Buzz
For a more in-depth understanding of enabling HTTPS for WordPress without purchasing an SSL certificate, refer to the detailed instructions in this Mytour article.
The Significance of HTTPS
Beyond enhancing website security for users, SSL certificates and HTTPS are pivotal factors in boosting a website's ranking on Google's search listings.
According to Google, HTTPS is one of the elements influencing a website's search ranking, and HTTPS pages are automatically indexed. Google's Gary Illyes stated that only 10% of web-crawled and indexed URLs are HTTPS, with 30% of search results on the first page containing at least one or more HTTPS URLs.
Therefore, considering the statistics, transitioning to HTTPS is a prudent move.
Preparatory Steps Before Enabling HTTPS
Certainly, you can enable HTTPS for your WordPress site without purchasing an SSL certificate. However, Mytour recommends this only for regular blogs or simple websites. If your website is an e-commerce site or requires user personal information (such as usernames, passwords, credit card details, etc.), you should consider purchasing and setting up an SSL certificate for your domain from the best SSL certificate providers.
Alternatively, you can obtain a free SSL certificate from LetsEncrypt.
How to Enable HTTPS for WordPress Without Buying an SSL Certificate
Here is the process to enable HTTPS for WordPress without purchasing an SSL certificate. Simply follow the steps below:
Step 1: Move Your Website Behind CloudFlare
CloudFlare offers free CDN, providing numerous benefits beyond free CDN to enable HTTPS and HTTP/2 on your website. Sign up for CloudFlare and follow the instructions to move your website's server name to point to CloudFlare.
Step 2: Activate Flexible SSL in CloudFlare
Once your website is set up with CloudFlare, access the Crypto tab on your CloudFlare dashboard and choose the Flexible option in the SSL section. Keep the remaining settings as they are in the Crypto tab.
Step 3: Install CloudFlare Flexible SSL for WordPress
CloudFlare acts as a reverse proxy for your website, fetching the website through regular HTTP requests even when serving HTTPS pages to your visitors.
What you need to do is detect such requests and create an HTTPS request for WordPress's output pages.
Luckily, you can use a plugin to accomplish this. Simply install CloudFlare Flexible SSL for WordPress, and you'll be able to access the website through HTTPS.
Download CloudFlare Flexible SSL for WordPress and install it here: Download CloudFlare Flexible SSL
The CloudFlare Flexible SSL plugin for WordPress requires no additional installations, and users will see a padlock icon in the address bar when accessing their website via HTTPS.
Step 4: Resolve Mixed Content Errors
Sometimes, a plugin or theme may not be encrypted correctly and could malfunction when trying to access the website via HTTPS. If this occurs, you'll receive a Mixed Content error message on the browser's dashboard and won't see the padlock icon in the address bar anymore.
In the event of facing this scenario, you'll need to resolve the error by switching to better-encrypted WordPress themes and plugins.
If the above method is not feasible, you can install another WordPress plugin to fix Mixed Content errors on your WordPress site.
Install SSL Insecure Content Fixer on your WordPress site and configure it as follows:
Choose Simple or Content for Fix insecure content.
In the HTTPS detection section, choose HTTP_CF_VISITOR. You can also opt for HTTP_X_FORWARDED_PROTO as suggested by the plugin, as both options are set when using CloudFlare HTTPS.
SSL Insecure Content Fixer also allows users to fix plugins, such as WooCommerce, on the WordPress page for HTTPS. You can activate these options if needed.
Once completed, you'll see the padlock icon displayed in the address bar, and the Mixed Content error warning will no longer appear.
Step 5: Redirect Traffic to HTTPS
Ensure to verify your website through HTTPS before proceeding with this step. Once you've confirmed that your website content is correctly transitioning to HTTPS, you can move the entire domain to operate through HTTPS. To achieve this, utilize CloudFlare's page rules.
Access the Page Rules tab within the domain on the CloudFlare dashboard and add the following rules:
URL Pattern: http://*yourdomain.com/*
Always use https: On
Note: Replace yourdomain.com with your website's domain.
Save the rule page. Once you've completed this step, every time you access your website, you'll be redirected to the HTTPS version.
Here, Mytour has guided you on enabling HTTPS for WordPress without purchasing an SSL certificate. The steps are not too complicated, right? Wish you success and don't forget to share your feedback with Mytour.
