Having a secure site is pretty much a standard now in 2022.
Aside from improving your SEO (confirmed by Google) as a ranking factor, it eliminates insecure site browser warnings that are now popping up in modern versions of Chrome, Safari, etc, and having a truly secure site helps to keep the web more secure.
But, some sites don’t need full SSL certificate installations because they don’t deal with any truly sensitive information (like private information or payments.)
In these situations, Cloudflare’s Flexible SSL setting will suffice. BUT – if set up incorrectly, it can cause redirect loops and insecure/mixed content errors.
I’ll walk you through how to set it up here!
1. Put your site on Cloudflare
The free plan will do. Just sign up for a free account, point your Nameservers, ensure your DNS zone records are correct (check your current DNS provider to make sure it’s bringing everything over), and wait for the Nameservers to update worldwide.
2. Go to the SSL section of Cloudflare and set up Flexible SSL
3. Modify “Edge Certificates” Settings
Back on the left hand side under the SSL section, click on “Edge Certificates.”
In here, you’re going to turn a few things ON. The ON toggle will look green when it’s on, like this:
Turn the following settings ON:
A) Set “Always Use HTTPS” to ON
B) Set “TLS 1.3” to ON
C) Set “Automatic HTTPS Rewrites” to ON
4. Enable Universal SSL
On that same page, at the very bottom, enable Universal SSL. To do this you’ll click a blue button. Accept the default settings it gives you. Note that any subdomains will also be set to SSL with this part of the Cloudflare setup.
5. Edit your WordPress site address to include https
In your WordPress admin area, click Settings in the left hand site.
Change your WordPress Site Address (not WordPress address) to begin with https.
6. Install & Activate “Really Simple SSL” Plugin
With the above settings, I was seeing 99% of the SSL functionality I needed. But the site had some content and loading issues.
Installing and activating Really Simple SSL solved that. Go add it in your WordPress plugins and activate it.
That’s it! The latest Cloudflare Flexible SSL settings tend to take care of the common redirect loop issues themselves, but the Really Simple SSL plugin seems to round things out with any common other SSL errors.
I can’t guarantee this will work for all websites, but this is what’s working for me right now.
Questions? Problems? Comment below.