There are many reason why you may need to get an SSL for your site.
- Paypal is now requiring all IPN URLs to use HTTPS (old IPN URLs will be required to change soon as well).
- If you want to embed a page in Facebook apps on your Facebook page, they also require the page URL to be under SSL protection.
- Stripe, as well as other payment gateways also require this.
Do I Need An SSL?
An SSL will protect your visitors and site users from getting any data stolen while entering it on your site (such as credit cards, email address etc..). So if you are collecting any kind of customer data we do suggest considering adding SSL protection - although in a lot of cases some data such as WP logins are always encrypted, but having the extra layer of security may make your users feel safer (even though it may not be required).
Cloudflare.com offers a FREE SSL protection for any site you have that uses CloudFlare. As the cost of getting an SSL can be high for those who are just starting out, we decided to write a guide here on just how to use this awesome service from CloudFlare. So lets get started...
Step 1: Signup for a CloudFlare account at https://www.cloudflare.com/a/sign-up
Step 2: After you verify your account, log back in and click on "add site" at the top of the page:
You will need to let CloudFlare scan your site for DNS settings:
Once the Scan is complete, you'll need to click on "continue setup" and you'll then need to verify your DNS:
On the next screen, verify that the DNS records are correct. They should be, so just click "Continue" to proceed to the next step:
Next, you'll need to choose the FREE plan as that is what is covered in this guide. You can always upgrade or choose another plan:
After verifying the DNS and clicking "Continue" you'll see a screen that shows your current nameserver settings and the settings they need to change to. This will not cause any downtime on your site.
The way CloudFlare works is the domain name points to CloudFlare's servers and then forwards to the host nameservers, so it is a seamless change.
It will take around 24 hours for Cloudflare to issue the SSL for this site, so while that is getting setup, lets install the CloudFlare WordPress Plugin which will help make things run a bit smoother.
Step 3: Installing the CloudFlare WordPress Plugin
It is fine to install and activate the CloudFlare plugin while you wait for CloudFlare to setup the SSL on their end.
Login to your WordPress Admin and go to "Plugins > Add New" and search for "CloudFlare" - you will need to install the one that looks like this:
After you install it and activate it, you'll need to go back to the main WordPress Dashboard and then click "Settings > CloudFlare" like this:
Then you'll need to fill in the following sections:
Save the settings and after 24 hours start on step 4 below.
Step 4: After 24 hours check to see if the nameservers are propagated by logging into CloudFlare.
Choose your site domain in the top left of the CloudFlare dashboard after you login.
You should see a screen like this:
What you'll need to do is click the "Recheck Nameservers" button. If all is well, or CloudFlare had already rechecked them before you logged in, then you should see a screen like this:
Once your site status is "Active" then proceed to the next step below
Step 5: Changing the site URL
Please make sure you take a full backup of any files you edit to ensure you can restore the site if a mistake is made during this process. OptimizePress is not liable for loss of data as a result of not backing up your files first.
The first thing you should do is open your site url in a browser and add the https to the front of the domain to see if it loads on the SSL. If it does then you are fine, however if you don't, then that means you may need to wait a little longer for the SSL to be setup - most of the time CloudFlare has these ready in 24 hours or less but in some cases it can take a little longer (try clearing your browser cache also).
There are two ways to change the site URL (I prefer the second way since if you have any trouble after changing it where you get some kind of redirect loop error then you can switch it back very easy)
- You can change them in the WP Dashboard under "settings > General" - note that in most cases after you change these you'll be asked to login again which is normal.
- Or you can edit through the wp-config.php file - and adding this to wp-config.php file (either through FTP, cPanel, or other method of your choice that you use for file editing with your site):
This will lock the site urls and ensure that they won't accidentally get changed
** These codes should be placed after the opening ?php tag in the wp-config.php file on a new line.**
IMPORTANT NOTE: You do not need to use the force_ssl_admin rule or modify the .htaccess file to route http to https as we mention in our other SSL guide. You don't have to do that with CloudFlare as their plugin and processes handle that already.
If you get redirect loop error, please see THIS GUIDE on CloudFlare's support.
If you get insecure content errors, please see THIS GUIDE on CloudFlare's support.
If you need help finding insecure items:
Sometimes it is difficult to find which items are causing the insecure warnings. Here is a website that can sometimes help with this: https://www.whynopadlock.com (opens in new window).
Step 6: Updating URL references after changing URL to HTTPS
After you change your site to HTTPS, you'll need to update the url references.
1) Use our OptimizePress Helper tool to update the URL references within OptimizePress data: https://optimizepress.zendesk.com/hc/en-us/articles/203699826-Update-URL-References-after-moving-domain
2) Use the Velvet Blues Update URL plugin to update URLs for other things on your site (you should use both - doesn't matter which order). To do this, after the plugin is activated, go to "tools" and "update urls" and the only difference should be the http (for old domain) and https (for new domain). Be sure to put the correct domain format in (if you had www in there then make sure you use that).
VERY IMPORTANT STEP - Since you changed the url of your site, you will need to refresh your OptimizePress API key. To do this, please login to http://members.optimizepress.com and then navigate to the "licensing page" and then click the "clear" link to the right of the url your site is currently licensed under.
Then, log back into your site and go to "OptimizePress > Dashboard" and then just go to the bottom and click the "green" update button. This will re-license your site with the https url. You can actually try this before clearing the key to see if it works (sometimes it does but if not then just clear the key in the members hub and it will work fine).
Note: If you experience any issues after following all these steps, we would be happy to assist further if needed. Just use the link below to send in a support request (note that we will likely need your wp-admin logins, FTP logins, and possibly CloudFlare logins to be able to fully assist in the shortest amount of time possible).