Before 2016 ends, I made sure that this blog is more secure. Just like most WordPress users (and since SSL is now for free, thanks to Letsencrypt), I activated SSL at jehzlau-concepts.com! Now https://www.jehzlau-concepts.com is redirected to https://www.jehzlau-concepts.com/. MaxCDN url is also updated to a shared SSL CDN url, then Cloudflare cryptography SSL settings is set to Full (Strict).
Enabling https in WordPress is pretty simple, I didn’t even modify any WordPress files (e.g. wp-config.php) nor the famous .htaccess file. I just installed 2 plugins, and voila, everything in this blog is now working smoothly with https enabled! The two plugins I installed are: Really Simple SSL by Rogier Lankhorst and Easy HTTPS (SSL) Redirection by Tips and Tricks HQ.
Just make sure you already have SSL installed in your host. If you encountered a ERR_SSL_PROTOCOL_ERROR, you just need change your nameservers back to your default nameservers. The ERR_SSL_PROTOCOL_ERROR usually occurs when you’re using Cloudflare. If you switch it back to your host’s nameserver, then switch it back to Cloudflare after a few hours, then that error will vanish miraculously.
If you’re using a CDN like MaxCDN, make sure your Edge SSL is enabled, then change your CDN URL to the SSL URL under Pull Zones > EdgeSSL. You can also use a custom subdomain, just point your CNAME to your SSL URL. In my case, I pointed securecdn.jehzlau-concepts.com to cdn-jehzeellaurente.netdna-ssl.com.
Then that’s it! You’re all done! No nasty code changes.
UPDATE 12/30/2016: I just found out that all my images in all blog posts are still in http. So I installed another plugin called Better Search Replace. Then replaced all http to https, and it resolved the issue. So a total of 3 plugins need to be installed if you’re planning to switch to https soon.