After activating my ssl certificate I had problem with mixed content and its layout also got messed up. To solve this issue, I installed the plugin Cloudflare Flexibe SSL to enable me to access my dashboard and the plugin Better Search Replace to substitute all http links to https in WordPress. My layout is ok now but I still receive a message in the browser saying my website is not totally save.
That is a 000 issue! As you say, they don’t support anything else! I have been trying to post a link to my Flexible article on their community but their discourse email verification is down
Yes, it’s the only option for your site to appear secure, but being set to Flexible isn’t actually secure (please see the link @judge posted earlier). Without switching to a paid host, not sure there is a lot you can do…
Actually, when you use Flexible, though the encryption is not end-to-end as some have pointed out here, you should be able to have a page that shows in the browser as “safe”.
The browser has no business knowing what lays beyond Cloudflare once you properly set your site to go through it, using the orange cloud icon in the DNS app. Make sure you have Always Use HTTPS and Automatic HTTPS Rewrite on the SSL/TLS app. You could be prevented from showing your site as safe, though, if you depend on third-party assets that cannot be loaded over HTTPS.
Having said that, showing a padlock on your browser will not make the connection between CF and 000 safe, as @Judge, @domjh and others in this community are always correctly reminding us. So it’s a matter of trust, but technically you can have a site showing as 100% secure in the browser.
The issue with 000webhost.com is that they are a free hosting company, but hosting costs money. So they have as part of their business plan to insert promotional links on the bottom of your pages, and they can only enforce that if you do not use SSL. So I wouldn’t expect that they might be open to change that behavior any time soon.
Also yeah, sorry everyone for the security concerns. As @domjh said, I’ve updated my tutorial to add the security warning — however, the freemium business model dictates that we leave things as-is. If users want added security, they can switch off the free servers and onto something that earns us money. It’s a win-win in the case of the premium plans.
At any rate, if it were up to me I’d have a custom integration with Cloudflare working side-by-side with us to improve security on the free level. I’ve been trying to convince the higher-ups for a long time, but they’re focused on the premium users (and rightfully so, paying customers are always top priority) and won’t be pursuing that for a long time (if at all). So for now, thank you all for bringing this to my attention, and I hope my contributions set your minds more at ease!
Huge thanks to @domjh, he’s been a hero in all of this. By the way, I’m not sure why the forum wasn’t letting you post the links to your post until recently — the spam bot is on super high but it shouldn’t have any qualms with a Cloudflare link.
