them an email address and a password. After, they’ll ask you for the domain name that you want to use to sign up for CloudFlare. They’ll scan the DNS records of your site and list them for you. They’ll display the records with a gold cloud that they can enable their CDN on. It’s up to you if you want to use their CDN service or not. Clicking on the clouds will switch it off.
When you’ve selected your records, continue. The next screen will let you select your plan. Unless you want one of the paid ones, select the free plan.
CloudFlare will then ask you to change your DNS servers to theirs. This has two purposes. It allows CloudFlare to redirect requests to the HTTPS version of your site, and it allows them to act as a CDN for your content. This process is heavily dependent on your host or DNS provider, so that’s something that you’ll need to check in their documentation. In every case, though, it’ll amount to copying the web addresses from CloudFlare over to your DNS provider and updating.
For this process to actually finalize, it’ll probably take a few hours, but it can be up to a day. Be patient. It will get there eventually.
After you’re done, you’ll be dropped into the CloudFlare dashboard. At the top you’ll see a box with a lock icon labeled “Crypto.” Click on it.
In the first box on that page you’ll see a dropdown for SSL. Select “Flexible.” CloudFlare will automatically set up the cert, but it’ll take some time.
You’re going to need a WordPress plugin to make this all work. It connects with CloudFlare to integrate the SSL cert with your site.
Log in to WordPress and head to the Plugins tab. Search for “CloudFlare Flexible SSL.” Install the plugin.
Always Use HTTPS
Back on the CloudFlare website, return to the “Crypto” section and scroll down until you see a switch to always use HTTPS. Switch it on.
That’s it! Check that your site is now using HTTPS for all of its connections. If it is, everything is configured properly and working as intended.