You may want to read my write up I have a link to in my signature. I would also use CloudFlare and CIDRAM. I know the author of CIDRAM. I can help you greatly at protecting your site, although, I'm code stupid.
As far as HTTPS goes. Just use cPanel's Lets Encrypt free service. It should be there in most hosting providers. If not, I would question that host.
With CloudFlare you have to set up the DNS before the website is propagated in the Internet. Otherwise DNS hosting history sites or CloudFlare resolvers like CrimeFlare will see your origin IP address. If you are using a VPS, then block all IPs except CloudFlare's. Also, use a third-party E-mail service like something from Namecheap or Gmail and delete the MX record. The MX record will rat your origin IP out.
Where can I take part in this hacking project? Can I sign up?