Free SSL on a non-SSL Hoster without root access (e.g. for WordPress)

For e.g. I use a free hoster like bplaced.net for many years now,

there are many hosters who does not provide a ssl certificat,

if you have a kvm or cloud server it’s easy to setup with let’s encrypt and certbot so i do not understand why they don’t, since this year let’s encrypt also provide ssl cert with domain wildcards.

if you don’t have root access and use a free hoster we can use a trick with cloudflare.

Register on Cloudflare

goto Crypto

change settings:
SSL FLEXIBLE
Always Use HTTPS ON
Automatic HTTPS Rewrites ON

add to your „wp-config.php“ or „index.php“ the following code inside php tags:

define(‚FORCE_SSL_ADMIN‘, true);
// in some setups HTTP_X_FORWARDED_PROTO might contain
// a comma-separated list e.g. http,https
// so check for https existence
if (strpos($_SERVER[‚HTTP_X_FORWARDED_PROTO‘], ‚https‘) !== false)
$_SERVER[‚HTTPS‘]=’on‘;

?>

go to your wordpress admin panel
https:///wp-admin/options-general.php

Change: WordPress-Adresse (URL) and Website-Adresse (URL)
to https:// instead of http://

you can do this in the web interface or inside the database

Test: https://www.jitbit.com/sslcheck/

 

 

To avoid errors you need to change links that point to http:// instead to https://

download your database make a copy and use notepad++ to replace all http://<your-domain> to https://<your-domain>

or use the plugin to redirect all http to https https://de.wordpress.org/plugins/https-redirection/

additional plugins can have security issues so the database update method is recomended

Schreibe einen Kommentar