How to Serve SSL in WordPress for Free!
An SSL is a method of encrypting information shared between two computers. That way anyone trying to look at the data being transmitted, won’t be unable to make any sense of it. It will be encrypted using a very complicated mathematical formula. It’s one of the most secure method at this time, and is extremely difficult to decrypt. Not until they can figure out how to make quantum computers work better at least. Google has also acknowledged that having an SSL is part of their ranking factors for websites. It isn’t a ton of SEO boost, but anything that helps rank the entire website is always good when it doesn’t require a ton of work. We are going to be setting up a free Cloudflare account, updating our nameservers, and installing two WordPress plugins to complete this task. They allow us to use their SSL certificate, so it will not be required to buy one.
Contents
Account Creation
You will need to create a free account with Cloudflare. It only takes an email and password to create an account, and you won’t need to verify the email address. After you enter in the account information, and it has been created. It will ask to scan for your website for its DNS records. Cloudflare will be giving us two new nameservers to update on our end after the scan is complete.
Note: The website needs to be hosted and live at the time as well.
DNS Record Config
The above DNS Settings is how I’ve been setting up my personal sites with them, though the default settings should work just fine for you.
Nameserver Setup
Cloudflare will assign you two new nameservers to replace the current ones in your domain registrar. Go ahead and replace the old ones, and let it update.
WordPress Plugins
These two plugins are not 100% required but are recommended for WordPress users. They can make life easier by preventing any headaches from happening.
Cloudflare Plugin By John Wineman
WP Download Link
SSL Insecure content fixer by webaware
WP Download Link
For the Cloudflare WordPress plugin, it will ask for your API key and email address. You will find the API key under the settings tab. Click on your email address in the upper right to find the dropdown menu. You will want to use the global API key for this plugin. Copy and paste this key into the app’s API text box.
The only thing you will want to make sure of with insecure content fixer is that http_X_Fowarded_Proto is selected. If SSL isn’t live yet when you install the plugin, it may not automatically select it.
CloudFlare SSL Settings
After CloudFlare becomes active on the site, you can go into the Crypto settings in your account. You will want to be using a flexible SSL – this is because it does not require an SSL certificate for the origin server (where your website is actually located at).
Scroll down to the bottom of the cryptography page, and turn on automatic HTTPS Rewriters.
You will only need to create a one-page rule, and that is to forward all URLs to be served in https.
The format for if the URL matches: http://*domain.com/*
The * are a wild card, so this will setup an SSL for your sub domains on this domain as well. Along with any URL, that is using your domain name.
NOTE: If Cloud Flare isn’t “active” yet, the always use HTTPS option will not show up.
Save and Deploy this Rule.
Give it a couple of hours to update and do its thing, but the next time you visit your site. Go to http://domain.com without the S in HTTP. When the page is fully loaded, it should have redirected and be serving all pages in HTTPS. If you have any questions, feel free to leave a comment below.
Author Profile

Leave a Reply
Want to join the discussion?Feel free to contribute!