Nowadays, HTTPS has become a basic requirement for security purposes. Users want their browsing data to be protected and Website Admins want their users to trust them with respect to their data security. The best way to ensure this is to make use of encryption on the website. Whenever there is a request from a user to access the page, the page content is encrypted and then it is sent, so that only the user can see the content and no one else can alter it in between the transmission.
So many people (including us, over at StudyKorner) are using WordPress for their website content management because of its ease of use and awesome online support, hence we thought we should write a detailed article to help people migrate to HTTPS for free without much fuss.
Currently there are 2 basic ways to add HTTPS to a WordPress website
- We purchase and install a certificate (free like Let’s Encrypt or paid like Comodo) on our web server. This way the user is accessing the secured content directly from our server.
- We do not install any certificate our self and use Cloudflare flexible SSL. User is served a secure version of the website via Cloudflare.
In this tutorial we will focus on the second method. It is free and requires least changes. So even a non-technical blog administrator can understand the detailed working of Cloudflare Flexible SSL. You can read this guide for more information.
First of all, let’s see what we will do throughout this tutorial to add HTTPS to your WordPress website.
Firstly, we will change the original nameservers to Cloudflare ones. Then we will enable flexible SSL which usually takes some time to activate. In the meantime, we will install the WordPress plugin and then check if we are able to use the website, both over HTTP and HTTPS. If everything works fine then we will add a redirect rule in the Cloudflare that will redirect all the non-secure requests to the secure version. Sounds easy? Let’s start.
I recommend you to follow each step as mentioned below furthermore you can also watch the above video which demonstrates the full HTTPS migration of a demo WordPress website.
- Change your domain nameserver to Cloudflare ones
Open the Cloudflare panel and add your website URL. It will analyse your domain and then provide you with new nameservers.
Configure these new details at your domain registrar’s website.
The changing of the nameservers can take some time. Click the recheck button to see if the changes have been successful.
Please check the video for additional (optional but recommended) steps.
- Enable Flexible SSL
Go to the Crypto tab in Cloudflare and click the full option in SSL. Change it to flexible.
- Install the WordPress plugin
In the WordPress admin panel, click on add new plugin. Search for ‘Cloudflare Flexible SSL’. Install the plugin and then activate it.
- Check the HTTP and HTTPS version of the website
Now try to open the website in both ways, with and without https. It should be working fine either ways. If everything works fine, the only step left would be to redirect the users (who try to open the HTTP) to the secure HTTPS. For best results, we will do this on Cloudflare. This will also reduce the load on our server.
- Apply a page rule in Cloudflare to redirect all HTTP request to HTTPS.
In the Cloudflare, open the Page Rules tab and click on ‘Create Page Rule’. In the URL box enter
http://*<your website url>/*
and then click on ‘add a setting’. Choose ‘Always use HTTPS’ and then hit the green button saying ‘Save and deploy’.
That’s it! Congratulations!! You are now running an awesome WordPress website — and over HTTPS. I hope this tutorial helped you in migrating to HTTPS successfully.
Things not to do!!
- After wasting so much time on redirect loops, I would recommend that you should not touch the WordPress address and the Site Address under Settings>General. Do not edit them to HTTPS. It will break your website.
I am stuck in a redirect loop. I cannot access my website. Please help.
You should not change the website name under setting>general. If you changed it, please revert it back.
I hope this will fix the issue.
thank you very much you’va helped me in my project
Brother I accidently Change the website setting>general from http:// to https://. I am stuck in a redirect loop. I cannot access my website even the admin dashboard. I cant revert it back because cant open the admin panel…What should i do now? Please help me
Hi Jit, You can try modifying the website name back by logging in from the phpMyAdmin portal and editing the wp_options table.
Stuck at Step 4
What is the problem you are facing? Are you sure you didn’t changed the website name and added the HTTPS in wp-admin?
Homepage of my website is working fine. But when I’m trying to access any post or another page, stuck in redirect loop.. Website address is https://extratechtalk.in/
Are you sure you installed the plugin correctly which we mentioned? Also, I see some mixed content warning in the console for your website. I believe this was more or less because of the incorrectly installed/configured wordpress SSL plugin.
Again i done all the steps as you mentioned. its working now
When I am Using in this Format https://defitnessclub.in/ Its Working but directly useing this like defintnessclub.in not working its shows unsecure. users are not able to it every time how can we overcome this one
im not able to redirect http to https did all the things like page rule etc still facing issue!