SSL (secure socket layer) is the encryption which make your URL green and trusted on Chrome browsers, and is preferred by Google for SEO.  The SSL we use is a shared SSL, which is free.  If you have actual ecommerce needs, you should invest in a full certificate SSL.

Register at   Click +Add Site on the top right.  Enter the and press Begin Scan.  It takes a minute or so as it goes and gets all the data it needs.  Once it’s done, press Continue Setup.  Don’t change anything and press Continue on the bottom right.  Select Free Website and Continue.  You now have two new nameservers you need to provide to your domain provider (see setup hosting above).

You need to install the Cloudflare and Cloudflare Flexible SSL plugins in WordPress.

After you have changed the name servers, you will need to wait a few hours (up to 24?) for them to take effect, and then you can continue.

Once the name server changes have taken effect, activate the Cloudflare plugin and enter the API credential (the Cloudflare account email address and API key from My Settings section of Cloudflare).  Save the API Credentials.

In the Cloudflare plugin, click on Apply and Purge Cache to do initial set-up.  In principle, you should now have SSL on your website.  In reality, you will probably need to do more work.

Check the DNS settings in Cloudflare (website, not the plugin), and pick your website and then the DNS button.  Click on all the clouds to have them go through Cloudflare, unless there is reason not to click it (maybe your email is hosted somewhere else, for example).

To test if it is working, use Chrome and type https://<and then your website> and see if it works.  If it doesn’t show you a green lock, then in Chrome do the following:   Click on the three dots on the far right of the menu bar, then More Tools and then Developer Tools.  Refresh the page.  If the error says no valid certificate, then you need to wait or clear the cache of your browser.

When the error is mixed content, click on the ‘requests in network panel’ link under the error, which will show you which elements (usually graphics) are not https.

The first thing to change is the website address in WordPress > Settings > General and change the WordPress Address and Site Address to include https://.

Keep trying the Chrome Developer Tools refresh to find links which need to be updated.  Don’t forget the logo graphic in Divi > Theme Options > General > Logo, and don’t forget to save each change!

Once you have achieved the green lock, then go back to the Cloudflare (website, not plugin) and create a rule to force https all the time.  Page Rules > Create Page Rule > and enter as below.

This is why you should set-up SSL before you enter a bunch of content!


Cost: None

Time: 10 minutes and a few hours for the nameservers to take effect.