The easiest way to add SSL to your WordPress Site

John Turner founder of SeedProd Posted by John Turner on August 10, 2014

Last updated on: August 11, 2014

Google recently announced that they will start giving a small SEO boost to sites that use https. I’ve seen several articles pop up that explain how to add a traditional cert that you buy to your site, but this can be complex and some host even charge more to add a SSL certificate to your hosting account.

I added SSL my WordPress site in a 5 minutes and I’m going to show you how I did it.

I’m  a huge fan of Cloudflare and I’ve written a past article on making your site crazy fast with Cloudflare. In this article I’m going to explain how to use their Flexible SSL service to make your site secure (https). First I’ll preface this by saying Cloudflare currently only offers SSL on their paid plans, but they have announced they plan to make it free for everyone to use soon.

So the first thing you’ll currently need is a Cloudflare Pro account. It’s $20 a month for one domain and $5 per additional domain. On the Pro plan you also get a Web Application Firewall for WordPress and other apps which is huge plus. Also when you use SSL you can enable SPDY which make your site well, super speedy. Some might say this is expensive but I think it’s quite a deal. When you buy a cert you have to maintain it and reinstall it when you renew it. With Cloudflare there is nothing to maintain, nothing to install.

After you get a Pro account just log into your Cloudflare dashboard and enable Flexible SSL.

Cloudflare Flexible SSL

Then log in to your WordPress site and install the https plugin. When you configure the plugin make sure to select ‘Yes’ on whether or not your site uses a proxy.

2014-08-10_09-37-04

 

You should be able to test your site now to see if https is working. Just type in https://yourdomain.com

The only thing left to do now is redirect all non secure traffic (http) to your secure site (https) Again to do this I use Cloudflare page rules. This will do a 301 redirect on all non secure pages.

Cloudflare https page rule

 

That’s it! Your site is now secure and faster!

 

 

 

 

 

John Turner founder of SeedProd

By John Turner

John is the founder of SeedProd.com and a WordPress Developer with over 15 years of development experience.

The Best Coming Soon Page and Maintenance Mode Plugin for WordPress
  • Thanks John.. This is quick and handy :)

  • Don’t forget to update the all (important) incoming links to your website. A 301 redirect is fine, but a “direct” link is always better. Anyway, it’s great to know that Cloudflare offers these features.

  • That’s quite an expensive ‘easy way’ compared to purchasing a $10 (yearly) RapidSSL certificate from Namecheap and spending 5 minutes installing it. Great post regardless!

  • Thanks for this great walkthrough! Going to try it later today!

  • I did this but did not get green padlock in chrome. It says your site is submitting data to insecure site

  • Gandhi

    Thank you :)

  • This is wonderful! I’ll try for sure!nnnI must say that I’d a try with just enabling SSL on Cloudflare, without installing the wordpress plugin. Strange enough, html is served but CSS and JS files are not. Do you have an idea on why this could happen?

    • Yep, you have to use the https plugin as described above to change the css and js file urls.

      • ok! So I will :) tnx for the quick response!

      • Ok, finally I was able to make it works…almost (some wordpress-https bugs here and there). The last issue is that I cannot use your redirect trick, since I’ve used my page rules slot for cache control. Said that, the only way is to bake some rewrite rules, which is going to be crazy, since my website is running under IIS…augh!

        • yeah, you’ll have to figure out something in IIS. Never used it so I can’t give you any advice :(

  • I just try to use Free Clouflare SSL so I no need use their Paid plan and setup the Https access from Wp-config.php.nOne blog with it’s own SSL Certificate installed on the server => SSL work good.nAnother blog that do not have SSL Certificate installed on the server, only self-signed SSL => SSL not work.nCould you advice me ?nThank you.

  • Aron Jay

    Hi John, I just did all as instructed, my site is now on Flexible SSL (onesevenpx.com). The only issue I’m having right now is I can’t get to make the page rules to disable all other cloudflare features on my /wp-admin/ pages, most of my JavaScripts are not working, Visual Editor is missing as well.

    My page rules are as follows;

    http://onesevenpx.com/*
    Always uses HTTPS

    http://onesevenpx.com/wp-admin/*
    Apps: Off, Performance: Off, Security: On, SSL: Flexible SSL, Cache level: Bypass cache

    Wish you could help me with this one.

    Thanks!
    Aron

    • Just make sure that rule comes before you other rules. Try that.

  • I was excited to see this article. I followed the steps and set it up but going to https://mydomain didn’t work. I thought it was because I had not checked force SSL Admin. When I did that I no longer have access to my site because the admin is looking for the https version of my site and it doesn’t exist!

    I deleted the plugin via ftp but whatever changes were made appear to go beyond the plugin. Working with tech support to fix.

    Other than that, Cloud flare sight mentions that it could take up to 24 hours for SSL to go into effect. Could that be why https doesn’t work on the site?

Made with in Charleston, SC USA

LIMITED TIME OFFER - Get access to all of our plugins for use on unlimited sites for just $99  Learn More
[i]
[i]
[i]
[i]