Secure Your WordPress Site with SSL using Cloudflare

Securing Your WordPress Website with SSL over Cloudflare

These are the steps required to getting your WordPress website working with SSL provided through Digcat. 
 

  1. The first step is to ensure both the core WordPress website and all plugins are up to date. The latest version of WordPress core is 4.1.

     
  2. Then install either the CloudFlare Flexible SSL WordPress plugin or the WordPress HTTPS Plugin. These plugins have been found to resolve redirect loop issues especially on the Admin login.

     
  3. Then install the CloudFlare WordPress plugin to make sure that the original visitor IP is being passed back at the WordPress level for web statistical reports. We will provide you an API key and login user that need to be saved in the plugin.

     
  4. When in the WordPress admin area go to Tools and run the SSL Insecure Content Fixer - is_ssl() test. This page checks to see whether WordPress can even test for SSL. If it can't, something else needs fixing and it will usually say thie following:

    is_ssl() says: no, SSL not detected

    Your server is behind a load balancer or reverse proxy.


    If so, please add the following code to your wp-config.php file above the require_once:


    if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
        $_SERVER['HTTPS']='on';


     

  5. Then open your website with https:// prefix to see if your website loads the SSL.

    If you have a mixed content you will either get an error warning or the SSL symbol will show as broken in your browser. In order to rectify this, you will need to go through your website content and ensure any links being loaded are being done over HTTPS and not over HTTP.