If you are planning to start an e-commerce website or any website and want to improve your user trust level then you must get an SSL certificate to your website. Using https is playing a big role in Google Ranking Factor.
What is SSL?
SSL stand for Secure Socket Layer. It is the standard for exchanging information securely via cryptographic encryption–between a website and the browser.
In short, SSL is a way to establish a trusted connection between the server and a web browser. If it is enabled then the server will encrypt data before transmitting in a way that its recipient can decrypt.
In short, SSL is a way to establish a trusted connection between the server and a web browser. If it is enabled then the server will encrypt data before transmitting in a way that its recipient can decrypt.
Why use SSL on a WordPress site?
- Enable secure login for your client on your website.
- It helps you a lot in your business website. It is very important because your visitors will be more secure and you have more trust from your visitors and it will improve sales and leads.
- In future, Google will penalize websites and WordPress sites that are using SSL. So it will play a ranking factor for your website.
If your blog or WordPress site still not using SSL then you must start thinking about it.
There are many ways to do it and you can pay a lot for the certificate or you can install a free certificate.
In this post, I will show you to install and activate Free Cloudflare Flexible SSL certificate on your website. If you want Premium SSL certificate or service then you can buy and use that in the same way.
There are many ways to do it and you can pay a lot for the certificate or you can install a free certificate.
In this post, I will show you to install and activate Free Cloudflare Flexible SSL certificate on your website. If you want Premium SSL certificate or service then you can buy and use that in the same way.
Is SSL enough for security?
Installing and configuring SSL is an important step in securing your user’s data, but it is not enough to secure your site. Every site is as weak as its weakest password.
- To secure your website use strong passwords, keep WordPress and your plugins up to date, scan for malware and botnet attacks.
- All security issue can be covered of course by using a good security plugin such as WordFence, Sucuri.
- Having an SSL certificate on your website will not prevent any of those, as once a malicious script is installed on your site.
- Setting up an SSL certificate and configuring WordPress to use HTTPS is the first step in the process of securing your WordPress site or any web site.
Setting up free Cloudflare Flexible SSL
- Go to CloudFlare(link) and sign up.
- Click on Add Site to add your WordPress site. After adding your site click on Begin Scan. Just for now wait until Cloudflare finished scanning your domain nameserver.
- Click on “Continue Setup” button.
- When you have registered and set up your domain name, click on your domain name. At the top, there will be a row of icons click on Crypto.
- There are 3 options but here we are selecting free plan
* Free Security Plan (Free Flexible SSL)
* Pro Security Plan
* Business Plan
* Pro Security Plan
* Business Plan
After selecting your choice of the certificate, it will take 15 minutes around to issue and activate your certificate.
IMPORTANT – If you are setting CloudFlare Flexible SSL on existing old site then in your WordPress Dashboard backend leave your WordPress Address (URL) and Site Address (URL) as HTTP. Do not try to change it.' Only change these two to https if you are using it on newly installed WordPress Site.
Now we have to install and activate ClodFlare flexible SSL plugin by iControlWP.
Install CloudFlare Flexible SSL Plugin
This WordPress Plugin enables Flexible SSL on WordPress. It prevents your WordPress website from infinite redirect loop when your website loads under CloudFlare Flexible system. So the next step “Configure WordPress Https’s Plugin” is just an optional step only use if you are facing the problem.
Configure WordPress HTTPS Plugin’s Settings
- Go into the WordPress HTTPS Plugin’s settings.
- Select Yes for the Proxy setting.
- Save the setting.
This plugin is not necessary if all of your WordPress Plugins and Web Pages links are already showing HTTPS. Some of the users are facing this problem and this WordPress HTTPS Plugin will change all links to HTTPS.
Configure Page Rules To Force HTTPS for website
You must add rules to work SSL properly for all pages of WordPress.
- Go to CloudFlare and Navigate to Page Rules
- Switch on the “Always use https”
- Write your full WordPress blog Homepage URL within two stars like *example.com*
Change your WordPress Site Address (URL)
Now you need to change Site Address (URL) to “https://”, but make sure you leave the WordPress Address (URL) as “http://”.
**IMPORTANT** If you change your WordPress Address (URL) to “https://” it will break your site. If you change the Site Address (URL) to “https://”, without the Cloudflare Flexible plugin running it will also break your site.
After all settings, you should see a green lock icon on the address bar when opening your website now. If not then wait for at least 30 minutes, sometimes this may take more than 24 hours to get activates.
Postcredits: roodex
0 comments: