The easiest way to add SSL to your WordPress Site

Last updated on: August 11th, 2014

Google recently announced that they will start giving a small SEO boost to sites that use https. I’ve seen several articles pop up that explain how to add a traditional cert that you buy to your site, but this can be complex and some host even charge more to add a SSL certificate to your hosting account.

I added SSL my WordPress site in a 5 minutes and I’m going to show you how I did it.

I’m  a huge fan of Cloudflare and I’ve written a past article on making your site crazy fast with Cloudflare. In this article I’m going to explain how to use their Flexible SSL service to make your site secure (https). First I’ll preface this by saying Cloudflare currently only offers SSL on their paid plans, but they have announced they plan to make it free for everyone to use soon.

So the first thing you’ll currently need is a Cloudflare Pro account. It’s $20 a month for one domain and $5 per additional domain. On the Pro plan you also get a Web Application Firewall for WordPress and other apps which is huge plus. Also when you use SSL you can enable SPDY which make your site well, super speedy. Some might say this is expensive but I think it’s quite a deal. When you buy a cert you have to maintain it and reinstall it when you renew it. With Cloudflare there is nothing to maintain, nothing to install.

After you get a Pro account just log into your Cloudflare dashboard and enable Flexible SSL.

Cloudflare Flexible SSL

Then log in to your WordPress site and install the https plugin. When you configure the plugin make sure to select ‘Yes’ on whether or not your site uses a proxy.



You should be able to test your site now to see if https is working. Just type in

The only thing left to do now is redirect all non secure traffic (http) to your secure site (https) Again to do this I use Cloudflare page rules. This will do a 301 redirect on all non secure pages.

Cloudflare https page rule


That’s it! Your site is now secure and faster!






About John Turner

John Turner is the founder of SeedProd. He's an Entrepreneur, Web Developer, Marketer, SysAdmin, DBA, Support Tech and can even Cook.


  1. Harsh Agrawal on August 12, 2014 at 8:13 am

    Thanks John.. This is quick and handy :)

  2. Olaf Lederer on August 12, 2014 at 8:58 am

    Don’t forget to update the all (important) incoming links to your website. A 301 redirect is fine, but a “direct” link is always better. Anyway, it’s great to know that Cloudflare offers these features.

  3. Marty Rogers on August 12, 2014 at 6:55 pm

    That’s quite an expensive ‘easy way’ compared to purchasing a $10 (yearly) RapidSSL certificate from Namecheap and spending 5 minutes installing it. Great post regardless!

  4. Rishi on October 5, 2014 at 11:10 am

    Thanks for this great walkthrough! Going to try it later today!

  5. Ankur on October 8, 2014 at 1:59 am

    I did this but did not get green padlock in chrome. It says your site is submitting data to insecure site

  6. Gandhi on October 23, 2014 at 7:35 pm

    Thank you :)

  7. Gabriele on November 11, 2014 at 8:13 am

    This is wonderful! I’ll try for sure!nnnI must say that I’d a try with just enabling SSL on Cloudflare, without installing the wordpress plugin. Strange enough, html is served but CSS and JS files are not. Do you have an idea on why this could happen?

    • John Turner on November 11, 2014 at 8:21 am

      Yep, you have to use the https plugin as described above to change the css and js file urls.

      • Gabriele on November 11, 2014 at 8:32 am

        ok! So I will :) tnx for the quick response!

      • Gabriele on November 11, 2014 at 5:40 pm

        Ok, finally I was able to make it works…almost (some wordpress-https bugs here and there). The last issue is that I cannot use your redirect trick, since I’ve used my page rules slot for cache control. Said that, the only way is to bake some rewrite rules, which is going to be crazy, since my website is running under IIS…augh!

        • John Turner on November 11, 2014 at 5:52 pm

          yeah, you’ll have to figure out something in IIS. Never used it so I can’t give you any advice :(

  8. Tionghoa on November 27, 2014 at 8:03 pm

    I just try to use Free Clouflare SSL so I no need use their Paid plan and setup the Https access from Wp-config.php.nOne blog with it’s own SSL Certificate installed on the server => SSL work good.nAnother blog that do not have SSL Certificate installed on the server, only self-signed SSL => SSL not work.nCould you advice me ?nThank you.

  9. Aron Jay on April 17, 2015 at 1:22 pm

    Hi John, I just did all as instructed, my site is now on Flexible SSL ( The only issue I’m having right now is I can’t get to make the page rules to disable all other cloudflare features on my /wp-admin/ pages, most of my JavaScripts are not working, Visual Editor is missing as well.

    My page rules are as follows;*
    Always uses HTTPS*
    Apps: Off, Performance: Off, Security: On, SSL: Flexible SSL, Cache level: Bypass cache

    Wish you could help me with this one.


    • John Turner on April 17, 2015 at 1:42 pm

      Just make sure that rule comes before you other rules. Try that.

  10. Chris on April 19, 2015 at 11:32 pm

    I was excited to see this article. I followed the steps and set it up but going to https://mydomain didn’t work. I thought it was because I had not checked force SSL Admin. When I did that I no longer have access to my site because the admin is looking for the https version of my site and it doesn’t exist!

    I deleted the plugin via ftp but whatever changes were made appear to go beyond the plugin. Working with tech support to fix.

    Other than that, Cloud flare sight mentions that it could take up to 24 hours for SSL to go into effect. Could that be why https doesn’t work on the site?

Leave a Comment

Sale - Get all of our Plugins for just $99  Learn More