This guide is intended to follow our Connecting a Custom Domain guide and our Generating an SSL Certificate with Let’s Encrypt guide. Please make sure you’ve completed all of the steps in those guides before following this guide.
A few terms to remember:
Origin Server: Cloudflare will refer to your hosting account as your origin server. We’ll use that term interchangeably with your “hosting account” and any changes you need to make on your origin server (or hosting account) are done through your Advanced WP dashboard, Control Panel, or within WordPress.
Caching: The term caching means the process of storing data in a cache—or temporary storage. There will be a variety of caching techniques used on your website and it can sometimes be confusing which one we’re referring to. Within this article, we’ll focus only on caching controlled by Cloudflare.
In our Connecting a Custom Domain guide, we configured only the features necessary to connect your website. Now that you’re up and running, it’s time to start optimizing your site and leveraging powerful tools available to improve your website.
If you spent any time looking around Cloudflare’s dashboard, you probably noticed that it has a lot of features available. While some features are only available with paid plans, even Cloudflare’s free plan is incredibly powerful. Along the top of the dashboard, you’ll see a row of icons for each of these features. Along the right side, you’ll see a few “Quick Actions” to help in the event of an attack or if you need to troubleshoot loading or caching problems.
A list of tools available on Cloudflare.
Quick Actions for troubleshooting.
As you might have guessed, “Crypto” is where Cloudflare’s security settings are located. We’ll start here.
Crypto Step 1 — Use Full (Strict) SSL
The first option under Crypto allows us to choose which method Cloudflare will use to access our website. For maximum security, we want to make sure all connections to our website are encrypted. This will likely be “Flexible” by default and we want to change it to “Full (strict)”. Cloudflare will connect to your website over HTTPS and verify the certificate on each request.
Set the SSL option to “Full (strict)”.
If you experience issues accessing your website after choosing “Full (strict)” that seem to be related to the SSL certificate (such as Cipher errors, Redirect errors, etc.) it may be because the SSL certificate on your server is not properly configured. If so, switch this back to flexible and revisit our Generating an SSL Certificate with Let’s Encrypt guide.
Crypto Step 2 — Always Use HTTPS
Next, we want to make sure that all of our visitors are connecting to our website with HTTPS. Any visitors who follow a link or attempt to navigate to the http:// version of your website will get a 301 redirect to the equivalent https:// URL.
Turn the Always Use HTTPS option on.
Crypto Step 3 — Automatic HTTPS Rewrites
Automatic HTTPS Rewrites helps fix mixed content by changing http:// to https:// for all resources or links on your web site that can be served with HTTPS. This is an easy way to avoid problems and security certificate errors on your website (although, we still recommend taking care to properly format your links).
Turn the Automatic HTTPS Rewrites option on.
Next, we’ll go back to the DNS options page.
Route Traffic Through Cloudflare
You’ll probably remember a screen similar to this when you originally connected Cloudflare. At that time, we recommended that you set the cloud icons to grey, meaning that traffic was bypassing Cloudflare’s network. We did this at the start to ensure that you didn’t run into problems before you had a chance to configure an SSL certificate on your server.
Cloudflare offers way too many powerful features to cover here and if you have any questions that we don’t cover, please visit their Help Centre. If you’re currently using Cloudflare’s free plan, you should familiarize yourself with their other plans and features in order to make sure you’re ready to take full advantage of Cloudflare as your website grows.