You’ve likely heard about the drive towards making the web more secure. Google is pushing for HTTPS to be the standard for all websites, however for most of us the thought of installing an SSL certificate and ensuring our sites are securely served over HTTPS is terrifying.
In this post, I’m going to explain how you can add HTTPS to your RapidWeaver website using CloudFlare, but before we look at how to do that let's talk about why:
- In 2014 Google confirmed that HTTPS is a ranking signal. This means HTTPS sites will get a small ranking advantage over non-HTTPS sites.
- Last year Google announced that Chrome would start to mark “HTTP pages that collect passwords or credit cards as non-secure”. Eventually, all HTTP web pages will have a non-secure warning displayed — that's right, every website served over HTTP will have a red “Not secure” warning displayed.
- Everyone has become more security conscious over the past few years, so have a green “Secure” label on your website will increase confidence in your website and brand.
Although many hosting providers are making the process of adding HTTPS a lot easier by enabling SSL by default or providing an "Add HTTPS" button to take care of most things for you, you’ll still need to purchase and renew an SSL certificate, and should you change hosting providers you’ll need to setup everything again.
Use CloudFlare for HTTPS
There is a quick and easy way to add HTTPS to your site free of charge, without needing to install anything, and without the worry of expiring certificates.
That service is CloudFlare. I’ve previously covered CloudFlare in two of our training courses, so if you prefer video content I'd recommend watching these first:
How to add your RapidWeaver site to CloudFlare
The process of adding your RapidWeaver site to CloudFlare is easy, simply follow these Getting Started with CloudFlare instructions to add your site. The most complex piece of the puzzle is double-checking CloudFlare copies over all your DNS records.
When you add a site to CloudFlare, it scans your domain name for any existing DNS records. It's important that you ensure all the DNS records are present and correctly configured, if anything has been missed your website might go offline, or your emails will stop working (which might not be a bad thing!). Check with your domain name registrar if you're unsure about the DNS records currently setup on your domain.
Side note: Every website I have added to CloudFlare has had its DNS records copied over correctly, but it's always worth double-checking.
Once you have confirmed that the DNS records are correctly setup, you’ll be asked to change the nameservers for your domain. You’ll need to do this with your domain name registrar. There will be a “nameservers” setting for each domain, change the existing settings to the new ones provided by CloudFlare.
If you're unsure about changing the nameservers, ask your domain name registrar to do it for you.
Enable HTTPS on your RapidWeaver Site
Once your domain name has been successfully added to CloudFlare, the final step to adding HTTPS is to go to the “Crypto” tab in CloudFlare and set the SSL option to “Flexible”.
It might take a few minutes for CloudFlare to set up the certificate for your site, but once it's done you'll be able to visit your site via HTTPS.
Once your site is working over HTTPS, you should open your RapidWeaver project and change the web address from
https://your-domain.com. You can do this via the General settings.
Redirecting To HTTPS
It's very important to set up a page rule to redirect all HTTP URLs to HTTPS. This is because Google considers HTTP and HTTPS as two separate versions of the same websites. If you don't redirect your old HTTP site to HTTPS you might be penalised for having duplicate content.
I’d recommend reading Google’s “Site moves with URL changes” to understand this further.
And that's it, your RapidWeaver website can now be served over HTTPS!