How to get free SSL (HTTPS) for WordPress sites without root or SSH access?
SSL certificate has become one of the major concern if you want to keep up with Google ranking policy. Google has started giving importance to all secure websites over non-secure. All the websites with https at the start are considered secure, there are always exceptions, though.
Important Note: Follow the steps very carefully, else you will end up breaking your blog, and even the dashboard.
There isn’t really any requirement except having a CloudFlare account. All the free CloudFlare users are eligible for Flexible SSL certificate.
How to get Free SSL Certificate With Cloudflare?
- Visit Cloudflare.com, and sign up for a new account if you don’t have one.
- Add your website/blog to CloudFlare and change the DNS for the domain. If you don’t know how to, please comment.
- Click on Crypto tab, and select Flexible option under SSL (as shown in the image below).
- Certificate Issuance usually takes around 6 to 8 hrs. So you need to wait until you see the Active Certificate there.
- There is one more thing you need to do in CloudFlare, but not now. It will be done in the end.
Once Certificate is Activate go to WordPress Dashboard and Follow these steps
- Click on Plugin option, and hit Add New. Now search and add Cloudflare Flexible SSL plugin to your WordPress Blog (Make sure you are doing this only when the Cloudflare account shows that Certificate is active).
- Install and activate the plugin. You will not get any customization option, so don’t worry about it.
Cloudflare Flexible SSL is almost ready, but now we will force the website to use HTTPS
- Add another plugin to your WordPress Blog “WordPress HTTPS.“
- Install and activate the plugin, and then click on HTTPS option under dashboard to customize.
- Under SSL Host: type your WordPress URL without http://. For example, example.com or www.example.com. If your website doesn’t use www, please don’t type. You can also use subdomain URL, e.g. blog.example.com.
- Tick the option “Alway use HTTPS while in the admin panel.”
- Tick the option Auto under Proxy Settings.
- Now Click on Save Changes.
Change WordPress Site URL
- Now you need to click on the Settings option under WordPress Dashboard and make sure you are under General option.
- Change the Site Address from http to https, but make sure you keep http for WordPress Address. Check the screenshot below
After you are done with all the above-mentioned steps, go back to CloudFlare Settings and follow these steps;
- Click on Page Rules option
- Now hit the Create Page Rule option
- Type your website/blog URL with htpp://, e.g. http://example.com or http://www.example.com
- Click on Add a Setting option, and select Always Use HTTPS
- Save the settings now
- Now go to Crypto option again and then Turn off Opportunistic Encryption and Turn on Automatic HTTPS Rewrites
- Clear Cache from Cloudflare and from your WordPress Dashboard (if using any cache plugin)
Now visit any page of your website, it should automatic redirect you to HTTPS, and will show the green colored secure padlock. If the secure padlock doesn’t appear that means the page includes at least one URL that has http:// in it. It could be in the sidebar or a link to another website. You need to either remove it or replace http with https.
Is Let’s Encrypt Certificate Better than Cloudflare Flexible SSL?
Of course, it is. Let’s encrypt provides end to end encryption that means visitors are fully secure. However, CloudFlare flexible SSL isn’t end-to-end encryption and it usage a universal certificate to encrypt many websites and blogs like yours. In case of Let’s Encrypt Free SSL, it is dedicated to individual website/domain, and it is not shared among other websites.
Is getting Flexible SSL from Cloudflare will help in Ranking?
Yes, it certainly does. However, you are always recommended to use a dedicated SSL certificate. Use Cloudflare flexible SSL only when you don’t have other option. For example, a couple of my website is using GoDaddy’s Classic shared hosting, and GoDaddy doesn’t let you use custom SSL with this type of old hosting panel. I still have more than a year remaining validity for this hosting account. So I had to stick to CloudFlare. You can check this domain “https://dumbosdiary.com/” that usage Cloudflare Flexible SSL. However, I did move a couple of websites to Dreamhost because adding Let’s Encrypt with them is just a click away, and I found them much better compared to GoDaddy.
Using CloudFlare with a Free SSL Certificate?
If you are using Let’s Encrypt Free SSl or even a Paid one, you are not recommended to use Cloudflare account. It may sound strange, but it will hard SEO of your website. CloudFlare free account doesn’t let your upload Custom SSL, so your Let’s Encrypt or other SSL will have no value after you use CloudFlare. CloudFlare will start showing shared universal certificate. You should instead use WP Super Cache, W3 Total CacheHowever, if you are ready to subscribe a Business Plan and pay $200 each month, then you can do this.