Tag: Cloudflare

  • How to Setup Cloudflare Free SSL on a WordPress Site (2021)

    How to Setup Cloudflare Free SSL on a WordPress Site (2021)

    Coudflare provides Free SSL to all its users. If you are not aware what SSL (Secure Sockets Layer), it is a protocol which protects the data that is transferred between your website and visiter’s computer. If you are taking personal data (like credit card information) from your site users, you must have SSL. but even if you are not, you should consider installing SSL on your WordPress website becuse Google favours sites served over HTTPS and the green lock in the URL box inspires trust in your site users.

    You need to first setup Cloudflare on your WordPress website in order to enable SSL. You can follow our tutorial to setup Cloudflare with best settings for your site. Once you are done with that you should login and go to the ‘Crypto’ tab in Cloudflare dashboard.

    Cloudflare SSL Types

    Here, you will see 4 different types of SSL setups – Off, Flexible, Full and Full (Strict).

    Cloudflare SSL Off

    When SSL is set to Off, it means there is no secure connection between your server and user. You site will be served over HTTP network.

    Cloudflare SSL Flexible

    Flexible SSLmeans that your site will be served over HTTPS and the user will see the green lock and HTTPS in his browser but the connection between Cloudflare and your host is not secure. Though a person seeing your site will see that your site is SSL secured but it’s not a complete SSL in its true sense and the data transferred between your site and user is not totally secure.

    But this is the setting that we recommend to most of the bloggers. The reason is that most bloggers don’t take sensitive information like credit card data from users. Even if they sell something, they generally user third party checkout carts which have their own security mechanisms. So you don’t really need a fully secure SSL. Flexible SSL makes your site look better in the eyes of visitors and also Google. Later in future if you need you can always move to full SSL.

    Cloudflare SSL Full

    Full SSLmeans that the connections between site users and Cloudflare and also between Cloudflare and your host are secure. So, any data transferred through it is secure. For this you need to install a self-signed certificate on your host server. It’s like giving in writing that you are the owner of this domain but this certified is not verified by Cloudflare. So again it’s a complete SSL as complete SSL means that a third party gives you a verified security certificate which you install on your host server which is the last Cloudflare SSL setting called Full SSL (Strict).

    Cloudflare SSL Full strict

    Full SSL (strict)the best and completely secure SSL connection setup between your site and the visitors. To achieve this, you will have to install a valid SSL certificate issued by Cloudflare on your Host server.

    Out of these 4 Cloudflare SSL settings, I recommend either Flexible SSL or Full SSL (strict). Full (strict) SSL needs you to install a certificate on your host server, so first you should check with your host if they allow you to do this or not. Shared hosting accounts generally don’t allow installing SSL certificates but many host will do this for your for a minimal charge. If you are on VPS or dedicated hosting, you should be able to do it easily.

    Flexible SSL is the easiest to set up and is good enough for most bloggers and site owners. So let’s first see how we can set up Cloudflare Flexible SSL on our WordPress site.

    How to Setup Cloudflare Flexible SSL on a WordPress Site

    1. I assume you have already added your site to Cloudflare, changed the nameservers and your site is being served through Cloudflare servers. If you haven’t done it yet, first do it following this tutorial – Free Cloudflare CDN – Latest Setup for WordPress (2017).
    2. First install Cloudflare Flexible SSL Pluginon your WordPress site. Don’t do any changes in Cloudflare SSL settings before installing and activating this plugin as it cause a redirect loop on WordPress admin login page and you will have problem accessing the WordPress dashaoard.
    3. Go to the Crypto settings on your Cloudflare dashboard and select Flexible SSL. It can take from 15 minutes to 24 hours for your SSL certificate to be issued and activated. Once it is active you will be able to see it with a green dot.Cloudflare Crypto Flexible SSL
    4. Move to the Page Rules tab and enter http://*yourdomain.com/* in URL box and set it as Always use HTTPS. This will make sure that your site is always loaded on HTTPS, even when user HTTP in the address bar.Page Rules Cloudflare Flexible SSL
    5. If yours is a new blog, you should be done with the above Cloudflare setup but if you are setting up Flexible SSL on an existing blog, chances are that there are already links and images on your site that have HTTP. This can cause Mixed In secure Content Errors in some browsers and will show warnings to users. If that is the case install these two plugins and the problem should be solved. First is SSL Insecure Content Fixer Plugin.SSL Insecure Content Fixer PluginAnd the second is WordPress HTTPS SSL Plugin. Through this plugin has not been updated for quite some time, it may not show in plugin search in your WordPress dashboard. In that case, download it from the plugin page and upload it.WordPress HTTPS SSL Plugin
    6. Though this step is not necessary we recommend you should do it. After that go to the general settings in your WordPress dashboard and change both the WordPress URL and Site URL to HTTPS. General Settings WordPress change URL to https
    7. Now clear your website cache, browser cache and cookies and test if your site is loading properly with HTTPS.
    8. You can also submit thehttps://and https://wwwversions of your website to Google Search Console.

    Other Recommended Settings:

    In the Cloudflare Crypto settings, turn on the Automatic HTTPS Rewrites.

    Congratulations! You are done with Cloudflare SSL Setup on your WordPress site.

    Cloudflare Full SSL (Strict) Setup for WordPress

    All the above steps will be followed except selecting Full (strict) instead of Flexible in Cloudflare dashboard.

    The extra steps that you have to follow are as following:

    (Important:Change the URL to HTTPS in WordPress Settings only after you follow the steps below and the SSL certificates are installed on your host server)

    In the Crypto Setting of Cloudflare, go to Origin Certificatesand click the Create Certificatebutton.

    Cloudflare Full Strict Create Certificate

    You domain names should already show there but if they are not showing enter – *.yourdomain.com and yourdomain.com and click Next.
    Cloudflare Full Strict Create Certificate -1

    Now Cloudflare will generate SSL certificates for your website and on the next screen you will find your Origin Certificate and Private Key. Copy and save these in a text file.

    Cloudflare generated-SSL certificates

    Now there is one more thing we need – Cloudflare Origin CA Bundle. Go to this Cloudflare Support pageto get it. It will give 2 certificates, choose the RSA Root one. Copy and save with other 2 certificates we saved in the last step.

    Cloudflare SSL Origin CA Bundle RSA Root

    Now you need to head to your web host and find the option to install SSL. It should be in the cPanel or in the WHM (for VPS hosting). Or you can contact your host support and give them the above 3 certificate keys and they will install the SSL for you.

    cPanel SSL

    If you can find the option to install SSL certificate at your host server, click it and it will take you to the following page. Click on ‘Manage SSL Sites’.

    cPanel - SSL:TLS Install Cloudflare 1

    On the next page, select the domain on which you want to install SSL and paste (from the text file where you saved the 3 certificate keys) the Origin Certificate in the first box, Private Key in the second and CA Bundle in the third box and click Install Certificate.

    cPanel - SSL:TLS Install Cloudflare

    Now change the site URLs to HTTPS in the WordPress – Settings – General.

    Clear all the cache and cookies and test if your site is loading fine on HTTPS.

    Submit the HTTPS versions of site to Google Search Console.

    Congrats! You are done with Cloudflare SSL installation on your WordPress website.

  • Free Cloudflare CDN – Latest Setup for WordPress (2021)

    Free Cloudflare CDN – Latest Setup for WordPress (2021)

    Two most important requirements of a good website are – Speed and Security. A fast loading website not only pleases the users but also Google Search. Reducing the page loading time of your site is one of the first steps to boost the SEO. A layer of security to protect your site from spam traffic bots and attacks reduces the load to your server thus increasing the speed and also keeps your site safe.

    There are a number of good CDN services that provide these features but most of them are very expensive. If you are earning a good amount of money from your site, you may consider investing in a premium CDN but until that Cloudflare is the best solution that you can have. Cloudflare is one the most popular CDN (Content Delivery Network) services used by websites to boost their performance and security.

    Why use Cloudflare and how come it is free?

    Cloudflare works like a buffer space between your site and users. It has a number of web servers at strategic locations around the globe and your site is cached on these servers. The users are served the site content directly from the closest Cloudflare servers instead of your web host. Cloudflare not only boosts your site speed and provide security from spam traffic and brute attacks but also gives you free SSL and a lot more other useful features. And all this is FREE. It sounds too good to be true, right? Cloudflare also provides paid services, which give you some extra premium features. These services are used by big enterprises and corporates and that’s how Cloudflare makes money. And the hundreds of thousands of its free users give it free publicity. So, it’s a win-win situation for both Cloudflare and its users.

    How to Setup Free Cloudflare for your WordPress Website

    Some of the web hosts like Hostgator and Bluehost provide Cloudflare installation right inside their cPanel. You just have to click the Cloudflare button, select the domain and the traffic to your site will be routed through Coudflare. But if your host doesn’t offer Cloudflare installation inside cPanel, you can easily do it manually. In fact I prefer doing it manually as it gives me more control over things. Also if I decide to change my host in future, it won’t affect my Cloudflare setup.

    Step 1 – Create a New Account on Cloudflare

    First, you need to visit https://www.cloudflare.comand sign up for a new account.

    Cloudflare - WordPress Setup New Account Sign up

    Step 2 – Adding Your Website Domain to Cloudflare

    You will have to enter your domain name and click on Begin Scan button. Then, Cloudflare will scan the DNS records of your website.

    This can take a few minutes.

    Free Cloudflare CDN WordPress Setup -2

    Step 3 – Verifying DNS Records

    After the scanning is complete, Cloudflare will show you all the DNS records it retrieved from your domain registrar or web host. In most of the cases, you do not to change anything hereas Cloudflare selects the optimum setting by default. But make sure that DNS records of your domain root and its www version have orange clouds in front of them. Orange cloud means that the traffic to those DNS records (or subdomains) will be rerouted through Cloudflare servers. Grey clouds mean that those DNS records will bypass Cloudflare and will connect to your host directly.

    Free Cloudflare CDN WordPress Setup -3

     Step 4 – Selecting a Cloudflare Plan

    After verifying the DNS records of your WordPress website, you will have to chose a Cloudflare membership plan. We will obviously choose the Free plan.

    Step 5 – Pointing Domain Nameservers to Coudflare

    Now almost everything is setup on Cloudflare end and it’s ready to be connected to your domain. But your domain nameservers are still pointing to your host servers. You need to go to the settings of your domain registrar and change the nameservers to the ones given by Cloudflare.

    Free Cloudflare CDN WordPress Setup -5

    Step 6 – Wait for the Nameserver Change to Complete

    Now you just have to wait for the nameserver change to be completed. They say that it may take upto 24 hours for the DNS to be propagated but in most of the cases it’s completed in less than 1-2 hours. Until then Cloudflare will show your website as pending. But it doesn’t mean your site will be down. Your site will continue to be served from your host. After the new nameservers are propagated your site domain will show as Active.

    Free Cloudflare CDN WordPress Setup -6

    You are done now! It’s almost a set and forget kind of setup. But if you want to achieve a little more with Cloudflare there are few more things that you may like to know.

    The Cloudflare Dashboard

    This is the dashboard that you will see after you  login to your Cloudflare account. I would let you know some more useful features that are hidden inside these tabbed icons.

    Cloudflare Dashboard

    Overview

    There are two major functions hidden in the Overview section. When you click the ‘Advanced’ button – Pause and Delete. Use the Delete button when you want to simply remove Cloudflare from your site (in fact your site from Cloudflare). If you do so, remember to point your nameservers back to your host.

    Pause button can be used to temporarily bypass Cloudflare servers and route the traffic directly to your host server. It is useful in cased when you are changing some settings in Cloudflare or messed up with some setting and working to rectify it.

    Cloudflare WordPress Pause or Delete Site

    Analytics

    Analytics tab shows you stats of your site visiters, page views, threats, saved bandwidth etc.

    DNS

    Here you can see all the DNS records. In case you want to use Cloudflare on a subdomain of your site, this is here you will need to make some changes.

    Crypto

    One of the most useful and popular features of Cloudflare is Free SSL. SSL gives you that Green lock and Https:// in the URL tab when your site is loaded. SSL not only gives a sense of security to your site users but also boosts your SEO as Google has clearly said it will favour sites with SSL. By default this feature is off. I will show how to setup Free Cloudflare SSL on your WordPress site in a separate post. Until then leave everything as default.

    Firewall

    In this tab you can change the security settings of Cloudflare. By default the security level is Medium which is optimum for most sites. If change it to high it may show irritating captcha (ever saw those ‘select image pieces with trees or cars or store fronts to prove you are not a robot’ on sites?) to even some genuine users.

    Recommended settings:

    Rate Limiting– I haven’t enabled it.

    Security Level– Medium

    Challenge Passage– Leave as default

    Access Rules– You block an IP (or even all IPs from a country) from accessing your site or you can whitelist an IP (like your home or office IP) so that it doesn’t go through the security firewall.

    Speed

    Here you can make some changes to boost the speed and performance of your website by minifying different code elements of your site. make sure that Auto Minify is turned on for Javascript, CSS and HTML here.

    Recommended settings:

    Enable Accelerated Mobile Links– I have kept it OFF as it’s still in Beta and I am not sure about it.

    Rocket Loader™ – Automatic (Turn it off if you use Adsense on your site as it may interfere with it)

    Mobile Redirect –  I have it OFF

    Caching

    It manages the Cloudflare cache settings for your WordPress site. Use Purge all after you make any major change to your site (like changing a theme or layout) to removed all cached pages from Cloudflare.

    Caching Cloudflare Purge everything

    Recommended settings:

    Caching Level– Standard

    Browser Cache Expiration– 4 Hours

    Always Online™– On

    (This is a really useful feature. Even if your site is down for some time for any reason Cloudflare will show a cached version of the site to the users)

    Development Mode– Off

    Page Rules

    Here you can set page rules for specific URLs of your site. These are useful when you have set up SSL and you want to show all or some of your pages as HTTPS. For example, you may want to show HTTPS on your ecommerce store page or checkout page but not on blog pages. Cloudflare gives you 3 page rules for free which is good enough for a typical blogger. I will show you how to create the page rules in Cloudflare Free SSL setup tutorial.

    Network

    Leave all settings as default unless you know what you are doing.

    Traffic

    Nothing to do here for free users.

    Congratulations! You have setup Cloudflare on your WordPress site.

    ** Cloudflare also offers a free WordPress plugin but if you have setup everything as described above, you don’t need it. I am in the favour of keeping the number of WordPress plugins on your site to minimum anyway.