Before knowing How To Use Cloudflare Flexible SSL on WordPress, let’s see what is Cloudflare and SSL. Cloudflare is mainly a CDN (Content Delivery Network) provider that has free and premium plans, and they also provide other services like DDOS protection, SSL, WAF (Web Application Firewall) and a few more. Using SSL or Secure Socket Layer will encrypt all sensitive information transferred between the client and server, here is the correct definition of What is SSL from Digicert, a well-known SSL certificate issuer.
SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser; or a mail server and a mail client (e.g., Outlook).
SSL allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely. Normally, data sent between browsers and web servers is sent in plain text—leaving you vulnerable to eavesdropping. If an attacker is able to intercept all data being sent between a browser and a web server they can see and use that information.
More specifically, SSL is a security protocol. Protocols describe how algorithms should be used; in this case, the SSL protocol determines variables of the encryption for both the link and the data being transmitted.
However in this tutorial I will show you How To Use Cloudflare Flexible SSL In WordPress, CloudFlare also issues premium SSL, but the flexible SSL is free.
Getting Started With How To Use Cloudflare Flexible SSL on WordPress.
To use Cloudflare SSL you must signup for a Cloudflare account and add your website there which is a simple process, click here to signup. If you already have a Cloudflare account then login into it and see if you have ‘Crypto’ tab enabled because in certain cases CloudFlare partnered with your host won’t allow Crypto in that case you will have to manually link your site to CloudFlare, see image below to check Crypto availability :
If you have Crypto enabled then on that tab in SSL section choose ‘Flexible’
After that on your Cloudflare account navigate to ‘Page Rules’ tab and add a new rule like in the below screenshot.
And below this you can see some options, just enable ‘Always use https’.
After adding this rule it may take a little time for the SSL to appear on your site, it’s better to Purge all caches after adding this rule by going to ‘Caching’ tab. When the SSL is active there is a higher chance that your site will break, this only happens if you just added your site and enabled SSL. In that case, it’s better to remove the page rule you have added, then try this again after 3-4 days so that Cloudflare can cache all static content on your site.
Fix Mixed Content Issue.
Usually even after CloudFlare has cached all static content on your site and SSL is issued which changed your site from http to https you may not see the green padlock beside your site’s URL in the address bar, this is called a mixed content. This is caused because some files on your site are loaded with https while some aren’t. You can fix this by simply installing ‘CloudFlare Flexible SSL‘ plugin that you can download here.
Advanced Mixed Content Issue.
Installing the plugin specified above should fix this issue but sometimes many other external files may not be loaded via https, like affiliate banners or other ads, in that case, use https://www.whynopadlock.com/ to check which files is loaded insecurely and try to host it yourself.
This wraps up the guide on How To Use Cloudflare Flexible SSL In WordPress, if you like this guide then please share it and if you have any doubt or problems regarding this then comment below.