WordPress in HTTPS in 2 steps and without SSL certificate

In this tutorial you will learn how to switch your WordPress site to HTTPS without having to buy an SSL certificate, use a free SSL certificate (Let’s Encrypt), or even bother installing a self-signed SSL certificate. You won’t even need technical skills !

1. Create an account on Cloudflare

Cloudflare is a service that speeds up the display and increases the security of a website. It is both a CDN (Content Delivery Network) and a reverse proxy. It is a service I use a lot and highly recommend.

Go to the Cloudflare website, create an account and follow the steps to add your website.

Creating a Cloudflare account
Creating a Cloudflare account

You can limit yourself to the free version, which is more than enough for your needs.

At the end of the registration process, do not forget to change the nameservers of your domain name to those given by Cloudflare.

2. Install the Really Simple SSL plugin

Go to the administration interface of your WordPress site to install the free « Really Simple SSL » plugin. You can also find this plugin in the extension directory of the WordPress.org site.

Really Simple SSL on WordPress.org
Really Simple SSL on WordPress.org

Activate it, it’s over, no settings to make !

You can now access your WordPress site in HTTPS secured by the Cloudflare SSL certificate.

Tip : do a 301 redirection

If your WordPress website was already referenced before switching to HTTPS, I strongly advise you to set up a 301 redirection to indicate to search engines that it has moved, otherwise you risk duplicate content. There are many video tutorials on this subject.

For this purpose two options :

  1. You use the.htaccess file,
  2. You use the Cloudflare rules.

For the sake of simplicity, I recommend the second option. So go to your CloudFlare > Pages Rules > Create Page Rule.

Cloudflare Always Use HTTPS
Cloudflare Always Use HTTPS

In the first field, put http://votredomaine.com/*
In the second, select Always Use HTTPS
Then click on Save and Deploy

Note on the security of your WordPress in HTTPS

After completing the two steps above, your visitors can visit your website in secure mode. But it should be noted that the data is only encrypted between the Internet user’s browser and Cloudflare’s servers, between the latter and your web hosting, the communication is done in clear.

So for those who want to go further, just install a self-signed SSL certificate on your web hosting (the procedure is simplified if you have cPanel or Plesk, including on some free web hosting), then in Cloudflare > Crypto select Full (not Full strict !!) in the first field.

Cloudflare Always Use HTTPS
Cloudflare Always Use HTTPS

This method can also be used to secure web software such as ERP or free CRM at a lower cost.

If you have any questions or need help, feel free to use the comments below !


Please enter your comment!
Please enter your name here