“How to get a free SSL certificate” or “how to set up Cloudflare free SSL to WordPress” are a few commonly asked questions since Google decided to display all HTTP sites as “not secure” in the newer releases of the Chrome browser. (Source: Google Security Blog)
Nowadays, using HTTPS is a no-brainer because secure sites have an advantage in search engine ranking, even if they are not handling sensitive data.
Yes! You have heard right that Google is counting HTTPS as a ranking signal for its organic search results. (Source: Google Security Blog)
The websites that want to appear more professional & authentic are expected to run under HTTPS.
And, for any site that uses a CMS (Content Management System), securing sensitive information like admin login credentials and user-submitted data should be the priority.
But what’s the HTTPS?
While browsing the internet, you might have observed that the page URL starts with HTTP or HTTPS.
HTTP means Hypertext Transfer Protocol, which controls data transmission over the web, whereas HTTPS stands for Hypertext Transfer Protocol Secure, a secured version of regular HTTP.
Adding HTTPS to your site has many advantages, including some mentioned below:
Benefits of HTTPS or SSL certificates
- Encryption of data transmission carried between the user and the server.
- Keeps data away from hacking to steal your sensitive information.
- No access to an unauthorized person making any third-party very difficult to spy on you.
- Restricts cyber-criminals from redirecting your visitors to their site.
- Ensures the privacy and integrity of the data exchanged, which enhances the trust and reliability of your brand.
You may wonder, if HTTPS is a vital part of website performance & SEO, why aren’t all websites secured or use HTTPS?
Your question is legit but historically, adding HTTPS to websites to secure it required additional cost, and obtaining a certificate was very complicated.
But you need not worry about that.
Now, anyone can secure their site by paying zero to a few bucks for an SSL certificate that offers encrypted data transfer to their site. And the overall process is simply fool-proof.
I’m sure you are excited to know how to get a free SSL certificate.
But, here you have other bonuses too. You will get a free CDN (content delivery network), a performance booster, and many security features.
Do you know the best part of this?
This complete package is available for free. Thanks to CloudFlare’s concerted efforts to remove the barriers to protect your site(s) and help to improve its performance.
In this article, I will explain how to set up Cloudflare Free SSL to secure your site. However, you can get one of its premium plans for better protection and extended features or switch to other SSL certificate providers.
Important: Let’s Encrypt is another free SSL certificate authority brought to you by the ISRG (Internet Security Research Group), but currently does not support all hosting services. You can ask your web host support whether they support Let’s Encrypt or not.
Otherwise, you can move your website to GreenGeeks and get Let’s Encrypt SSL and free CDN to achieve instant performance improvement.
In your web hosting cPanel, you can activate both these features easily with a few clicks.
Plus GreenGeeks team will handle your site migration without any extra charge.
Setup Cloudflare Free SSL to Your WordPress Website
This starts with signing up for a free account with CloudFlare and integrating all the required settings to receive the free SSL and other performance benefits.
Signing up for Cloudflare
To avail of free SSL and CDN from Cloudflare, you need to have a site live on the web or one that is ready for launch.
The whole process of registration is simple. You only need to play with your email address, where you can access your credentials and receive account-related emails.
When you register on CloudFlare for the first time, it directs you toward migrating your domain name. The user-friendly wizard of Cloudflare will help you when you move ahead and change it as your DNS provider.
It’ll scan your DNS configuration to detect DNS settings and allow you to update those settings by changing your nameservers.
Here’s a complete tutorial on how to set up a Cloudflare Free SSL certificate for your WordPress website.
Setting Up the Cloudflare Free SSL Certificate
Step 1: Create a self-hosted WordPress website.
Step 2: Sign up for a free Cloudflare account with a valid email address and password.
No credit card is required for a free forever plan. You can log in if you have an existing account with Cloudflare.
Step 3: At the dashboard, select the ‘Add Site’ option and place your site’s URL there. Start scan to check DNS settings, and at the next step, add DNS record to run traffic over Cloudflare.
Step 4: Select the suitable plan (Free in this case) according to your desired features.
Step 5: Cloudflare will give you nameservers to replace your default ones. Change your nameservers to the custom nameservers provided by Cloudflare and save the settings.
Step 6: Finish the setup process and wait 24 hours before Cloudflare provides the free SSL.
Step 7: Set the recommended options from your Cloudflare dashboard and WP admin.
Step 8: Test the site to verify whether it is running under HTTPS or not. Otherwise, recheck your settings.
Updating Nameservers
You’ll need to sign in to your domain name registration account and change the default nameservers.
In most cases, you will find this under the Manage DNS setting of your domain name account.
Set the option to custom nameservers and replace the default ones with those provided by Cloudflare.
If you cannot use custom nameservers, try again after removing the registrar lock or contact the support team to guide you further.
Wait for some time to take effect after you make changes. It’ll take a few minutes, but you will not experience any downtime due to this process.
Finish the setup, and you can see the status of your site on the Cloudflare dashboard as Active. Now, you have to play with a few options to get the maximum benefit from CloudFlare’s free plan.
Using Cloudflare’s Official WordPress Plugin
If you are using a WordPress website, Cloudflare has a free WP plugin to take advantage of their service.
Just install and activate the plugin and enter the API key, which is available on your Cloudflare account dashboard.
Go to WP–Admin > Plugins > Add New > Cloudflare and complete installation process. You can either sign up for Cloudflare or log in to the existing account to get an API key to activate the plugin.
Set the recommended options for security, performance, and speed. Ensure you have switched to the Automatic HTTPS Rewrites option from Cloudflare plugin settings.
However, don’t forget to set a secure URL like https://abcd.com for the WordPress address and Site address from your WP admin settings under the General tab.
Important: Google treats http://abcd.com and https://abcd.com as different sites, so make sure you submit all URL versions to the Google Search Console and use proper redirects.
Cloudflare Free Plan Features
With a free plan of CloudFlare, you can get many useful features needed for the WordPress website. Here, I will discuss as many of them on the go.
1. Overview
On this tab, you can check the status of your website, security level, and the type of SSL certificate. You can also manage the subscriptions from here.
2. Analytics
The Cloudflare Analytics feature displays all stats in a single place where you can see the different performance and security-related threads, such as web traffic, unique visitors, bandwidth, and security threats.
Geographical statistics are also available under the Analytics tab.
3. DNS
Under DNS (Domain Name System) setting, you can add or change the DNS records. At the bottom, you can see the nameservers you have assigned.
Cloudflare allows CNAME flattening that follows a CNAME where points and returns that IP addresses instead of CNAME records.
By default, it flattens the CNAME at the root of your domain only, i.e., successpixel.com, in my case.
CNAME flattening helps free you from being tied to a single IP which is inherently risky, and it’s the only way to standardize HTTPS with the root domain.
DNSSEC is another feature that protects against forged DNS answers.
4. Crypto
You can manage SSL certificates under the Crypto tab. Different encryption and security options are available to configure on that page.
When you sign up for a free SSL at CloudFlare, select the recommended options here to get maximum protection for free.
5. Firewall
A firewall protects you against malicious attacks, and Cloudflare does its job finely. You can also switch various security options here, like rate limiting and access rules, to set the site security and allow access to specific IP addresses.
You will need to upgrade to the Business plan or higher for advanced DDoS protection.
6. Speed
Cloudflare gives free as well as paid features under the Speed menu. For example, with the free plan, you can Auto Minify different codes (JavaScript, HTML, and CSS) and speed enhancement features for mobile links.
7. Caching
Caching helps you serve content from cache memory, improving browsing speed and, thus, the user experience.
You can manage different caching options from the Caching menu like purge cache, caching level, browser cache expiration, etc.
8. Page Rules
With page rules, you can control your Cloudflare settings by URL.
Cloudflare free account offers three-page rules to trigger specific settings.
9. Network
The Network menu has features to manage the network settings for your websites.
It helps to improve network efficiency.
10. Traffic
This menu helps control and manage the traffic and review the firewall events.
11. Customize
Under customize menu you can personalize the error and challenge pages that CloudFlare presents to your visitors. But, you need to buy the upgrade to almost every plan.
12. Apps
From the Apps menu, you can integrate different apps into your site.
These apps include Google Analytics, Webmasters tools, and a few ad programs.
13. Scrape Shield
Scrape Shield helps you protect the content on your site.
You will get different options, including Email Address Obfuscation protecting emails from spammers, server-side excludes, and hotlinking of static contents like images.
Testing Website Under HTTPS
Once you have completed with setup, try to load your site URL under HTTPS instead of HTTP making it the default mode to ensure the website’s functionality.
You can try loading the site from multiple browsers and devices, browsing some pages and logging in, etc.
Initially, you need to wait for at least 24 hours to get SSL active, if you do not see one. You can use different tools like SSL checker to ensure SSL certification.
How to Add Cloudflare Free SSL Certificate on WordPress Website: Summary
This was the complete process of setting up Cloudflare free SSL. It’s a good option for simple blogs that provide information and don’t sell any products.
For an e-commerce website or one which processes sensitive information, you should always be using an SSL certificate from a trusted source.
Currently, Cloudflare provides a flexible SSL certificate for free that encrypts the data transfer between the user’s browser and the Cloudflare server. The further travel of data is on HTTP only, which is not encrypted.
With Full and Full (Strict) SSL, you can get the benefit of end-to-end encryption, but you’ll need to pay for a valid certificate.
You can choose a good web host that provides free SSL. Otherwise, purchase a valid SSL certificate from a trusted source.
Stay Secure, and Stay Happy!
You May Also Like
Thank you for putting this article together. I followed it step by step, then accomplished the task of enabling free SSL on my WordPress blog!
Thank you for putting this information together in a single blog post. I followed it step-by-step and accomplished the task of enabling free SSL on my WordPress blog!
I truly love your blog.. Pleasant colors & theme.
Did you develop this amazing site yourself?
Please reply back as I’m trying to create my own personal website and want to find out where you got this from or just what the theme is called. Kudos!