“How to get free SSL certificate” or “how to setup CloudFlare free SSL to WordPress” are a few commonly asked questions since Google decided to display all HTTP site as “not secure” in the newer releases of Chrome browser. (Source: Google Security Blog)
Nowadays, using HTTPS is a no-brainer because secure sites have an advantage in search engine ranking, even they are not handling sensitive data.
Yes! You have heard right that Google is counting HTTPS as a ranking signal for its organic search results. (Source: Google Security Blog)
The websites want to appear more professional & authentic are expected to run under HTTPS. And, for any site that uses a CMS (Content Management System), securing sensitive information like admin login credentials and user-submitted data should be the priority.
But, what’s the HTTPS?
You might have observed while browsing the internet that page URL starts with either HTTP or HTTPS.
HTTP means Hypertext Transfer Protocol which controls the transmission of data over the web where HTTPS stands for Hypertext Transfer Protocol Secure; a secured version of regular HTTP.
Adding HTTPS to your site have many advantages including some mentioned below:
Advantages of HTTPS or SSL certificates:
- Encryption of data transmission carried between the user and the server.
- Keeps data away from hacking to steal your sensitive information.
- No access to an unauthorized person making any third-party very difficult to spy on you.
- Restricts cyber-criminals from redirecting your visitors to their site.
- Ensures the privacy and integrity of the data exchanged which enhances the trust and reliability of your brand.
Now, you would be thinking, if it’s a vital part of the website performance & SEO, then why not all people add HTTPS to their sites.
Am I right?
Your question is legit but historically, adding HTTPS to the websites to secure it required additional cost and the process of obtaining a certificate was very complex.
But, you need not worry about that.
Now, anyone can secure his/her site by paying zero to a few bucks for SSL certificate that offers encrypted data transfer to their site. And, the overall process is simply fool-proof.
I’m sure that you are excited to know how to get a free SSL certificate.
But, here you have other bonuses too. You will get free CDN (content delivery network), performance booster along with many security features.
Do you know the best part of this?
This complete package is available for free. Thanks for CloudFlare’s concerted efforts for removing the barriers to protect your site(s) and help to improve its performance.
In this article, I’m going to explain how to setup Cloudflare Free SSL to secure your site. However, for better protection and extended features, you can get one of its premium plans or switch to other SSL certificate providers.
Important: Let’s Encrypt is another free SSL certificate authority brought to you by the ISRG (Internet Security Research Group) but currently does not support all hosting services. You can ask your web host support whether they support Let’s Encrypt or not.
Otherwise, you can move your website to SiteGround and get Let’s Encrypt SSL and CloudFlare CDN (Basic) completely free to get improved performance.
In your web hosting cPanel, you can activate these both features easily with a few clicks. Plus SiteGround team will handle your site migration without any extra charge (requires to opt for GrowBig and higher plan).
Setup CloudFlare Free SSL To Your WordPress Website
This starts with signing up a free account with CloudFlare and integrating all the required settings to receive the free SSL and other performance benefits.
Signing up for CloudFlare
To avail free SSL and CDN from CloudFlare, you need to have a site live on the web or one that is ready for launch.
The whole process of registration is simple. You only need to play with your email address where you can access your credentials and receive account related emails.
When you register on CloudFlare at the first time, it directs you towards migrating your domain name. The user-friendly wizard of CloudFlare will help you when you move ahead and change it as your DNS provider.
It’ll scan your DNS configuration to detect DNS settings and allows you to update those settings just by changing your nameservers.
Here’s is a complete tutorial on how to setup CloudFlare Free SSL certificate to your WordPress website.
Setting Up the CloudFlare Free SSL Certificate
- Create a self-hosted WordPress website and publish on the web.
- Sign up for free CloudFlare account with a valid email address and password. (No credit card required for free forever plan). You can log in if you have an existing account with CloudFlare.
- At the dashboard, select Add Site option and place your site’s URL in there. Start scan to check DNS settings and at the next step add DNS record to run traffic over CloudFlare.
- Select the suitable plan (Free in this case) according to the features you need.
- Then, CloudFlare will give you nameservers to replace your default ones. Change your nameservers to the custom nameservers provided by CloudFlare and save the settings.
- Finish the setup process and wait for 24 hours to the CloudFlare providing the free SSL.
- Set the recommended options from your CloudFlare dashboard as well as WP admin.
- Test site to verify whether is running under HTTPS or not otherwise recheck your settings.
Bonus Tip: Using W3 Total Cache with CloudFlare helps a lot in improving site speed and overall performance.
Here, you’ll need to sign in your domain name registration account and change the default nameservers.
In most of the cases, you will find this under Manage DNS setting of your domain name account. Set the option to custom nameservers and replace the default ones to those provided by CloudFlare. If you are not able to use custom nameservers, then try again after removing registrar lock or contact support team to guide you further.
Wait for some time to take effect after you make changes. It’ll take a few minutes, but you will not experience any downtime due to this process.
Finish the setup, and you can see the status of your site on CloudFlare dashboard as Active. Now, you have to play with a few options to get the maximum benefit from CloudFlare’s free plan.
Using CloudFlare’s Official WordPress Plugin
If you are using a WordPress website, CloudFlare has a free WP plugin to take advantage of their service.
Just install and activate the plugin and enter API key which is available at your CloudFlare account dashboard.
Go to WP Admin Dashboard > Plugins > Add New > CloudFlare and complete installation process. On activation of plugin, you can either signup for CloudFlare or log in to the existing account to get an API key.
Set the recommended options for security, performance, and speed. Make sure you have switched-on to the Automatic HTTPS Rewrites option from CloudFlare plugin settings.
However, don’t forget to set secure URL like https://abcd.com for WordPress address and Site address from your WP admin settings under the General tab.
Important: Google treats http://abcd.com and https://abcd.com as different sites, so make sure you have submitted all versions of URL to webmasters tools and used proper redirects.
CloudFlare Free Plan Features
With a free plan of CloudFlare, you can get many useful features needed for the WordPress website. Here, I’m going to discuss as many of them on the go.
On this tab, you can check the status of your website, security level, and the type of SSL certificate. You can also manage the subscriptions from here.
Analytics feature of CloudFlare displays all stats at the single place where you can see the different performance and security related threads like web traffic, unique visitors, bandwidth and security threats. Geographical statistics are also available under the Analytics tab.
Under DNS (Domain Name System) setting, you can add or change the DNS records. At the bottom, you can see the nameservers you have assigned.
CloudFlare allows CNAME flattening that follows a CNAME where points and return that IP address instead of CNAME record.
By default, it flattens the CNAME at the root of your domain only i.e. websitetipstricks.com in my case.
CNAME flattening helps in freeing you up from being tied to the single IP which is inherently risky, and it’s the only way to standardize on HTTPS with the root domain.
DNSSEC is another feature protects against the forged DNS answers.
You can manage SSL certificates under Crypto tab. Different encryption and security options are available to configure on that page.
When you sign up for a free SSL at CloudFlare, select the recommended options here to get maximum protection for free.
A firewall protects you against malicious attacks and CloudFlare does its job finely. You can switch various security options here also like rate limiting, access rules, etc. to set the site security and allow access to specific IP addresses.
For advanced DDoS protection, you will need to upgrade to the business plan or higher.
Caching helps you serve contents from cache memory improving the speed of browsing thus user experience.
From the Caching menu, you can manage different caching options like purge cache, caching level, browser cache expiration, etc.
With page rules, you can control your CloudFlare settings by URL. For the free account, you have three page-rules available to trigger specific settings.
Network menu has features to manage the network settings for your websites. It helps to improve the network efficiency.
This menu helps in controlling and managing the traffic and reviewing the firewall events.
Under customize menu you can personalize the error and challenge pages that CloudFlare presents to your visitors. But, you need to buy the upgrade to almost every plan.
From Apps menu, you can integrate different apps to your site. These apps include Google Analytics, Webmasters tools, and a few ads programs.
Scrape Shield helps you protecting contents on your site. You will get different options including Email Address Obfuscation protecting emails from spammers, server-side excludes and hotlinking of static contents like images.
Testing Website Under HTTPS
Once you have completed with setup, try to load your site URL under HTTPS instead of HTTP making it the default mode to ensure the website’s functionality.
You can try loading site from multiple browsers and devices, browsing a number of pages and logging in, etc.
Initially, you need to wait for at least 24 hours to get SSL active, if you do not see one. You can use different tools like SSL checker to ensure SSL certification.
This was the complete process of settings up CloudFlare free SSL and good for the simple blogs only that provide information.
For an e-commerce website or one which processes sensitive information, you should always be using an SSL certificate from a trusted source.
Currently, CloudFlare is providing flexible SSL certificate for free that encrypts data transfer between user’s browser and CloudFlare server. The further travel of data is on HTTP only which is not encrypted.
With Full and Full (Strict) SSL, you can get the benefit of end-to-end encryption, but you’ll need to pay for a valid certificate.
For premium SSL certificates, you can choose a good web host that provides free SSL like SiteGround or purchase a valid SSL certificate from a trusted source.
Stay Secure, Stay Happy!