My aim was to make my site more secure and get it SSL Certified with https in the URL. When I found that Google is ranking sites better that have this I thought I should really set this up. I thought enabling SSL would be difficult and expensive but it is actually quite simple and can be free.
Finding a basic SSL certificate to make it more secure and trusted was what I wanted. I didn’t need an advanced one as I do not accept payments on this site.
I first found Comodo SSL to be quite popular at £75.95 from their own website. Then I thought do I really want to pay more for a certificate than my own annual web hosting costs?
I then found Cheap SSL Security who were selling the same product as a reseller for only £3.81 a fraction of the cost!
On Comodo’s website they have a Free SSL option fully functional for 90 days. I was going to try this but then what do I do then? I didn’t want the hassle of changing Certificates and so kept looking further to see if there might even be a free unlimited certificate out there that I could use?
So I stumbled on Let’s Encrypt https://letsencrypt.org/ An Open Source Certification Authority completely free. This was great but then I found out that my web host was not on the listed of supported web hosts.
Just when I was about to give up I found out about Cloudflare. Cloudflare has a number of security tools and services and is trusted by many websites. From the website it doesn’t look obvious they provide a free SSL Cert but they do and it’s really simple to setup for any website. Here is what I had to do to enable it on WordPress.
- Create account with Cloudflare
- Enter domain and change nameservers on your domain to the Cloudflare ones
- Install Simple SSL plugin in wordpress
- Activate plugin
- The plugin did not detect an SSL certificate on the website (probably because it is going through Cloudflare DNS)
- At the top of the plugin page there was a button to Force SSL
- SSL was now enabled but not working properly. I had to clear cache in Total Cache. If you are using a caching plugin then I would do this too. Performance > General Settings > Click Toggle All Caches On/Off (at once) at the top> Click Save and Purge Caches.
- I accessed my site from https://1iq.uk and it was working in Vivaldi browser but not Chromium. In Chromium I got the i Icon which meant partially secure. Then I had to clear all browsing history and refresh it after 10 mins. I had the green SSL padlock on all pages and the http urls auto redirect to https automatically.
- Some images on the homepage were displaying as blank. To fix this I repeated steps 7 and 8 a few times and it is now all working OK.
After a few hours of searching and testing I have made my site secure, achieved better SEO, improved performance with Cloudflare DNS and I can add more domains if required, all for free.