If you use WordPress, and you own your own domain, this is an easy and straightforward way to add SSL to your website.
With this method, you don’t have to pay, you don’t have to involve your web host or move your hosting.
Here’s the transcript from the video…
So the first thing you want to do is get a free Cloudflare account. Just go there and sign up. I already have an account, so I’m going to log in. This is what you’re going to see when you first sign up for Cloudflare.
Put in your domain without the www or the http and hit begin scan. As soon as you do that, you’re going to see a video and it’s going to explain to you what it’s doing. So do that and watch the video.
Once that process is finished, you’re going to continue set up and it’s going to show you all of the records for your domain. These are all of the records that your domain has out there coming from it’s current web host. Now you come to a step that says you want to verify all your DNS records or listed correctly?
Well this went out and pulled everything that’s live off of the internet. Everything that’s coming from your web host, all the information that’s out there. So if there’s even a remote possibility anything could be incorrect, I’d be surprised.
So now what you’re going to do is scroll to the bottom and hit continue. And it’s going to tell you that you have to choose a plan. Well choose the free plan to get started and hit continue. Now it tells you to change your name servers.
This tells you what the current name servers are, this tells you what you change them to. So I’m going to go to that one, make a change, go to that one, make a change. Those are the settings and I’m going to hit save.
As soon as I do that, at Cloudflare I’m just going to hit continue. Now it’s telling me that the website’s not active because DNS modification is pending. What that means is, you just want to check them again.
Press the button and bingo you should within seconds get this message at the bottom that says, you have changed your name servers. Now we’re ready to move onto SSL. If you’re a Word Press user, you can use the Cloudflare flexible SSL plugin.
In Word Press just go to plugins, add new, search for the plugin over here, install the plugin, activate the plugin. Then come back to Cloudflare and go down to the SSL section. Click full, make sure that you’ve chosen flexible.
It’ll tell you that the status is issuing. After just a few minutes, if you refresh the page it should say that this certificate is active.
At that point, you can come back to your website and you can put https in front of the www and it should load just fine with the https without any warnings. Now the last thing you need to do is force all your visitors to use SSL. And that simply means scrolling down here in Cloudflare, choosing the option to always use https by hitting on. That’s it.
Now as long as your site loads with the https without bringing up any browsers warnings, you’re pretty much fine. However, you might not have a little green lock for your icon. Now on the contact page here at Randy’s site, we do have this green secure. And ideally it’s nice to have that green secure notation on every single page.
Quite often the website isn’t put together correctly like Randy’s website here and that’s where you can turn to a great tool you can find in Google by typing why not green padlock or why no green lock? You’ll see a couple of different tools.
This one for example I can put in the domain name with the https and check it and it’ll come back and it’ll tell me what’s not secure about the site.
And usually it’s because images have been inserted using http. Now rather than going through all of the images manually to make sure that they’re coded with the http, I like to use a plugin called Better Search Replace that you can download from WordPress.
You just search for it, install it, activate it. Then you’ll have a new section over here on the left under tools, better search replace. And this is where you can begin to look for things that are coded incorrectly. Remember to keep this box checked here while you’re doing your searching. That means it’s not going to make any changes.
You just go here, control A, select all the tables. And you want to search for all references without the www. And I’m going to change those to https with the www. And I’m just going to run a test to see if there’s any that are like that. It goes through its process here and when it’s done, it’ll refresh and it’ll tell me how many cells that were found that need to be updated.
Well I want to change all 20 of those. So I’m going to uncheck that box and I’m going to run it again. Then I’m shown a message that says 20 cells changed and 20 updates. And I’m going to do this one more time. I’m going to search for references to the www without the s and I’m going to replace those all to references with the s.
I’ll actually uncheck this because I want the changes to made. I know that I’ve got that correct and I’m going to do it again, run search and replace. Again it’ll go through the process. Again it’ll refresh when it’s done. But this time it’ll log you out.
Once you do that, log back in. And then at that point you should have a secure green icon on every single page of your site and we do. That’s it. Have an optimal day.
View Comments (6)
Did you need to do 301s for the pages from http to https versions, or did WordPress handle that part automatically?
Nope, this method should auto-301 any inbound traffic.
David I would say, its best to have redirect setup from HTTP to HTTPS version. Also if you have a link which uses HTTP:// on pages you should change them to https.
Also, Submit the updated sitemap to you google webmaster and bing webmaster to index new links.
Good tip on the sitemap... thanks!
Thanks, really useful. Would you recommand Incapsula or Cloudflare for a better speed?
I'd have to say Cloudflare, partly because of it's wide adoption rate among third party software, caching plugins etc. but primarily because I've honestly never used Incapsula. I do like everything about Cloudflare for DNS management, and while I've never heard anything "bad" about Incapsula, I've just never run into a client that uses it, and never been willing to take the leap to an unknown.