After installing SSL, you should redirect all HTTP traffic to HTTPS to ensure all visitors use the encrypted connection. This also prevents duplicate content issues for SEO.
Force HTTPS via .htaccess
Add these rules to the top of your public_html/.htaccess file:
RewriteEngine On\nRewriteCond %{HTTPS} off\nRewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]WordPress: Force HTTPS
In WordPress, go to Settings > General and change both the WordPress Address and Site Address from http:// to https://. Then add the .htaccess redirect above. Also update your Cloudflare SSL mode to Full (Strict).
Force HTTPS via cPanel
In cPanel, go to Domains and find your domain. Toggle Force HTTPS Redirect on. This adds the redirect automatically without editing .htaccess.
Verifying the Redirect
Open your site in a browser using http://yourdomain.com. You should be automatically redirected to https://yourdomain.com and see a padlock in the address bar.