How to enable Free SSL, HTTP/2 protocol and CDN

You can get Free SSL (Flexible SSL) from CloudFlare. With that, CloudFlare has added support for HTTP/2 protocol. CloudFlare is a Content Delivery Network, that will optimize the delivery of your web pages so that your visitors get faster load times and better performance.
This is how CloudFlare itself actually works – When a visitor loads your website they’re not actually directly connected to your web server, they’re connected to CloudFlare.
When you enable SSL on CloudFlare, you say “when a visitor is browsing my site, communicate with them over HTTPS/SSL”.

As always it’s broken up into 2 stages:

* Visitor <=> CloudFlare
* CloudFlare <=> Your Web Server

If you transmit secure information over your website, I strongly suggest you install an SSL Certificate on your hosting server. Then you’ll have both directions encrypted, and you’ll be able to select Full SSL on Cloudflare.

Here’s a comparison of different SSL options and description

Here are 7 steps to enable Free Flexible SSL from CloudFlare on a WordPress website:

1. Create an account on CloudFlare.com. Add your website URL. CloudFlare will scan your site and it will give you 2 Name Server addresses.
2. You need to go to your Domain Registrar (where you purchased your domain from, example: Godaddy.com, your hosting provider, etc). In your Domain Registrar, under Domain Settings, change name servers to those 2 Addresses you just got from CloudFlare.
   It will take a few minutes, and your Domain will be propagated to go through CloudFlare. You’ll see a green bar, as below that it was successful.



3. Then click on Crypto button and choose Flexible SSL option. On a free account, it takes up to 24 hrs to issue a certificate. It even tells you that right there.



4. In 24 hrs go to CloudFlare and check if SSL certificate has been issued.
   You’ll see Green sign that says: Active Certificate



If you go to your site’s URL as https, BEFORE certificate is issued, you’ll see this security warning:



5. Go to your Admin panel, such as www.yoursite.com/wp-admin, and install 2 Plugins:
   • Cloudflare Flexible SSL – Activate it.
   • SSL Insecure Content Fixer
Cloudflare Flexible SSL Plugin has no settings, but it will help to fix the redirect loop in WordPress.

Make sure you read Step-by-Step Guide how to enable Cloudflare Flexible SSL.

At no point do you need to change your website’s URL under Settings -> General -> Website Address (URL)

6. Activate SSL Insecure Content Fixer plugin

This plugin will help you clean up your WordPress website’s HTTPS insecure content and mixed content warnings. It will solve most insecure content warnings with little or no effort.
Choose any of the following options. Off-Simple, Widgets, Content, Capture. Choose an option that fits your site best. I chose Widgets, since I had links in my Widgets.



Browse to your website using HTTPS instead of HTTP, such as https://yoursite.com. Your website should load as normal. If it doesn’t, you probably still have certain assets such as CSS or JPEGs that are hard-coded to use HTTP and not HTTPS.

You can test your website for insecure content warnings.

Why No Padlock is a great site for diagnosing certificate problems and logging insecure content. It even goes beyond your website and checks that any links to other sites are also problem free.

Read this helpful Cleaning Up Guide to make a plan of fixing insecure content warnings.

7. Once you have confirmed your website properly loads under HTTPS, you now will want to force all visitors to use it.

This is best done by CloudFlare, and not on your WordPress site. Within CloudFlare go to the Page Rules section for your domain and enter a rule just as shown in the screenshot below:
The rule should be:

http://*yourdomain.com/*

If you decide to have both directions encrypted, enable SSL on your host, and just switch SSL type to FULL at CloudFlare.

You can test any website to see if it supports HTTP/2 protocol here

More about HTTP/2 protocol