Dave McCourt thinks some thoughts...

Using HTTPS with WordPress and CloudFlare

Posted in: Technical, WordPress

Securing your site with an SSL certificate is a good thing. It encrypts traffic to and from your site which is great if you are collecting any kind of data from visitors – and it also secures your WordPress Admin area. Google now prefers sites with SSL too.

Getting this set-up can be tricky but thankfully CloudFlare makes this really easy. Once you have bought your SSL and got it in place on your server, the next steps are:

  1. You need to update the URLs that WordPress uses. The easiest way to do this is in PHPMyAdmin so you don’t get locked out of the WordPress Admin. In the options table, update the siteurl and home options to be prefixed with https. They may have different option_ids so you may need to look for them.
  2. Login to CloudFlare and under Crypto change the SSL mode to Full (Strict)
  3. Next add the following page rules to force https. The last one adds some extra security to the WordPress login page.
  4. Back to WordPress and install and activate the CloudFlare plugin. You just need to add your site domain and your CloudFlare API key.
  5.  Install and activate the SSL Insecure Content Fixer plugin.

Your site should now work over https and should automatically redirect from http.