CloudFlare makes it easy to get SSL on your website: here's how
- select the contributor at the end of the page -
Here’s what I think about SSL: It should just be everywhere. Let me explain why by starting with a quick Google-related example.
Last year Google announced that it would begin using HTTPS as a ranking signal. This means your site would actually be elevated in the search results if you’re securing it with SSL. Google is going even further in suggesting that browsers should begin warning users when they don’t have a secure connection. This is the inverse of what happens now, where you only get a visual indicator when the connection is secure.
The problem is that SSL still remains a premium service – two recent projects I was involved in really highlighted this issue. The first project involved a friend who wanted to set up a charity website on Microsoft’s Azure website service. It’s an excellent service, sure, but it doesn’t support SSL and my friend would have had to deal with a near seven-fold price increase just to get it running on a basic tier.
The second project involved supporting my wife as she was getting her personal blog up and running. We elected to put it on the Ghost blogging platform; Ghost offers a hosted version of its product (Ghost Pro) for a mere $8 per month. By paying the low fee, someone else runs the whole thing for you – but again, there’s no SSL. This takes us right back to the Azure conundrum.
Both of these projects wanted SSL not just for SEO, but for the original value proposition of SSL; keeping data-in-transit confidential, ensuring that it can’t be modified, and providing users with confidence in the site. Fortunately, CloudFlare has a solution that not only solves the problem in both example cases, but it does so for free.
Even if you haven’t heard of CloudFlare, chances are you use it. It’s hard for someone to avoid using CloudFlare, as it’s the Web’s largest property by number of monthly unique users (over a billion) and it serves five trillion Web requests per month. CloudFlare provides an essential backbone service, underpinning a huge number of websites. It both accelerates and secures the Web and, again, you can get involved with it at no cost.
How it works
CloudFlare sits between your users and your website. Thanks to this position, it can do everything from optimizing your traffic (via its content distribution network) to stopping attacks.
And, of course, it can give you SSL. It also happens to only a five minutes to set up; you create an account on CloudFlare, update the nameservers of your DNS and that’s it – job done!
Now, you could just stop there and get things running very quickly, but why not carry on until you’ve greatly improved the security profile? Especially since it only takes a few tweaks. If you’re serious about your Web property, there are a few aspects the service that you’ll want to get familiar with, like which parts of the communication are encrypted and which are not.
Getting started with CloudFlare Security
The CloudFlare service has a lot to offer. I like it so much that I created a course on it; Getting Started with CloudFlare Security. This course shows you how easy it is to get up and running with CloudFlare, and will quickly take you to a solid implementation of the platform in less time than it takes to watch a movie.