If you have a WordPress site behind Cloudflare free account and you want to make your site or part of it accessible over HTTPS you can use free Cloudflare Universal SSL certificate.
Enable SSL on Cloudflare
To enable your site being served over HTTPS from Cloudflare, login to your Cloudflare account, select domain you want to enable SSL on and click on the Crypto page with lock icon, to manage cryptography settings for your website.
On the Crypto page first setting on top will be SSL, where you can switch SSL from Off to one of the three other options available.
There are three options you can use to enable SSL:
- Flexible: Cloudflare will serve site to end users on https, but will communicate with your site over http, in this case you don’t have to install SSL on your site’s server or make any changes on your site, if you are using relative links, where http is not hardcoded in any links.
- Full: Cloudflare will serve end users over https, communicate with your site over https, but will not verify the authenticity of the SSL. In this case you need to install SSL on your site and have your site’s server listen for connections on port 443, but you can use self-signed certificate as it’s authenticity is not verified.
- Full (strict): Cloudflare will server end users over https, communicate with your site over https and will verify the validity of your SSL. As with Full option above you will need to set port 443 for listener and install SSL, but in this case you will need to install a valid SSL containing your site hostname and signed by certificate authority. You do not need to buy SSL for this to work, you can configure Let’s Encrypt SSL or use Origin CA certificates, generated by Cloudflare.
It would be recommended to use Full (strict option) for SSL as it maximizes security of your site data.
You can see all options explained with more details in this Cloudflare support article.
Create Edge and Origin certificates
If you don’t already have SSL with your site hostname listed under Edge Certificates, click on Order SSL certificate button and select Universal SSL (Shared) option. This will be SSL certificate server to visitors of your site by Cloudflare.
To get SSL certificate that will be used for communication between Cloudflare and your site, go to Origin Certificates section of page and click on Create Certificate button. You do not need to create Origin Certificate if you used Flexible option when you enabled SSL or if you already have some other SSL on your web server.
Once you click on Create Certificate you will be presented with Origin Certificate Installation window where in most cases you can just leave default options, after which you will be presented with Certificate and Private key which you need to install on your web server.
Change your WordPress to https URLs
If you have used Full of Full (strict) option when enabling SSL you need to edit your WordPress settings in “Settings » General” and change your WordPress Address (URL) and Site Address (URL) fields to https URL instead of http URL.
You do not need to make this change if you are using Flexible option when enabling SSL on Cloudflare.
If you want to have your whole site being served over HTTPs and not just some subsets of it, like wp-admin or a store page, enable Always use HTTPS option on Crypto page of your Cloudflare account.
If you don’t want to have whole site over https, but only some parts of URL, like example.com/wp-admin, example.com/wp-login.php or example.com/section leave this option Off, and setup redirection to https for those pages either on your web server or in Page Rules page on your Cloudflare account.
To avoid getting mixed content warning in browser when your page is visited over https enable Automatic HTTPS Rewrites option, which will try to rewrite your content from http to https if a link or a reference to a http URL is available over https.
Change to https in webmaster tools
If you are using webmaster tools in Bing, Google or Yandex here is how to notify those search engines about your change to https:
Google doesn’t at this time support http to https change in their Change of Address option, so you will need to add a new property with https URL, and data from http property will eventually change to your new https property.
Go to “Diagnostics & Tools » Site Move” and select “I am moving URLs from one place to another within the current site” and then input your old URL in Source field and new https URL in Destination field.
Add new site address with URL using https and then on the old site with http go to “Indexing » Relocate site” and tick “Add HTTPS” box.