Website Design Orlando

Responsive-Mobile design by Irina Blumenfeld

  • About
  • Services
    • Website Design
    • Local SEO
    • Digital Marketing
    • Website Care
  • Projects
  • Testimonials
  • Articles
    • Speaking
    • Tutorials
    • Resources
  • Support
  • Contact
  • Twitter
Home / Tutorials / How to enable Free SSL, HTTP/2 protocol and CDN

How to enable Free SSL, HTTP/2 protocol and CDN

Updated: February 5, 2019 //

You can get Free SSL (Flexible SSL) from CloudFlare. With that, CloudFlare has added support for HTTP/2 protocol. CloudFlare is a Content Delivery Network, that will optimize the delivery of your web pages so that your visitors get faster load times and better performance.
This is how CloudFlare itself actually works – When a visitor loads your website they’re not actually directly connected to your web server, they’re connected to CloudFlare.
When you enable SSL on CloudFlare, you say “when a visitor is browsing my site, communicate with them over HTTPS/SSL”.

With Flexible SSL enabled, CloudFlare will talk to your visitors over SSL, but will talk with your web server over non-SSL.
This means that the whole communication channel is not 100% SSL.

As always it’s broken up into 2 stages:

* Visitor <=> CloudFlare
* CloudFlare <=> Your Web Server

The difference now is that with Flexible SSL, the first stage is encrypted.
It’s not ideal, but it’s probably better then no SSL at all.
If you transmit secure information over your website, I strongly suggest you install an SSL Certificate on your hosting server. Then you’ll have both directions encrypted, and you’ll be able to select Full SSL on Cloudflare.

Here’s a comparison of different SSL options and description

SSL options on CloudFlare

Here are 7 steps to enable Free Flexible SSL from CloudFlare on a WordPress website:

  1. Create an account on CloudFlare.com. Add your website URL. CloudFlare will scan your site and it will give you 2 Name Server addresses.
  2. You need to go to your Domain Registrar (where you purchased your domain from, example: Godaddy.com, your hosting provider, etc). In your Domain Registrar, under Domain Settings, change name servers to those 2 Addresses you just got from CloudFlare.
    It will take a few minutes, and your Domain will be propagated to go through CloudFlare. You’ll see a green bar, as below that it was successful.
  3. Active on CloudFlare

  4. Then click on Crypto button and choose Flexible SSL option. On a free account, it takes up to 24 hrs to issue a certificate. It even tells you that right there.
  5. SSL Authorizing

  6. In 24 hrs go to CloudFlare and check if SSL certificate has been issued.
    You’ll see Green sign that says: Active Certificate
  7. Active SSL Certificate

    If you go to your site’s URL as https, BEFORE certificate is issued, you’ll see this security warning:

    Connection not private

  8. Go to your Admin panel, such as www.yoursite.com/wp-admin, and install 2 Plugins:
    • Cloudflare Flexible SSL – Activate it.
    • SSL Insecure Content Fixer
  9. Cloudflare Flexible SSL Plugin has no settings, but it will help to fix the redirect loop in WordPress.

    Make sure you read Step-by-Step Guide how to enable Cloudflare Flexible SSL.

    At no point do you need to change your website’s URL under Settings -> General -> Website Address (URL)
  10. Activate SSL Insecure Content Fixer plugin
  11. This plugin will help you clean up your WordPress website’s HTTPS insecure content and mixed content warnings. It will solve most insecure content warnings with little or no effort.
    Choose any of the following options. Off-Simple, Widgets, Content, Capture. Choose an option that fits your site best. I chose Widgets, since I had links in my Widgets.

    Insecure Content Fixer Plugin

    Browse to your website using HTTPS instead of HTTP, such as https://yoursite.com. Your website should load as normal. If it doesn’t, you probably still have certain assets such as CSS or JPEGs that are hard-coded to use HTTP and not HTTPS.

    You can test your website for insecure content warnings.

    Why No Padlock is a great site for diagnosing certificate problems and logging insecure content. It even goes beyond your website and checks that any links to other sites are also problem free.

    Read this helpful Cleaning Up Guide to make a plan of fixing insecure content warnings.

  12. Once you have confirmed your website properly loads under HTTPS, you now will want to force all visitors to use it.
  13. This is best done by CloudFlare, and not on your WordPress site. Within CloudFlare go to the Page Rules section for your domain and enter a rule just as shown in the screenshot below:
    The rule should be:

    http://*yourdomain.com/*

    Cloudflare page rules

And that’s it. Now you’ll have SSL and HTTP/2 protocol enabled, plus you’re getting the performance benefits from CloudFlare – Content Delivery Network.

SSL active

If you decide to have both directions encrypted, enable SSL on your host, and just switch SSL type to FULL at CloudFlare.

*Update* I enabled Let’s Encrypt certificate on my host and changed SSL type to Full on CloudFlare.

You can test any website to see if it supports HTTP/2 protocol here

More about HTTP/2 protocol

5/5 (5 Reviews)

Recent Posts

baseline-JPEG

How to fix slow loading images

Over the last 5 years the size of an average web page gradually increased, and so did the sizes of images used. Average page size[Read More…]

https

Why you should migrate to HTTPS

*Update: Last week Google’s Security blog announced that new versions of Google Chrome browser, starting in July 2018 will be marking websites without HTTPS connection[Read More…]

Launch website

10 Steps To Do Before Launching Your WordPress Website

Are you planning on launching a new site? Do you want it to be successful? It’s important to take certain steps in order to make[Read More…]

About Irina Blumenfeld

Web Consultant, empowering business owners through WordPress. Passionate about Web Performance.
Follow on Twitter

Comments

  1. Group Of Oceninfo says

    November 17, 2016 at 9:00 pm

    *your-domain.com* it’s no more available you have to use http://www.your-domain.com or http://www.your-domain.com/*

    • Irina Blumenfeld says

      November 19, 2016 at 1:10 pm

      Thanks for your comment. I updated it.

Categories

  • Resources (5)
  • Speaking (14)
  • Tutorials (17)

More Articles

  • WordCamp Orlando 2019
  • Stand Out In Search Results
  • How To Make Your Site Stand Out In Search Results
  • Speeding Up WordPress
  • WordCamp Jacksonville 2018
  • WordPress Orlando Gutenberg Meetup
  • WordCamp Miami 2018
  • Steps to do before launching a WordPress website
  • 10 Steps To Do Before Launching Your WordPress Website
  • Why is my WiFi so Slow? Best ways to Fix Slow WiFi at home
  • WordCamp Orlando 2017
  • How to hide author username in Beaver Builder Posts Module
  • How to fix slow loading images
  • Best Practices For Faster Websites
  • Plugins
  • WordCamp Orlando 2016
  • How to add star rating in WordPress
  • Make WordPress website faster in 3 steps
  • Migrate WordPress to HTTPS
  • Why you should migrate to HTTPS
  • WordCamp Jacksonville 2016
  • How to disable Emojis in WordPress
  • WordCamp Miami 2016
  • How to remove query strings from static resources
  • How to enable Free SSL, HTTP/2 protocol and CDN
  • Improve Your Website Performance
  • List of resources to speed up your website
  • 10 ways to speed up your website
  • Benefits of HTTP/2 Protocol
  • How to add custom post types to a Widget
  • Add previous/next links on single page of custom post type in Genesis
  • How to add text “Menu” next to Hamburger Icon
  • About
  • Services
  • Projects
  • Testimonials
  • Articles
  • Support
  • Contact
  • Twitter

Copyright © 2023 · Netmagik.com · All Rights Reserved · Privacy Policy · Disclosure · Sitemap
WordPress hosting by SiteGround
Tools We Recommend

Twitter Facebook Linked In Github Codepen