WordPress is one of the most popular CMS with over 35% of internet website are build on WordPress CMS at this time of writing this post. There other CMS like Squarespace, Joomla, Drupal etc but use by only fewer sites. WordPress is far ahead as compared to its competitor. Previously WordPress users to create a blog or website But now WordPress core code changed a lot as well as the massive ecosystem of Plugins and theme, you can create any type of website with WordPress.
As WordPress is more popular CMS, therefore, it is the main target for a hacker. As per Sucuri WordPress accounted for 90 per cent of all hacked CMS sites in 2018. WordPress is very secure by default itself most of the security breach occurs due to the use of theme and plugin from unauthorized sources. On WordPress Platform website security hardening means securing a website by reducing its surface of vulnerability. More use of theme and plugin, Showing directory or WordPress version provides a potential entry point to a hacker.
Sucuri experts blamed most of the hacks on vulnerabilities in plugins and themes, misconfiguration issues, and a lack of maintenance by webmasters, who often forgot to update their CMS, themes, and plugins.
Benefits of SSL Certificate-:
Moving to HTTP to HTTPS is have lots of advantages. It helps to gain the trust of your user if you are selling any product. HTTP to HTTPS migration can improve your SEO ranking. As per Google SEO guideline, the website that provides secure connection will get higher ranking in Google Search result. You may have seen that Google Chrome shows the HTTP site as Insecure site. Google Declared HTTPS a ranking signal. Google Started to index HTTPS pages first in Search Results.
HTTPS is being used for communication over Hypertext Transfer Protocol (HTTP) with an ‘S’ in the end that stands for ‘Secure.’ A HTTPS connection performs major three roles which is Authentication, Encryption and Data integrity. HTTPS is very helpful to gain the trust of user, if you are selling anything through your website, HTTPS connection can boost your online sale because a user will trust your website. According to Builtwith, as of February 2018, 49.8% of the top 10,000 websites are using HTTPS. That is up from 5.68% back in September 2015.
There are big players in the market from whom you can buy the SSL certificate if you are using a self-hosted WordPress website then you can buy SSL certificate from your web hosting provider. In this post, I will explain How to setup Cloudflare Flexible SSL on Your WordPress Website.
How to setup Cloudflare Flexible SSL on Your WordPress Website-:
Step.1-: Sign up for Cloudflare account and select the free plan.Step.2-: Add your Domain.Step.3-: Select the Crypto Icon and Select Flexible SSL.Step.4-: Install Cloudflare Flexible SSL pluginThis plugin forms an integral part of enabling Flexible SSL on WordPress and prevents infinite redirect loops when loading WordPress sites under Cloudflare’s Flexible SSL system. It only comes into play when Cloudflare is serving HTTPS traffic from your site. Use Cloudflare’s pages rules to redirect your visitors. You can then safely turn off SSL whenever you want from within Cloudflare and your WordPress site will still load on HTTP. It is designed only to assist with Flexible SSL, not for Strict or Full SSL certificate.
Step.5-: Force HTTP links to HTTPS Change your website URL from Http to Https. Install the plugin WP force SSL.WP Force SSL helps you redirect insecure HTTP traffic to secure HTTPS one without the need to touch any code. Just activate Force SSL and everything will be configured for you. The entire site will move to HTTPS using your SSL certificate.
Step.6-: Force Cloudflare to use HTTPS