Today, we are going to tell you about getting free HTTPS on WordPress site without any errors or mixed content warnings, so that you can get that Green Padlock without any problems.
So, firstly let’s see what are we going to discuss in this article:
- What do you need (and what you don’t)
- Setting up CloudFlare to use free SSL
- Solving mixed content warnings which stop green SSL padlock from appearing
- Setting up HTTPS redirects safely using CloudFlare page rules
- Replacing http version of the site to https on Google Webmaster Tools
But before getting into the list, you should know a bit about SSL and its advantages:
What is SSL?
(Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.
And, What is HTTPS then?
HTTPS is the protocol used to transmit all the data from the webserver to the browser securely using SSL.
Advantages of Using HTTPS/SSL on your site:
There are several reasons for why you should use Https on your site.
- Makes your site more secure
- Google ranks https sites higher in search results, so better SEO.
- Modern SSL can make your site faster, actually about 2× faster.
- Shows up a green padlock in browser’s address bar, which is a symbol of trust for users
- WordPress 4.7 will have some new features which only HTTPS sites can use, so you will get to use those new features too.
And so that is why, you are advised to move your site to HTTPS asap.
Now let’s get into our list, and discuss about steps to enable https easily on WordPress.
What you need?
To get SSL for free, you need:
- A self-hosted WordPress site
- Free CloudFlare account configured and working with your site
- There is no 4th thing 🙂
What you do not need:
- Much time
- Technical knowledge
- Let’s Encrypt free SSL certificate
- Any plugin for enabling HTTPS redirects
So, now you know what you need, so let’s get that green padlock 😀.
Setting up CloudFlare
To setup Flexible SSL, just follow these steps:
- Login to CloudFlare
- Go to Crypto options (with a Padlock symbol)
- In the very first option, select Flexible SSL (it might be already selected)
Now check out your site’s HTTPS version by going to https://yousite.com (of course you have to replace yoursite.com with your own domain😜).
Chances are that your site will not be rendered properly, it might look ugly and stripped off styling. Also it might be without the SSL padlock. Don’t worry, we will solve it too in the next Mixed content section. So you can just follow the steps.
Getting rid of mixed and insecure content
For this, you will have to use 2 things:
- CloudFlare’s own mixed content fixer
- A free plugin SSL Insecure Content Fixer.
Go to your CloudFlare dashboard, and then click Crypto option.
Then scroll to the end of the option list and find Automatic HTTPS rewrites option.
Now, you have to just switch it ON to solve most of your insecure content over HTTPS.
Then, you can again check the https version of your site. There will be some improvements.
If each and everything is working perfectly, all images and icons are loaded, plugins, CSS and JS seem fine, then you should skip the next part(using a plugin) as now you don’t need it.
Using SSL Insecure Content Fixer plugin
So, we are going to use this plugin to fix the remaining insecure content. If you tried CloudFlare HTTPS rewrites, and it didn’t solve the problem completely, then using this plugin will surely solve it, and give you the green padlock you have always wanted 💚.
Recommended settings are to set it to Simple but here we use it at Widgets mode without any issues.
Setting up redirects to HTTPS version of your site safely
While you will find many articles on the web telling you to setup HTTP 301 redirects by editing your .htaccess file, but this isn’t safe. Also, it often results it infinite redirect loops and you could be locked out of admin panel too.
Also, you would be thinking to change the WordPress home and Site URL from Settings>General but you should never do this. It is neither necessary nor safe.
So, we will setup a redirect using CloudFlare page rules so that if any visitor requests your site by http URL, the URL will be rewritten in HTTPS version automatically. You can check it on our website, by going to http://protechtips.cf .
Get More Tips and Hacks in your inbox!
Fill it up, you will not regret 😊
(Viewing an AMP and can’t see email form, go to top, click More>Get ProTechTips by email)
So, for this to happen, you will have to follow steps below:
- Go to your CloudFlare dashboard
- Now, go to Pagerules settings(with a funnel icon)
- Create a page rule for URL http://yoursite.com/* and set the rule to Always use HTTPS.
Now, just save and deploy the page rule, and test your site.
Adding https version of your site to Google Webmaster Tools
Basically, you will not be replacing the old http site with the new https one, and also there is no way to change the address of site on Google Webmaster Tools. So, you can create a new property with https address of your site and let the old one keep working with redirects. Very soon, google will automatically know about the https version of your site by your redirects and your new https property will get crawled successfully. To speed it up, you should also submit an XML sitemap of your https site.
So, that was all for this post. Hope you liked this post. If you have any suggestions, ideas or queries, please post it here in comments. Also, don’t forget to subscribe ProTechTips by email to get notified about upcoming posts!
Keep Visiting, Get Techy.