How to secure the website for free with Cloudflare (Illustrated Guide)

What Is The Meaning Of The “Not Secure” Warning?

WordPress websites are served up over HTTP (Hypertext Transfer Protocol) protocol. HTTP is a standard way that your PC communicates with the site you’re browsing. A site that is secure utilizes an SSL certificate that is responsible for changing URL to HTTP. An SSL certificate tells your visitors (and their browsers) that you are who you say you are.

When you receive the website not secure notification on your site, what this means is that part of the content being loaded is coming over without encryption. When the communication between your computer and your browser is in the open, the transmitted data can be viewed or tampered with. Once personally, identifiable info is in the hands of cybercriminals, they will use the info to perform identity theft, make fraudulent purchases or even empty bank accounts. What the added security does is simply protect your computer’s communication by providing end-to-end encryption. This makes it harder for your ISPs, hackers, Government and other malicious parties to sniff or eavesdrop the data as it traverses the web.

In recent times, more and more WordPress websites have started implementing SSL certificates on their websites. HTTP combines with SSL to create HTTPS. SSL certificates help to secure data going to and from the websites. This, in turn, protects your privacy and builds a more safe and secure web experience for all parties. I suggest reading one of our previous articles about the reasons you should use an HTTPS Encrypted Connection and convince yourself of its importance.

How Will The “Not Secure” Warning Affect My Site?

For starters, when your website visitors get this website not secure warning, it will impact public perception which will result in lost consumer confidence and online conversions. The warning will raise their concerns about the non-secure nature of your WordPress site. People are more protective of their privacy and information online these days more than ever. Some may assume that your website is hacked or perceive it as vulnerable which will adversely impact the bounce rate of your website. Another way this warning can affect your site is in rankings. Websites with SSL certificates have a better chance of being ranked higher than those without.

Your site load time & security is two essential elements for online success business. Not necessary for E-Commerce but any type of business including your personal blog.
Fast loading web page gives better user experience and boosts search engine ranking. Nobody like slow loading website, do you?
There are multiple ways to add security & supercharge your site, but I found Cloudflare is probably the easiest one.
A little introduction about Cloudflare if not sure what I am talking about.
Cloudflare is CDN & Security company powering millions of website including Geek Flare. CloudFlare has more than 75% of market share in Alexa top 1 million sites.

Cloudflare On-boarding

Onboarding your website to Cloudflare is quite easy, and you can get it started in just a few minutes.
The following, I’ve used their FREE plan and procedure will apply to any website including WordPress, Joomla, Magento, etc.
Let’s get it started…
Create a Cloudflare account

  • Enter your website and click “Scan DNS Records.”
  • It will take a minute to scan existing DNS records, click continue
  • You will see the existing DNS records for your website. If they look good then continue else you can modify it here.
  • Select the plan and continue
  • You will be asked to update existing name server record with Cloudflare. This you got to do at Domain registrar. If you are not sure, you can refer this guide.
  • Until name server is updated, you will see the status as pending on Cloudflare dashboard.
Note: you may use the DNS record lookup tool to verify the NS record.
  • Once updated, you will notice status is active.

This concludes your website is successfully routed through CloudFlare network and ready to take performance & security advantages.

Cloudflare Configuration

The default configuration is ok but if you want to take maximum benefits, then you may considering doing the following.

HTTPS Rewrites – if you intend to use SSL then you got to activate “HTTP Rewrites” to ensure all resources are loaded over HTTPS and avoid any mixed content issue.
  • Go to Crypto tab and turn on “Automatic HTTP Rewrites.”

Note: if you are using WordPress or Joomla then you may notice mixed content issue and page might be broken. To fix that, you need to use an additional plugin as explained here.

Minify JS, CSS & HTML – reduce the web page size by minifying JavaScript, CSS & HTML. Having smaller web page means fast loading site.
  • Go to speed tab and select the checkbox
Minify JS, CSS & HTML – reduce the web page size by minifying JavaScript, CSS & HTML. Having smaller web page means fast loading site.
  • Go to speed tab and select the checkbox
Rocket Loader – Rocket Loader solution is a trademark of Cloudflare which does many things like reducing the number of requests, loading scripts asynchronously, caching scripts locally, etc.
  • Under speed tab, select Automatic for “Rocket Loader.”

Thea above essential configuration should be enough to accelerate.