Having a secure website is now more important than ever. Even if you are not “selling” straight from your site the visible cues in modern web browsers are pretty apparent.

The following will scare away most visitors!

Let’s get this fixed for you and improve your visitor confidence. It is likely it will improve your search ranking too. You know…Google cares about your safety.

Here are the high-level steps to set up SSL on your site. We choose to keep it simple and just make it work well. So with that in mind, we use Cloudflare’s Flexible SSL.

Setting up your free Cloudflare Flexible SSL

  1. Sign up with Cloudflare
  2. Select the free plan
  3. Follow the steps to add your domain name
  4. Note it can take 24-48 hours to fully resolve a DNS change depending on your domain registrar (and sometimes your internet service provider). Be patient at this point and make sure everything is resolved.
  5. After the changes are resolved click on your domain.
  6. Select Crypto. At the top, there is a row of icons where you’ll find Crypto
  7. Select the Flexible certificate under the SSL section. This should be at the top of the page.

The certificate takes about 15 minutes to become active. Once you see the green dot next to the Universal SSL Status and the Active Certificate setting you should be ready to proceed.

Now, let’s prepare WordPress for Cloudflare’s Flexible SSL…

IMPORTANT – In your WordPress settings leave your WordPress Address (URL) and Site Address (URL) as HTTP. Don’t worry, we’ll change this later. If you change it now you get to use CPanel and waste a bunch of time. Seriously, don’t change it yet!

WordPress makes it easy. We just install a plugin — that is all!

CloudFlare Flexible SSL Plugin

This plugin is required to successfully Flexible SSL on WordPress. Basically, it will prevent infinite redirect loops when loading WordPress sites under CloudFlare’s Flexible SSL system.

CloudFlare Flexible SSL Plugin

Tell CloudFlare to send your content via HTTPS

Go back to Cloudflare
Select your domain

  1. Select Crypto. At the top, there is a row of icons where you’ll find Crypto
  2. Turn “always use HTTPs” on

Change your WordPress Site Address (URL)

Now it is time to change your Site Address (URL) and the WordPress Address (URL) to “https://”.

You’ll be forced to log back in. But all should be good now.

Check your Cloudflare Flexible SSL is working. I like to verify it in a couple of browsers — but as long as it looks good in one you should be OK. You should see the little lock in the address bar now.