Free SSL on a non-SSL Hoster without root access (e.g. for WordPress)

For e.g. I use a free hoster like for many years now,

there are many hosters who does not provide a ssl certificat,

if you have a kvm or cloud server it’s easy to setup with let’s encrypt and certbot so i do not understand why they don’t, since this year let’s encrypt also provide ssl cert with domain wildcards.

if you don’t have root access and use a free hoster we can use a trick with cloudflare.

Register on Cloudflare

goto Crypto

change settings:
Always Use HTTPS ON
Automatic HTTPS Rewrites ON

add to your “wp-config.php” or “index.php” the following code inside php tags:

define(‘FORCE_SSL_ADMIN’, true);
// in some setups HTTP_X_FORWARDED_PROTO might contain
// a comma-separated list e.g. http,https
// so check for https existence
if (strpos($_SERVER[‘HTTP_X_FORWARDED_PROTO’], ‘https’) !== false)


go to your wordpress admin panel

Change: WordPress-Adresse (URL) and Website-Adresse (URL)
to https:// instead of http://

you can do this in the web interface or inside the database




To avoid errors you need to change links that point to http:// instead to https://

download your database make a copy and use notepad++ to replace all http://<your-domain> to https://<your-domain>

or use the plugin to redirect all http to https

additional plugins can have security issues so the database update method is recomended

Leave a Reply