Cloudflare just annonced universal ssl certificates for free plans as well. That means you don’t need to spend hundreds of dollars a year to get a reliable ssl certificate – you can get it for free.
You might need a couple of tools to get it right in WordPress. In this short tutorial I will show you, how to get it working right.
1. Enable SSL on cloudflare control panel
Sign in to Clouflare and open up the cloudflare settings panel, and scroll down to SSL and select the Flexible SSL option.
2. Install the WordPress HTTPS plugin
This step can be optional, but if you have lots of content, then I highly recommend it. If any resource on a given page is loaded via http instead of https protocol, then the https connection is not 100% valid anymore. This little plugin will ensure, that these resources are loaded correctly via https. Here you can get the WordPress HTTPS plugin.
3. Change your site url to https
Go to the General options page and change your site url to https://…
4. Force https via .htaccess (optional)
Most likely you don’t need to do this, but in some cases the default http:// site url will not redirect automatically to https://
In this case you need these lines to your .htaccess file:
# Force HTTPS
RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"'
RewriteRule ^(.*)$ https://yourdomain.com/$1 [L]
5. An extra modification to the wp-config.php file
Because of the reverse proxy, a small modification might be required in order to make this work. Put the followin lines above the
/* That's all, stop editing! Happy blogging. */
line (it’s usually around line 90):
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS']='on';
Yep.
After refreshing your browser, you should see a nice, secure https version of your site, and all this for FREE!
Comments 12
Hi, i have been reading and trying to implent https but looks like there’s problem when we want to use the https. For it to works perfectly we must use all https in the content, and if the outsource link doesn’t have https then the https not working . and will show yellow icon instead.
any fix for this except delete the outsource link?
Author
Hi!
The outbound links should not cause this. Only stylesheets, javascript files, images or other resources that are loaded on your page via http can break the certificate. You can use this site to test for such resources: https://www.whynopadlock.com/
I use the plugin and when i visit site with https://
it show green lock, it’s good, but it remove link that’s not secured.
i don’t check the option Remove Unsecure Elements .
and i only enable ssl admin, all the rest i leave defaults.
How i can load the page contain unsecured outbound link with yellow icon lock?
This article is great. Very useful information. “https” it is required increasingly more, I will definitely try this.
Nice For https Information lot of thanks
I just try to use Free Clouflare SSL so I no need use their Paid plan and setup the Https access from Wp-config.php.
One blog with it’s own SSL Certificate installed on the server work good.
Another blog that do not have SSL Certificate installed on the server, only self-signed SSL, not work.
Could you advice me ?
Thank you.
Hi,
Tried on vtuelearning.in but its not working after activating secure plugin its giving error . please take a look and tell me the solutions.
Thanks
Pingback: How to Move a Classifieds Site From Http to Https - Open Classifieds
Yesterday, i change my web from http to https using cloudflare flexible ssl
but, now my site is disappear from google search result.
Any suggestion?
Thank
Can you please help me in configuring it personally.It is stil going in loop(Saying website has to many redirections)
Thanks
Himanshu
Hello Ernesto, and about plugin?? https://wordpress.org/plugins/cf-littlebizzy/
Thanks–
“Access denied” when testing HTTPS site in Google’s Structured Data Testing Tool after activation of Cloudflare SSL in my WordPress blog.