WordPress free SSL with cloudfare

If you want to avoid the extra SSL cost, you may use cloudfare.

CloudFlare Flexible SSL – what is it exactly?

I’ll assume here you know how CloudFlare itself actually works – When a visitor loads your website they’re not actually directly connected to your web server, they’re connected to CloudFlare.

When you enable SSL on CloudFlare, you say “when a visitor is browsing my site, communicate with them over HTTPS/SSL”. With Flexible SSL enabled, CloudFlare will talk to your visitors over SSL, but will talk with your web server over non-SSL.

This means that the communication channel is not 100% SSL.  As always it’s broken up into 2 stages:

Visitor <=> CloudFlare
CloudFlare <=> Your Web Server

The difference now is that with Flexible SSL, the first stage is encrypted.

Is this ideal?  No.  Is it better than what you had a week ago?  Sure!

Installing CloudFlare Flexible SSL on your WordPress site

To do so:

  1. Create an account at cloudfare.
  2. At cloudfare’s home page, press the + Add Site button.
  3. In the Site field, enter your site’s domain name (without www), eg. yourgrrovywebsite.com, and press Add Site.
  4. Press Next, choose the Free Plan and press Confirm Plan.
  5. On the Review your DNS records page, set CDN only the values as show in the table below  (leave the other to DNS only) and press Continue.
  6. Copy the new nameservers, go to your domain’s panel and replace the old ones with the new ones.
  7. Wait until the DNS modifigation is over (it may take up to 24 hours).

For step 5, see the table below:

TYPE NAME STATUS
A mywebsite.com Proxied
CNAME ftp Proxied
CNAME www Proxied

Setup Cloudfare subdomains

If your site has existing subdomains, than you need to set them up in order for them to work properly. Otherwise, if you visit your subdomain you may come accross an error page (multiple redirects). To do so:

  1. Press the DNS button on the top of your cloudfare account.
  2. If you subdomain is eg. subdomain.website.com, than add this record
    CNAME subdomain website.com

Setting up SSL with WordPress

To do so:

  1. First of all, make a backup of your database. You can do so easily by entering the phpMyAdmin and exporting the database to your desktop.
  2. Confirm that the cloudfare SSL is active for your site by visiting Qualys SSL Labs.
  3. Install and activate Really Simple SSL plugin.
  4. Press the activate button that appears after the installation is complete.

Check for mixed-content warnings

A mixed content warning appears in a user’s browser when the WordPress site is loading both HTTPS and HTTP scripts or content at the same time. You can’t load both as they are completely separate protocols. When you migrate to HTTPS, everything needs to be running over HTTPS.

In order to check your site for mixed content warnings, you can use the Why no padlock site.

How to fix mixed content in Elementor after moving to SSL

Navigate to ‘Elementor->Tools->Replace URL’ and enter your old site address (with http://) and your new site address (with https://). You can find your current Site Address in the WordPress general settings. If your Site Address in the WordPress general settings is listed with https://www, you can include the www in the URL. If your Site Address uses https://, enter https:// without the www.

Redirect Non-WWW URLs To WWW Using Cloudflare

Having completed the cloudfare installation, if you go to https:://yourgrrovywebsite.com (with adding the www prefix), you may come accross an error page (multiple redirects).

To solve this issue, you have to redirect non-www URLs to www.

Click the Page Rules button. Click the Create Page Rule button.

http://mywebsite.com/ Forwarding URL 301 – Permanent Redirect http://www.mywebsite.com/

Using FTP with Cloudflare

If you try to connect via FTP to a domain that is protected by Cloudflare, it will not work. That’s because Cloudflare will only proxy traffic going through specific ports; standard FTP ports are not included. To connect to your FTP server, just connect to the IP (instead of the domain name). Connecting to the IP means you are bypassing Cloudflare’s protection which happens at the DNS level. As such, you will have no issues connecting via IP through your terminal (ftp 1.2.3.4) or using your FTP client of choice.

Too Many Redirects

If you’re receiving the ERR_TOO_MANY_REDIRECTS error when accessing your HTTPS enabled site that is being proxied through Cloudflare, it’s likely that you have SSL set to Flexible. This should be set to Full (strict), which will ensure connections to your site are fully encrypted end-to-end.

Learning Resources