These days the best available transport layer security (TLS) can be acquired at no cost. And purchasing a certificate is no longer necessary. Here’s how we do encryption correctly using CloudFlare Free FULL Strict SSL on this blog!
Running your website forum or blog under CloudFlare provides the best available speed through caching and unbeatable firewall in the business. It’s as easy as going to cloudflare.com and registering your account. After registering your webmaster account click add website and follow the prompts.
After your domain is active on cloudflare click the Crypto Tab.
The following choices are:
- Flexible SSL:
- SSL is terminated at the Cloudflare edge servers. Everything between your client and Cloudflare is encrypted, but between Cloudflare and your origin server is not encrypted. You would not need a certificate directly installed on your server for full encryption.
- SSL Full:
- SSL is terminated at the Cloudflare edge server. Then it is encrypted again, and sent back to your servers all encrypted. You would need an SSL certificate installed directly on your server for this option. You can also use a self-signed certificate for this option.
- SSL Full (strict):
- Same as SSL Full, but you must have a certificate that is signed by a CA (Certificate Authority.)
Flexible is the easiest to set up but we do not recommend going that route. Traffic between your server / hosting account is not encrypted. Anyone could in theory sniff and intercept / replace the packets while in transit. Also those running WordPress will probably encounter redirect loop errors.
We recommend the Full option. It requires whats called an origin certificate. If you have the ability to generate a signed certificate request and self signed certificate do so. Then install that self signed certificate onto your domain hosting account or sever.
If you have shared hosting or your web-host will not allow generating a certificate request CloudFlare provides one free. Here is how to install an origin certificate in CloudFlare after it’s generated.
The Strict option requires an origin certificate by a cert provider. We use Comodo Positive SSL certs obtained from ssls.com as low as 4.99 per year.
Running WordPress under encryption can be challenging. Mostly dealing with insecure images, insecure embedded YouTube links.
We use this old but reliable WordPress HTTPS plugin. It converts any insecure links “http:// into protocol relative ://” that prevents most insecure errors. We use this website to analyze encryption errors.
Have questions or need help? Comment below.. 😉