We had been tinkering with using flexible SSL on Web Tech Gadgetry for awhile, however in the past, we had had some problems with setting up the HTTP to HTTPS redirect. Since then we were able to figure out the problem and thought it a good start for a new post.
Lately, HTTPS has been quite a hot topic, with rumours going around suggesting Google are planning on adding it as part of their SEO ranking algorithms. Whether or not these claims are true it gave a good enough case to give CloudFlare’s flexible SSL another go.
- CloudFlare Flexible SSL (prevents the pesky redirect loop)
The above plugins are required in order to set-up flexible SSL for WordPress correctly. The first thing to do before we go forward with anything else is to ensure all of our WordPress blog’s assets are set-up to be downloaded through HTTPS. Without this, you’ll likely encounter an insecure content warning in your browser. To do this you must ensure HTTPS protocol rewriting is turned on from within the CloudFlare plugin settings.
Once the additional CloudFlare flexible SSL plugin has been installed it should be ready to go out of the box.
Enabling Flexible SSL
The next step involves enabling flexible SSL within your CloudFlare control panel. This can be done by either changing the global SSL drop-down to flexible SSL or by doing it on a page rule basis. You should now find that you can now access your WordPress blog by using either HTTPS or HTTP. To ensure we don’t run into any duplicate content issues, that could instead have a negative impact on SEO we must set-up a redirect.
Redirecting HTTP to HTTPS
When we first tried switching over to HTTPS we attempted to set-up a redirect within our site’s .htaccess file. When doing so it resulted in some strange redirect behaviour that effectively broke the site. We have since found out that you must create a separate page rule from within your CloudFlare dashboard to exclusively redirect all requests to HTTPS.
This concludes our article on implementing and configuring SSL with your WordPress website, we hope it helped you figure some of the problems we had. Although HTTPS may not be required on a blog, it does allow for the use of new technologies such as HTTP 2.0 and it would indeed seem as though the web is in general leaning towards improved security.
We recently wrote an article on the importance of HTTPS and the web. Click on the link to find out more on why you should be using SSL on your own site.