Ever saw this little lock next to a website URL? Securing your website via SSL and offering an HTTPS version of your site by default is a mark of safety for your visitors, especially if you are selling something to them. Some WordPress plugins, like Gumroad, require that your website uses SSL. It’s even said that in the future Google wants to start penalising websites that are not secured with a SLL certificate.

That’s all good reasons to use SSL & HTTPS on your WordPress site. However, it can still be really difficult and costly to use SSL on your website. Usually, you would need to buy a SSL certificate, and install it on your site. My host, Siteground, asked me for about $40 a year for one certificate. That’s not too much compared to other hosts, but that’s just for a single website! In this article, I will show you that there is another way, which is not only easier to configure, but is also completely free!

Setting Up CloudFlare

The whole method is based on CloudFlare, which is a service to speed up & protect your websites by putting them behind their own cloud. If you website is already behind CloudFlare, you can skip this section. Otherwise, create an account at:

https://www.cloudflare.com

You will be taken to the CloudFlare registration page:

Screen Shot 2015-12-13 at 11.10.41

You can now click on Add site:

Screen Shot 2015-12-13 at 11.12.56

As an example, I will take a website of mine that I put behind CloudFlare, Dividend Academy. First, add the URL on CloudFlare, and start the scan:

Screen Shot 2015-12-14 at 19.14.48

This will take 2-3 minutes, depending on your hosting provider. Then, the following screen will appear:

Screen Shot 2015-12-14 at 19.15.57

Just confirm and move to the next screen. You will be asked to choose a plan. There are paid plans, but simply choose the free one:

Screen Shot 2015-12-14 at 19.16.18

After that, CloudFlare will tell you to modify the DNS records of your domain name:

Screen Shot 2015-12-14 at 19.16.26

This is really easy to do. You need to now login at the provider of your domain name, where the DNS records are set. For me, it was on GoDaddy for this particular domain name. There, you will find the DNS records next to the domain name:

Screen Shot 2015-12-14 at 19.17.24

After that, modify them so they match the CloudFlare’s nameservers your were given earlier:

Screen Shot 2015-12-14 at 19.18.01

Finally, go back to CloudFlare. CloudFlare is now waiting for the change in the DNS records:

Screen Shot 2015-12-14 at 19.18.14

This can take a while, up to 24 hours in theory. However, I found out that in general it’s now done in less than 10 minutes.

Setting Up WordPress

In the meantime, we are going to configure WordPress. You need to login on your WordPress site, and look for the WordPress HTTPS (SSL) plugin, that you need to install:

Screen Shot 2015-12-14 at 19.19.31

Activate the plugin, and go back to CloudFlare.

 

Activating Redirection to HTTPS

After a while, your CloudFlare redirection should be active:

Screen Shot 2015-12-14 at 19.21.51

From now on, your website is using SSL. However, you still need to ‘force’ your visitors to use the HTTPS website by default. You can now access several parameters for your domain name. Click on Pages Rules on the top menu:

Screen Shot 2015-12-14 at 19.23.37

You can add several rules using this page, which is what we will use to force our site to use HTTPS by default now. Type the URL of your site, without the www, in a new rule. Also click on Always use https:

Screen Shot 2015-12-14 at 19.23.50

Add the rule, and create a new one with the same parameters, this time with the www:

Screen Shot 2015-12-14 at 19.24.00

You should see your two newly created rules now inside your CloudFlare account:

Screen Shot 2015-12-14 at 19.24.06

Finally, wait a while, or clear the cookies in your browser (otherwise your browser will still access the non-HTTPS version). Then, visit your website again. It should now be protected by SSL, showed by the little lock near the URL:

Screen Shot 2015-12-14 at 19.34.05

Now, go back to your WordPress blog, and open the plugin settings. In there, you just need to check the first box, and save the changes:

Screen Shot 2015-12-14 at 19.21.29

You now have a secure website (and a secure admin panel as well) that will not only be more trustworthy for your clients, but also allow you to use plugins like Gumroad to securely sell products on your site. I hope that you enjoyed this tutorial, and feel free to comment below!