Comments: One-in-Six Advocate Prison for CEOs and Board Members After Breaches
March 28, 2015
Migrating From Godaddy Managed WordPress to SiteGround
October 8, 2015

Adding HTTPS to GoDaddy WordPress via CloudFlare

While chatting with some colleagues this past week, I realized that I was running this WordPress blog completely over HTTP, including the login page. Ugh, security fail. A quick Google search revealed that GoDaddy managed WordPress sites do not enable any SSL/TLS by default, even with a self-signed or shared certificate. This is important because anyone capturing network traffic will be able to view the login information to your site in cleartext. This means an attacker is able to login to your WordPress site as you and do whatever they please. Today I went on a search to see how I could add SSL to the site without any additional cost.

I found a post from SeedProd discussing how to add SSL to a WordPress site via CloudFlare for $20/mo. and for free in the future. I had no idea that CloudFlare had a free plan but they do, and today it includes SSL. The free plan includes many features that will enhance the security and performance, including the addition of SSL, of the site so this is a real no-brainer for anyone. Take a look at CloudFlare’s plan comparison chart to get a quick idea of other features available for free.

Following the instructions outlined at SeedProd, I was able to get all of my domains registered and running with CloudFlare in just a few minutes. Thus, we have a quick how-to on adding HTTPS to GoDaddy WordPress via CloudFlare. It was as simple as:

  • Create an account with CloudFlare, including 2-factor auth (1 min)

Screen Shot 2015-10-04 at 1.43.33 PM

  • Change DNS (NS) records from GoDaddy to CloudFlare (2 min)

Screen Shot 2015-10-04 at 1.42.14 PM

  • Install and configure “wordpress-https” plugin on WP sites (< 1 min)

Screen Shot 2015-10-04 at 1.41.08 PM

  • Create “Page Rule” in CloudFlare redirecting all traffic to HTTPS (< 1 min)

Screen Shot 2015-10-04 at 4.07.07 PM

 

Done. Now my WP is 100% SSL/TLS to site visitors. This discovery was a good validation of why 2-factor authentication is important. Even though this site was using cleartext passwords and exposing my credentials to anyone with visibility, having 2-factor authentication setup with Duo Security setup gives me a warm fuzzy that no one could not have successfully logged into the site.

I still need to go back and setup SSL/TLS between CloudFlare and my WP server (Full SSL), but this is a good start for today.

Leave a Reply

Your email address will not be published. Required fields are marked *