Many website owners or webmasters – myself included – have put off migrating their WordPress sites to HTTPS. One because it’s seen as a hassle, and two because of the fear of breaking the site in the process – in my case at least. But thanks to Cloudflare, there is a quick and painless solution that is completely free, which even includes free SSL certificates. This post will cover how to migrate WordPress to HTTPS using Cloudflare. It really is quite easy.
Just before I go into how to migrate to HTTPS using Cloudflare, if you haven’t moved to HTTPS yet you may want to consider getting a move on and weighing up the benefits of HTTP vs HTTPS. Upcoming browser changes may result in your site returning insecure warnings to users if still on HTTP, which can only be a bad thing. According to Google, you may also see a ranking benefit once on HTTPS, although I wouldn’t count on it.
Either way, HTTPS is not going away, and I’d encourage you to get it sorted sooner rather than later.
When looking into migrating this very site to HTTPS, I did a bit of research and saw Cloudflare recommended as an option. I read a post on the pros and cons of HTTPS services and saw Cyrus’ tweet below which both recommended Cloudflare as a viable option:
That was enough for me to take the plunge.
Before I started though, I backed up my WordPress site and I’d encourage you to do the same. Just in case anything breaks a backup will mean you won’t be agonising over any lost work. There’s plenty of decent plugins that will do this for you and a decent guide can be found here for using BackWPup.
Step-by-step guide for using Cloudflare to migrate WordPress sites
- Create a free Cloudflare account
- Add your site
- Verify site
- Select a plan
- Update nameservers
- Authorise SSL certificate
- Install the Cloudflare Flexible SSL plugin
- Instruct Cloudflare to deliver content over HTTPS
- Check redirects are in place
- Install the SSL Insecure Content Fixer plugin
1. Create a free Cloudflare account
2. Add your site
3. Verify site
Verify that all of your DNS records are listed correctly – in most cases this will be the case so you won’t need to change anything.
4. Select plan
Select the ‘Free Website’ plan that comes with basic security protection and a free SSL certificate
5. Update Nameservers
To update your nameservers you need to login to your hosting provider where there will be a setting to do this. Rather handily, Cloudflare have provided a guide on how to change nameservers with each major hosting provider, so if you’re unsure how to do it you should find help here.
Once you’ve successfully changed nameservers, head back over to Cloudflare and click ‘Recheck Nameservers’. It will then take some time – up to 24 hours according to Cloudflare but much less in my experience – to switch over. But don’t worry, you won’t be losing any traffic during this time.
Eventually, you should see something like the below showing that the site is now active on Cloudflare.
6. Authorise SSL certificate
You also need to authorise your SSL certificate. This is actually done automatically and by default the ‘Flexible’ plan is set which is the one you want to use. Whilst you’re waiting for the certificate to be authorised you’ll see something like the below:
But eventually – again it can take up to 24 hours – authorisation will come through. Once the SSL has been authorised you should be able to access your site over HTTPS, even though the migration has yet to take place:
Whereas before updating nameservers and authorising an SSL certificate you would see something like the below:
7. Install the Cloudflare Flexible SSL plugin
Seeing as it’s WordPress, of course there’s a plugin or two available to ensure the migration runs smoothly. To prevent infinite redirect loops when loading WordPress sites via Cloudflare’s Flexible SSL system, install the Cloudflare Flexible SSL plugin. It only comes into play once Cloudflare is serving HTTPS traffic for your site, so can be installed before the switch is actually made.
8.Instruct Cloudflare to deliver content over HTTPS
We’re now ready to make the switch and instruct Cloudflare to redirect all HTTP requests on our site to HTTPS. Head over to the ‘Crypto’ section on Cloudflare and you’ll find the ‘Always use HTTPS’ button below, which by default is set to ‘Off’. Simply change it to ‘On’. Cloudflare will now begin serving your content over HTTPS, and will implement redirects from HTTP requests.
9. Check redirects are in place
Now head over to your site and ensure that the previous HTTP URLs redirect to their HTTPS equivalent
10. Install the SSL Insecure Content Fixer plugin
If after you’ve migrated you’ve got some mixed content warnings, there’s another great WordPress plugin that will solve the majority of mixed content issues.
Install the SSL Insecure Content Fixer plugin and let it’s do it thing. It should then get rid of the above and you should see the below, indicating that your site is now secure
You may find that the plugin doesn’t fix everything (I had a few rogue images still served over HTTP that needed to be updating manually), but it should do the bulk of the work for you.
Final steps
Of course with any migration there are other checks and steps that need to be made. Aleyda’s HTTPS migration checklist has you covered but I would at least advise the following post migration:
- Crawl the site to uncover any internal HTTP URLs that still need to be updated to HTTPS, and to double-check that URLs are redirecting as expected
- Check canonical URLs have now updated to HTTPS
- Check sitemap URLs have now updated to HTTPS
- Check robots.txt is being served over HTTPS and that any sitemaps referenced within are referenced with HTTPS
- Setup new Search Console profile for the HTTPS version, moving across any important settings such as URL parameters and geo-location AND a disavow file if one exists
- Update Google Analytics or other web analytics property settings to HTTPS
- Monitor indexation, rankings and organic traffic
And that’s it. If you follow these steps you will be able to migrate to HTTPS for free using Cloudflare. Happy migrating!