On the heals of Google’s recent announcement of preferred SSL usage for all websites, I was delighted to see that since I’m already using CloudFlare I can take advantage of their Flexible SSL. Available with any paid plans (and soon to free plans.)
I had to do a bit of testing to best figure out how to migrate over my existing WordPress site to use CloudFlare’s SSL so I thought I would create a simple how-to for anyone who wishes to do the same.
How to use CloudFlare Flexible SSL with WordPress:
First of all, check to make sure your site is correctly working with CloudFlare service. The whole process of adding a website to CloudFlare is super simple and only requires a user to change their DNS.
Select the CloudFlare Pro Plan
Once you’re site is properly working with CloudFlare, make sure you upgrade to the PRO plan, which is $20 a month. SSL certificates can be expensive and hard to manage. While $240 a year is not exactly cheap, think about all of the other benefits CloudFlare brings to your website including the website firewall and caching services… Well worth it in my opinion. Also, additional websites are only $5 extra a month, so for me it is much less then getting individual SSL certificates.
Make sure you select the appropriate SSL setting for your site. If you do not have an SSL installed on your server, then you need to use the CloudFlare Flexible SSL setting.
Set the CloudFlare Page Rules:
I’ve learned that the best way to redirect the non-ssl version of your WordPress site is to simply head on over to the CloudFlare page rules section and select “Force SSL”. This works best as if you ever turn CloudFlare off, you site will simply revert back to non-ssl. – More on CloudFlare Page Rules
Finally Create a Rule to Force All SSL:
1. Enter your url without the https.
2. Select Always use https.
3. Apply rule.
That’s it. Now all of your urls will redirect to a SSL layer served via CloudFlare.