Recently my client Razzball made the transition to having a secure suite of websites. The ride was not an easy one, due to the learning curve on configuring Cloudflare and a suite of WordPress websites using subdomains.
Razzball runs a multisite network with subdomains that looks like this:
- razzball.com (the original Baseball site)
Usually it doesn’t take a lot of time and effort to make a WordPress site run under HTTPS, but the game changes significantly with the combination of WordPress multisite subdomains, Cloudflare, and cPanel.
Here’s what we did to make WordPress Multisite work with Cloudflare SSL on a cPanel server:
1. Generate the Certificate and Install the Certificate in cPanel
Use the following the Cloudflare documentation to generate the CSR and install it in cPanel: https://support.cloudflare.com/hc/en-us/articles/224985668-How-to-install-an-Origin-CA-certificate-in-cPanel
2. Force WordPress Multisite to use HTTPS
Using phpMyAdmin in cPanel, modify the following values in wp_options to use https instead of http:
After adjusting these two values, if you look at the sites in your WordPress Network Admin area, you’ll notice the site address on the subdomains now uses https.
3. Adjust Cloudflare settings
In Cloudflare, click Crypto and set the following:
- SSL: set to Full or Full (Strict).
- Always Use HTTPS: set to On.
- Automatic HTTPS Rewrites: set to On.
4. Visit your sites and enjoy the security
All of your subdomains are now running smoothly on https with the Cloudflare SSL Certificate. Time to celebrate!