How to set up SSL on your WordPress site (with Cloudflare and WHM)

Written by Sam

On January 8, 2019

As always, it pays to take a full backup of your site before doing this sort of stuff.

NOTE: If you already have an SSL certificate installed on your hosting you can just skip down to Stage 2.

STAGE 1 – Get your Cloudflare SSL certificate and install it.

So there are a bunch of different ways to implement SSL and often your host will supply an SSL certificate with your hosting account. But if that’s not available to you then there is a a free and easy way to do it using a Cloudflare account. And did I mention it’s free!

DISCLAIMER: there are other ways to do this, but this one works flawlessly for me. Some things that I use a little plugin for you could do another way, of course. It’s the internets.

So… to get things underway you’ll need to setup your site to run its DNS through Cloudflare.

This is a simple process, you just need access to your website’s Domain Name Nameservers.

Firstly, go to Cloudflare and if you don’t already have an account, create one. If you already have one then just select ‘Add site’.

Enter your website address and click Add Site.
You’ll see a message saying “We’re querying your DNS records” – just click NEXT.

I fond the FREE plan to absolutely sufficient for my needs. Your milage may vary but why not start with free?

Cloudflare will then query your existing DNS records to see if it can find anything. If you already have a website up and running then after a few seconds it should come back showing all of your existing records. If there’s anything missing you can add it now (or later) but we won’t go into that right now.

Whatever your nameservers are currently will be displayed on the left… mine happened to be with InMotion Hosting.

What’s important is are the ones on the right. They’re the ones you’ll want to use from now on.

Change your nameservers.

That’s not a sub-title… Go ahead and change your nameservers.

Now here’s the bit I can’t really write up a ‘how-to’ for – because there are so many different domain providers out there.

If you don’t know how to do it, try clicking the ‘I need help changing my nameservers’ link on this screen. It has info on how to do it on 4 at 4 of the big providers, and some additional generic info.

You could also check the Help section at your domain provider’s website. It will defonitely have info on how to change nameservers… and if it doesn’t then you should really transfer to a new DNS provider.

Once you’ve clicked CONTINUE (you can do it right away) you’ll be taken to your website’s Cloudflare page. There’s also additional info here on how to do the above…

Cloudflare do say to check back in 24 hours but I’ve found that it’s almost always a lot quicker than that. And they’ll send you an email as soon as they have picked up the new nameserver settings.

When you get that email go back to Cloudflare and you should see something like the below. Click on Crypto.

 

Scroll down to Origin Certificates and create a new certificate.

You can leave everything as it is. You are able to select a ‘term’ – I usually pick 15 years because it’s quite a long time and I imagine things will have changed re WordPress / SSL / Cloudflare some time before it expires ๐Ÿ™‚

Log into your website hosting account.

In the example below I am logging into a WHM account – I’ll try to provide regular cPanel info in the next few days…

Copy your Origin Certificate from Cloudflare and paste into the ‘Certificate’ field.

Copy your Private Key from Cloudflare and paste into the ‘Private Key’ field.

And here’s the oddly-hard-to-find-information….

Follow this link to get a copy of the Cloudflare Origin Certificate (grab the first RSA one):ย https://support.cloudflare.com/hc/en-us/articles/218689638-What-are-the-root-certificate-authorities-CAs-used-with-CloudFlare-Origin-CA-

and paste it into the “Certificate Authority Bundle” field and save.

Now we’re done with the tricky bits and can head over and configure your WordPress site for SSL / HTTPS. Make it secure!

 

Stage 2: Setup SSL on your WordPress site

Login to your website and add a new plugin – Really Simple SSL. Activate it.

You’ll see the screen below after activation.

Go back to your Cloudflare account, select ‘Crypto‘ at the top, and change the first setting to ‘Full – Strict’.

Then, back on your site, click the ‘Reload over https’ button.

This will log you out of your website – just log back in.

Now we need to make sure everything is set to load over https, and we start that by running Really Simple SSL, then a quick Search and Replace (which we’ll get to in a second.)

So once you’re logged you’ll see the below… Go ahead and click the big blue button!ย ย 

Next go to Settings > SSL – and don’t worry if you get logged out in-between. Just log back in. You should then see this:

Next go to Settings > SSL – and don’t worry if you get logged out in-between. Just log back in. You should then see this:

(I tend to enable 301 redirects in htaccess here)

Now we need to tidy things up a bit. Go to Plugins > Add New and search for ‘Better Search and Replace’. Install and activate it.

Now go to Tools > Better Search Replace.

Here we are going to search your website’s database for any of the old http:// references and change them to https://

The great thing about this tool is that you can do a dry run by leaving the box at the bottom ticked.ย 

In the ‘search for’ box put your website address, including the http:// at the beginning.

In the ‘Replace with’ box put your website address with https:// at the beginning.

Select all of the table (click the first one, hold your SHIFT button on your keyboard and lick the last one. They should all be highlighted.)

Tick Replace GUIDs… and RUN. (It takes a minute or two.)

You should see something like this afterwards… but your numbers will be different ๐Ÿ™‚

At this point I tend to go back to Cloudflare as there are a couple of other settings that I change…

And that’s it!

Your website is now secure.

Remember to change any references to the old address that you have you out there in the interweb. Particularly you’ll want to make sure that your Google Analytics is changed to point to https… But that’s another article for another day – or you can just google how to change it ๐Ÿ™‚

DISCLAIMER AGAIN: there are other ways to do this, but this one works flawlessly for me. Some things that I use a little plugin for you could do another way, of course, and others may suggest alternative methods. That’s OK, itโ€™s the internets.

You may also be interested in…

Maintaining your WordPress site

Maintaining your WordPress site

Do you find it hard to stay on top of your website requirements; Wordpress updates, theme updates, plugin updates, spam, etc etc? Have you ever run a little update, and then realised something went wrong. Maybe it's a plugin conflict? Maybe a hosting issue? Maybe your...

Divi Text Module loses formatting

Divi Text Module loses formatting

Over the last wee while we've come across a small issue with Divi and some hosting providers that can create a massive headache.The issue is that, after saving a page, all of the line breaks are removed from Text Modules (the <p> and <br> HTML tags are...