Free SSL certificate with cloudflare for WordPress

Ernest Marcinko Tutorials, Wordpress 12 Comments

Cloudflare just annonced universal ssl certificates for free plans as well. That means you don’t need to spend hundreds of dollars a year to get a reliable ssl certificate – you can get it for free.

You might need a couple of tools to get it right in WordPress. In this short tutorial I will show you, how to get it working right.

1. Enable SSL on cloudflare control panel

Sign in to Clouflare and open up the cloudflare settings panel, and scroll down to SSL and select the Flexible SSL option.


2. Install the WordPress HTTPS plugin

This step can be optional, but if you have lots of content, then I highly recommend it. If any resource on a given page is loaded via http instead of https protocol, then the https connection is not 100% valid anymore. This little plugin will ensure, that these resources are loaded correctly via https. Here you can get the WordPress HTTPS plugin.

3. Change your site url to https

Go to the General options page and change your site url to https://…

4. Force https via .htaccess (optional)

Most likely you don’t need to do this, but in some cases the default http:// site url will not redirect automatically to https://

In this case you need these lines to your .htaccess file:

# Force HTTPS
RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"'
RewriteRule ^(.*)$$1 [L]

5. An extra modification to the wp-config.php file

Because of the reverse proxy, a small modification might be required in order to make this work. Put the followin lines above the

/* That's all, stop editing! Happy blogging. */

line (it’s usually around line 90):



After refreshing your browser, you should see a nice, secure https version of your site, and all this for FREE!

Comments 12

  1. Hendry

    Hi, i have been reading and trying to implent https but looks like there’s problem when we want to use the https. For it to works perfectly we must use all https in the content, and if the outsource link doesn’t have https then the https not working . and will show yellow icon instead.
    any fix for this except delete the outsource link?

    1. Ernest Marcinko Post
      1. Hendry

        I use the plugin and when i visit site with https://
        it show green lock, it’s good, but it remove link that’s not secured.
        i don’t check the option Remove Unsecure Elements .
        and i only enable ssl admin, all the rest i leave defaults.

        How i can load the page contain unsecured outbound link with yellow icon lock?

  2. J. C.

    I just try to use Free Clouflare SSL so I no need use their Paid plan and setup the Https access from Wp-config.php.
    One blog with it’s own SSL Certificate installed on the server work good.
    Another blog that do not have SSL Certificate installed on the server, only self-signed SSL, not work.
    Could you advice me ?
    Thank you.

  3. Pingback: How to Move a Classifieds Site From Http to Https - Open Classifieds

  4. Himanshu Ahuja

Leave a Reply

Your email address will not be published.