Move WordPress Website from HTTP to HTTPS using Cloudflare Flexible SSL

Why should you move a website from HTTP to HTTPS? I also had the same question. There was a good discussion going on Shoutmeloud forum on the same topic.

Is there any advantage?

Below is the excerpt from the discussion,

HTTPS provides many KEY features:-

  • Speed is a ranking factor and having HTTP/2 is possible after switching to HTTPS. It is much faster than traditional HTTP/1.1. Ref: See live here http://www.httpvshttps.com/
  • Website gets Secure Badge instead of the non-secure warning.
  • Data security due to encryption.

 

shoutmeloud forum discussion http https

Troy Hunt also wrote a good article Don’t Take Security Advice from SEO Experts or Psychics pulling the leg of Neil Patel. In this article, he clearly explained the advantage of https and why you should move your site to https.

HTTPS provides a secure connection between the user and web server. It actually encrypts data movement, so no one can intercept it in between. Everyone cares about security considering virus attacks happened in recent time. You may lose visitors if they see non-secure on your site.

This is how internet browser like Google Chrome, Mozilla shows not a security warning.

Your Connection to this site is not secure. You should not enter any sensitive information on this site(for example, passwords or credit cards), because it could be stolen by attackers.

chrome brower not secure warning

Google considers https as a light ranking signal as per this Google Official Blog. Your Blog may get a small boost in your ranking, but don’t expect it to reach on the first page without good content. At least it can beat your nearest competitor and move someplace ahead in Google SERP.

Next question you may have… How? How much it costs?

You need SSL Certificate and those are not free. I am on a Hostgator shared server. So to get SSL I have to buy static IP and then SSL. Mine is simple Blog, I don’t want to invest an amount in this. But also I do not want to lose my reader because Google Chrome showing my site as non-secure.

So what are my options? Is there any free SSL which I can use on the shared server?

Cloudflare provides Flexible SSL and it’s free. But there is a small catch here. It is not 100% secure. If you are not aware, it works like this,

When a user enters your web address, it hits Cloudflare server first and then Cloudflare connects to your actual web hosting server. In Flexible SSL, the connection between a user and Cloudflare Server is secure while connection from Cloudflare to your web host is non-https.

It does not matter for someone like me who is running a simple technical blog, but for e-commerce site involving sensitive information exchange, do not depend on this Cloudflare Free SSL.  You should opt for proper SSL certificate.

Below is the list of SSL certificate providers,

  1. Comodo SSL
  2. Go Daddy
  3. Hostgator
  4. Blue Host

Check with your hosting providers, they also would probably have SSL service.

Difference between HTTP and HTTPS?

  • HTTP – It is a protocol by which your web browser interact and sends data from the server
  • HTTPS – It actually the same protocol only here information is encrypted so that no one can intercept it

 

Read this article instantssl to know about https and https in details.

Now let’s see how to enable Cloudflare SSL for a WordPress site.

Step 1: Backup site

Backing up your site is most important activity. I hope you are already taking backup of your site. If not, just go ahead and take a full backup. You need it to restore your site if anything goes wrong. Updraftplus Plugin and Google Drive is best available option to take back up of WordPress blog.

Step 2: Connect site to Cloudflare

Cloudflare provides Content Distribution Network(CDN), Web Optimization service, DDoS, WAF and SSL service. You should connect your site to Cloudflare in advance so that it will be served from Cloudflare network.

Step 3: Enable Flexible SSL

Now login to Cloudflare and open dashboard. Click on Crypto Menu Bar and select Flexible SSL as shown in below image.

Select flexible SSL

It may take up to 24 hours after the site becomes active on Cloudflare for new certificates to issue, but it happens quick. Status turns green when certificate becomes active.

Step 4: Install CloudFlare Flexible SSL Plugin

You need to install CloudFlare Flexible SSL Plugin. This plugin is required to prevent infinite redirect loops when loading WordPress sites, else you will get err_too_many_redirects error in the browser.

Cloudflare Flexible SSL Plugin

Step 5: Add Always Use HTTPS Cloudflare Page Rules

Go to Cloudflare dashboard and click on Pagerule menu. Add page rule as shown below. This converts normal HTTP URL to HTTPS so that you do not lose any traffic.

add always use https rule

Now migration is complete. Just open your site in any browser to see if it is having https in URL. If you see an error like Your connection to this site is not fully secure, then you need to change all URL to https. This happens because your site is old and some of the images, CSS is served over HTTP protocol. You can change this by updating all this URL. Manually it is not possible so you can use Better Search and Replace WordPress Plugin.

Step 6: Update old URL to HTTPS

Download WordPress Better Search Replace plugin and install it. This plugin helps you to Search and Replace some text in your website database. This is a really good plugin which allows you to do a dry run without changing anything which is advised before doing it.

Note: Please take a backup before running this. 

Better Search Replace Demo Page

Enter the text you want to search for and replace with. Check above image. We are going to replace HTTP version URL with HTTPS version URL. Click on Run as a dry run before actually doing the replace. This gives you an idea how many tables are going to get updated. Check below image.

better search result

Now uncheck Run as dry run and click Run Search/Replace buttons to replace all occurrences. If your website is big, you can select one table at a time and do a replacement if you face any issue with this plugin.

Step 7: Add HTTPS property in Google Seach Console

Google treats HTTP and HTTPS as the different sites. So you need to add new https property to Google Search Console. No need to delete the old one. Submit new XML sitemap as well. Google will take some time to index your new property.

Tha’s it. You are now on secure connection and I hope this will also help you to boost your ranking little bit on Google Search Console.

Related Post

One Comment

Comments are closed.