How to Implement SSL & HTTPS in Free WordPress / WordPress

Implementing SSL will provide a number of advantages for your website. Besides improving website security, SSL will also help users gain the trust of a website as well as increase its overall ranking in Google Search results.

Once deployed, your website will be up and running https with a green padlock badge in the browser address bar.

However, having SSL in your site will traditionally cost several hundred per year depending on the type of Certificate. It certainly also requires technical installation of your server, which is often a tedious process.

But, what if I told you that you can implement a valid SSL free of charge With less pain to set up your WordPress site? This is the way.

Begin

CloudFlare, one of the leading CDN and Internet security services, has now upgraded their features with SSL for all their customers even for those with the Free Plan. We will use them to implement the free SSL.

This is where you sign up for an account. Next, add your site to CloudFlare. You will be prompted to replace NS (Name Server) with the ones provided, for example:

 ANDY.NS.CLOUDFLARE.COM Lola.NS.CLOUDFLARE.COM 

The process to do so will be variable depending on your hosting provider. So please refer to your hosting customer support. Once you’ve changed the DNS, your website will run through the CloudFlare infrastructure. Your pages will be hosted and served through their CDN, which will then increase your page load performance.

SSL Deployment

Now, follow these steps to deploy SSL to your website:

1. Sign in to your CloudFlare account. Go Electronic money page and put SSL (with SPDY) arrive flexible.

   

2. Login to your website Dashboard. Install and activate CloudFlare Flexible SSL. This plugin will fix issues including the “redirect loop” that happens when we force a website address to use https protocol.

3. Our website is now served through the CloudFlare network, which now allows it to redirect each visit to HTTPS. To do so, visit CloudFlare Dashboard > Site Rules and turn on Always use https Option.

   

4. Now, we need to set the URL Pattern to be served via HTTPS. You might want to set it to http://website.xyz/wp-login.phpfor example, or for all pages instead of http://website.xyz/*.

   

5. Remember to click More rules button to apply the rule.

Wait anywhere from a few minutes up to 24 hours for the setup to affect your site. Only then will your website be redirected to httpsso

A few things to note

How We Deploy https to our website without the need for an SSL Certificate, has been done with Hostname Indication or SNI. SNI allows HTTPS to be served to multiple hostnames, IPs, or websites under a single IP number; in this case, CloudFlare serves many of their customers with HTTPS.

If you check the certificate information, you will see that the SSL is assigned to CloudFlare.

Also, SNI only works with modern browsers – basically browsers that are no more than 6 years old. You should also note that this SSL will only secure connections between your visitors to CloudFlare, while the connection between CloudFlare and your server is not secure.

If your website will pay or process sensitive data, you must choose full SSL which requires SSL installation in your server. But, for most blog sites, flexible SSL should be adequate.