Step by Step Guide To Secure A Website Using Cloudflare FREE SSL (2 Ways)

Google has finally released chrome 68 which has come with a NOT secure warning on all websites without an ssl installed. The decision was made to better security on the internet users. Those that visit your website and you. Only the google chrome browser has over 1billion active users.

So, if you’re simply looking on how to remove the not secure warning on google chrome browser or showing a green secure note with https in chrome, Mozilla, internet explore or any other browser, this guide is for you. I am going to share with you two awesome ways to install a FREE ssl certificate on your website.

We will be using cloudflare cdn infrastructure and I take you through all the steps. Forget about the good old ways of installing an ssl on your website where you were required to buy an ssl certificate itself and also get a dedicated IP for your server. (Both these would atleast cost you USD 60 per year).

In this article, I will show you in 5 minutes each step on how to move your site from not secure (http) to secure (https) without spending a penny.

Fix Not secure in chrome
Fix Not secure in chrome

Backgroud

Cloudflare is a content delivery network (cdn) whose main purpose is to serve your website content to your site visitors using their nearby infrastructure call them servers to your site visitor worldwide. This reduces the amount of time the visitor has to request and receive information from your website. This is because, Cloudflare dns serves your website content to your visitors from their nearest location instead of actually sending requests to your web host or actual web server to your website.

I have been using cloudflare ssl feature to secure a number of websites for years now I and have never been disappointed by their service.

How to Install a Free SSL using Cloudflare

Like I mentioned earlier, I will show you two different ways to install an ssl on your website using cloudflare. Both methods are cost free and easy to setup in just five minutes. Lets start to move your site from NOT secure to secure.

Method One: Installing  Cloudflare Free SSL on WordPress Websites

This is a basic and pretty simple, easy and straight forward method to add https to your website.

In brief, you’ll 1. Sign up to Cloudflare, 2. Select the free plan, 3. Add your domain, 4. Select flexible ssl option, 5. Install and activate cloudflare flexible plugin, 6. Install WordPress HTTPs plugin, 7. Configure the Cloudflare page rules, 8. Change wordpress site address, 9. HTTPs is now Enabled

Step1: Signup for Cloudflare free account.

select cloudflare free plan
select cloudflare free plan

Step 2: Add your site domain to Cloudflare.
Here, cloudflare will go and look at your dns configuration. (remember to select the free version)

adding site to cloudflare
adding site to cloudflare

Cloudflare will at this point query and fetch all settings from your dns provider. This will include the A records and IP addresses.

cloudflare querying dns records
cloudflare dns query results
cloudflare dns query results
switching nameservers
switching nameservers

Step 3: Change / Point Your Nameservers to Cloudflare.
You will have to switch the namerserver / ip address from you domain registrar and point the ones provided my cloudflare. These nameserver should look familiar to these: leia.ns.cloudflare.com and zeus.ns.cloudflare.com.

update nameservers from your domain registrar
update nameservers from your domain registrar

DNS modifition may take a few minutes to hours (24). This process updates the newly assigned nameservers (cloudflare nameservers) in your domain registrar account. This update sometimes it takes about 10mins for me however, it may also take several hours.

Step 4: Select the Flexible ssl option under the cypto settings tab from drop down

cloudflare flexible ssl active
cloudflare flexible ssl active

Step 5: Install and activate Cloudflare flexible plugin by iControlWP

In your WordPress dashboard, navigate to plugins, add new plugin – search – install and activate Cloudflare flexible plugin by iControlWP.

Step 6: Install, activate and configure WordPress HTTPs plugin

Step 7: Configure Cloudflare page rules

Once your nameservers update you’ll see a green bar in your Cloudflare account for that specific domain. Now, one more thing to do is to configure the page rules settings.

Head to Cloudflare tools tab under that specific domain, at the top select page rules, Select always use HTTPs and then add your domain name as the page rule in between two asterisks, finally, click add rule.

setting cloudflare always https page rule
setting cloudflare always https page rule

Step 8: Change Your WordPress site address

wordpress site address
wordpress site address

Step 9: HTTPS is now Enabled

site now secure and https working fine
site now secure and https working fine

Congratulations !! You now have your WordPress website secured.

You may also like: How To Design A Website Without Writing A Single Line Of Code

Method Two: Installing Cloudflare SSL on Non WordPress Websites

Step1: Signup for Cloudflare free account

select cloudflare free plan
select cloudflare free plan

Repeat Step 2 – 3 Add your site to Cloudflare & Change / Point Your Nameservers to Cloudflare (See in method One)

Step 4: Configure Always HTTPS

Once your nameservers update you’ll see a green bar in your cloudflare account for that specific domain. Now, one more thing to do is to configure the Crypto settings.

Locate up on the Cloudflare tools bar, select the Crypto options, scroll way down to Always HTTPS and turn it on.

always https under crypto
always https under crypto

Step 4: Reload your website.
At this step, your website will show secure from the browser and it will indicate https installed and working fine.

At this step, you have managed to enable a secure version of your website. However, let’s let’s take it abit deeper and more secure with A+ bank level security using Cloudflare.

Step 5: Enable Bank Level Security
Still under crypto tab, scroll down to HSTS, turn it on, also, enable it for sub domains, turn on preloads, also turn on the notice sniff header.

Step 6: Request HSTS preloader Inclusion

Next, head to HSTS preloader website (https://hstspreload.org/) to request for inclusion in the preloader. Then enter your domain including https. (https://mywebsite.com). Accept and submit.

Now, still under Crypto tab, go step up the minimum TLS version. Defualt is 1.0 but you will have to set this to 1.2 which is a stronger implantation of transport layer security.

Next is will enable the lastest version of TLS protocol for improved security and performance. Still under Crypto, Head down TLS 1.3, and under drop down, select Enabled-ORTT.

Step 6: Fix Insecure Content browser error.

Head back to Cloudflare crypto tab, scroll down and locate Automatic HTTPS Rewrites and turn it on.
So here, cloudflare will force any un secure content on your website to be secure. Everything will be redirected to HTTPS.

Step 7: Enable Full SSL Strict

This will Encrypt All Traffic from Browser, Cloudflare and Website Server.

Follow this video step by step and see how to enable full ssl strict via cloudflare, generating and installing an ssl from cloulflare to your web server.

Video by Troy Hunt.

Congratulations !! You now have your non WordPress site running on HTTP(S)

In Closing

Let me know in the comments sections if this was of help. Any step that you need further clarification?. I’m pretty sure this guide will help you remove the not secure warning in the browser but more so, to secure your website. You may try accessing your website on different browsers just to make sure that all is working as required.

Join 3,641 other subscribers

Reccomended

Blue Host is one of the oldest web hosts and the official “WordPress” recommended hosting provider.

Elementor is the #1 WordPress Page Builder with over 1,000,000+ active users and the one we use.

Kwehangana Hamza

cms-africa-kigali

I am a digital content designer and publisher working with a top digital agency in Kampala, Uganda. I started blogging out of my passion for learning & sharing.

Through this blog, I share tech and digital tips i’ve uncovered and hoping they be of great value to you.