Ads Top

Free SSL Certificate for WordPress

Secure the traffic on your WordPress website with a free shared SSL certificate from Cloudflare.

In this article, we’ll dive into SSL (Secure Sockets Layer) for WordPress websites, learning what it is, why it’s important, the different variations of SSL, and how to enable it for free on your WordPress website.

What Is SSL?
SSL is a “cryptographic protocol” which protects and secures data being transferred through a computer network; this transfer of information occurs between a website or online application and a visitor. If your website transmits and collects credit card information, you’re actually required by law to have an SSL connection in place; even if you don’t collect sensitive information through your website, it’s generally a best practice to have SSL in place.

As a website visitor, the easiest way to determine if your connection to a specific site is encrypted using SSL is that you’ll see a green lock on left side of the navigation bar in your browser. In addition, the URL will begin with “HTTPS” (Hypertext Transfer Protocol Secure), instead of “HTTP”. When sending information through a website or application that has SSL enabled, that data is encrypted, and snooping or hijacking by bad actors is prevented before reaching its final destination; typically the final destination for securely transmitted data via SSL is the server which hosts the website or application.

After the information has been successfully sent to the server, it uses a key to decrypt the data and complete the transaction. The keys used to encrypt and decrypt data are uniquely created for each connection a visitor initiates with the website or application, and is based on a shared secret, negotiated at the start of each website session; that shared secret is called a “handshake”.

Historically, it was only mission critical websites that required high levels of security, such as banks and government agencies that utilized SSL. Today, SSL is widespread and highly encouraged by Google as a tool to boost your SEO, protect the transmission of data across all Internet assets, and build trust in your website visitors.

How Do I Enable Free SSL on My WordPress Website?
Cloudflare, the performance and security company, has recently launched a WordPress plugin which allows you to enable Cloudflare’s free plan with optimizations that are purpose-built for your WordPress website. Cloudflare’s free plan provides a flexible SSL certificate for your WordPress website, along with basic DDoS protection and performance improvements. For an even faster and more secure website, you can upgrade within the plugin to a higher-tiered plan.

The Benefits of Cloudflare Include:
1-Click default WordPress settings
Shared SSL certificate
Limited DDoS protection
Global CDN
Protection against WordPress-specific vulnerabilities (paid plans only)
Unlimited bandwidth usage
What Are the Differences Between Flexible SSL, Full SSL, and Full SSL (Strict)?
You’ll notice in your Cloudflare dashboard that there are multiple options for enabling SSL on your WordPress website. Using the “1-Click Default Settings” option found in the instructions above, you’ll automatically apply “Flexible SSL” to your WordPress site. Below is an explanation of the three different types of SSL offered by Cloudflare.

Flexible SSL
Free SSL for WordPress
Enabling Flexible SSL on Cloudflare creates a secure connection between your visitor and Cloudflare, but not a secure connection between Cloudflare and your website or application server. With Flexible SSL, you’re not required to have a SSL certificate on your web server, but your visitors still see the site as being “HTTPS” enabled.

Full SSL

Full SSL creates a secure connection between both website visitors and Cloudflare, as well as Cloudflare and your web server. You’ll need to have your server configured to answer HTTPS connections by having a self-signed certificate. To enable Full SSL, the authenticity of the certificate is not verified from Cloudflare’s point of view.

Full SSL (Strict)

Full SSL (Strict) creates a secure connection between your website visitors and Cloudflare, and a secure and authenticated connection between Cloudflare and your web server. The difference between Full SSL and Full SSL (Strict) is that the SSL certificate on your server must be valid, signed by a certificate authority, have a expiration date, and respond for the request domain name.

How to Install Cloudflare's WordPress Plugin
1. To download the Cloudflare plugin into your WordPress admin panel, please visit:

2. Once you’ve installed the plugin, you’ll need to activate it through the WordPress plugin panel.

3. If you're upgrading from the old plugin, and had previously inputted your API Key, you'll be automatically logged in after updating the plugin. If this is the first time you're installing Cloudflare's WordPress plugin, navigate to the plugin settings in your WordPress admin panel after activating, and input your Cloudflare username and API key; to find your API key, follow these instructions. If you do not already have a Cloudflare account, you’ll see the option to create one.

4. After successfully logging into the plugin, the first setting you’ll see at the top of your dashboard is “Apply Default Settings”. Clicking “Apply” will enable specific Cloudflare settings, optimized for the WordPress platform. These settings can be found here.

5. Once this setting has been applied, that’s it! Your WordPress website is now protected against DDoS attacks and is on the Cloudflare network. You’ll also begin to see improved website load speeds, bandwidth savings, and protection against hackers, spammers, and bots.

1 comment:

Powered by Blogger.