We’re a fan of easy. As one of our clients says about legal issues, the toughest problems will yield to the simplest solutions. SSL, which encrypts traffic on a website, has a reputation for being a tough problem.
It used to be, and in some applications it still is judging from the unanswered question this author had back in June 2017. With WordPress, it’s quickly becoming very easy.
This article discusses what we feel is the (second) easiest way to use HTTPS with WordPress. We have found this approach to be easiest, second only to buying a hosting plan that already includes SSL, like WP Engine. If you don’t feel like switching hosts, or are like us and sometimes have to work in the confines of other hosting companies, this approach will allow you to use HTTPS with WordPress in a snap.
- Step One: Sign up for a Cloudflare account. It’s free. Cloudflare has a few paid plans for the bold (or for those with extensive security or traffic concerns). For the rest of us, the free website plan works just fine.
- Step Two: Cloudflare will prompt you to add a site. Go ahead and enter the address of the website you want to use HTTPS with. Cloudflare will perform a scan on the domain name settings (DNS).
- Step Three: Check to make sure the DNS records match those found with your registrar. If they do, follow the next prompt.
- Step Four: Cloudflare will provide you with two nameservers and will tell you which two existing nameservers need to be replaced with these new ones. It’s important to replace the corresponding existing nameserver with the exact one provided by Cloudflare.
- Step Five: Relax while Cloudflare picks up the nameserver change.
- Step Six: Once the nameserver change has been picked up by Cloudflare, you’ll receive an email informing you that the site has been added to your Cloudflare account. Be excited! We’re almost done.
- Step Seven: Visit the Cloudflare dashboard for the website and click the “Crypto” button near the top of the page. You’ll want to update two settings. First, make sure SSL is set to “Flexible”. Second, make sure that “Always Use HTTPS” is checked to “On”.
- Step Eight: Wait a few minutes, then visit the website. You should automatically be taken to an HTTPS version of the site. Your browser has information that it’s secure.
For most people, this should be enough to establish secure connections to a website. Some industries may require additional security measures outside of simply enabling SSL.
If you’ve followed these instructions and are having issues with your website breaking or not loading properly, uncheck “Always Use HTTPS” and give us a call at (408) 429-0585.