Something to keep in mind is that every website exposed to the internet could be under some form of threat. One way to reduce the amount of threat your website is exposed to is by using SSL certificates. With this post, we come with an easy solution to Setup SSL for free on your WordPress site including how we are using this Solution on our website.
What is SSL
SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.
If any of these sound a little bit too “nerdy”, just have your mind on security. So basically SSL is a feature that helps ensure your security.
Unfortunately, things this good rarely come free. Most WordPress sites are hosted on shared hosting. This often means your host may prevent you from acquiring your SSL certificate from a third party or will probably charge a premium to offer you this service. But do not despair, here is a way to get this security feature for free for your WordPress site.
I will recommend you to read our these posts to understand SSL more in details
Setting up SSL for free
There are basically three main processes for getting this service for free;
- Create a CloudFare account.
- Get the “CloudFlare Flexible SSL” WordPress plugin.
- Configure HTTPS.
Creating a CloudFare account
To create a CloudFare account, go to the official website and sign up with your email address and password, after this, the next window will ask you to add your site. In the text box provided, add your domain address.
Once this is done, you get a message telling you that your DNS report is being queried. Click next.
On the next window, you will have to pick from the pricing list. For the sake of this tutorial, we will pick the free plan. This plan contains a global CDN, free shared SSL and unmetered mitigation of DDoS attacks.
Confirm your plan. When you’ve selected your records, continue. The DNS report of your site will be scanned and listed for you. (In this example there are no files to be listed)
At this point, you will be required to change your DNS to CloudFare. Changing your DNS allows CloudFare to redirect requests to the HTTPS version of your site and also to act as a CDN for your content. This process will entail you having to copy the web addresses from CloudFlare over to your DNS provider and update it.
NOTE: The process is not instant and can take from a few hours to a whole day.
After this return to your CloudFlare dashboard and click on Crypto icon at the top of the dashboard.
On that page, select “Flexible.” from the drop-down list. CloudFlare will automatically set up the certificate, but it’ll usually take some time.
Get the “CloudFlare Flexible SSL” WordPress plugin
Next, you go to your WordPress dashboard, under the plugin tab, select add new and search for “CloudFlare Flexible SSL.” Install the plugin.
Return to the CloudFlare website, return to the “Crypto” section then scroll down to locate the switch to always use HTTPS. Switch it on.
Once this is completed, your site should be now using HTTPS for all of its connections.
How Technicalustad is configured to Use SSL
Our website is running on Cloudflare but we have SSL from Hosting provider. If you are running on the same situation just select Full SSL under the crypto tab.
We are using ” Really Simple SSL” WordPress plugin.
Just in case you are still wondering if your WordPress website needs an SSL certificate, the answer is most likely a resolute YES! SSL/HTTPS is highly recommended for every website and definitely mandatory if your website will require any kind of user information like login information, credit card information, payment details etc. If you will not pay for one, then I hope this tip gives you a good alternative.