Are you ready to go https with your WordPress blog?
Here is a neat trick that will allow your blog to accept both HTTP and HTTPS using Protocol Relative with no insecure page errors.
Ive been running WordPress for many years and recently made the jump to TLS Encryption by using CloudFlare Free https.
CloudFlare and many others have disabled SSL because of a security vulnerability. The latest encryption protocol is “transport layer security ” (TLS.)
The disadvantage of this is, many older browsers do not support it and will not connect to a TLS encrypted site. So if you go https with your blog you may be preventing others from viewing your articles.
I found a way to make WordPress easily accessible by both http and https protocols. That’s the ticket for taking advantage of a secure WordPress blog and at the same time not blocking any faithful followers of your articles.
This process can be tricky to implement, and after conversion your database will not be able to be reverted back. So do a full backup of your blog before beginning!
The most important task is to export your current database to disk before attempting to implement this mod. If your running under cPanel simply log in, navigate to MySQL and click on your blogs database. At the top you will see an export tab. Click it and export your database to disk. If something goes wrong during this process you can always re-import your good database to get your site back online.
You will need these two plugins. WordPress HTTPS and Velvet Blues Update URLs . Download these plugins and install, but do not activate yet.
Next verify https is available by adding https:// to your blogs url. If you just set up CloudFlare it can take up to 24 hours before your domains certificate is fully active. If you get an invalid certificate warning give it more time. Also check your cf settings to be sure that https is set to flexible mode.
Next activate WordPress HTTPS Plugin. Navigate to it’s settings and be sure your domain is displayed properly. Check proxy setting to auto. At this point your blog should be displaying properly in https. If you get insecure warnings ignore them for the time being.
Next is to add this code snippet to your wp-config file. Add it just above the line that says: /* That’s all, stop editing! Happy blogging. */
define('FORCE_SSL_ADMIN', true);
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS']='on';
This forces WordPress Admin into https mode.
Verify you can navigate within your WordPress admin area. Ignore any insecure browser warnings. This is common when in your admin area.
Click the thumbnail to your left to expand and show how i set up velvet blues update urls to make the needed database changes.
If all went well, you should be able to access your site by both http and https. A view of your homepage source code should show your pages with http and protocol relative views. If so you got it!
Some plugins might need manual intervention. One that i run is Simple-Press WordPress Forums. To make that one work in both protocols i had to go into my database and change it’s page url to protocol relative. Not a big deal if you are experienced in MySQL databases.
I also suggest changing your WordPress urls under general settings to https. This will force Yoast WordPress SEO to make your sitemap urls https. You do not want an https site with http sitemap urls.
This setup is working well for us. It allows this blog to be available under both http and https protocols. A win-win combination!
One of our pages, Doc’s webcams, does not support https. Just added a link above the cam displays saying: These cams do not support encryption. Click here for non-secure page. that takes care of that little problem.
If you have questions comment below. 😉
FidoSysop
I'm a former Auto Dealer and Mechanic born in the 50s. In 1991 Doc's Place Bulletin Board System was born on the Fidonet Network. Since the net went public I've been studying and mastering it becoming a tech-savvy hobbyist webmaster. I.blog my opinion about many worthy subjects and maintain a large conservative archive!
Thanks for recommending Velvet Blues. That plugin saved me a lot of work. 🙂
Thanks for your comment. It’s pretty old, so I’m happy to hear it still works.
Thanks for your comment. It’s pretty old, so I’m happy to hear it still works.
Hi! and thank you for this post which is certainly helping me understand how to use ssl with cloudflare in wordpress. I would be very grateful if you please could clarify an issue for me. I have changes urls using the plugin you recommend (velvet blues update urls) from old url: http://mydomain.com to new url: //.maydomain.com, following your instructions. Now, in order to revert the changes if necessary, what should I enter in old url, //mydomain.com or http://mydomain.com?
Its best to use your backed up database if just trying the mod out. But otherwise reversing the procedure will work too.
Sorry for the late reply, I didn’t get notification of your post.
Its best to use your backed up database if just trying the mod out. But otherwise reversing the procedure will work too.
Sorry for the late reply, I didn’t get notification of your post.
Hi FidoSysop, thanks for your response. Although I’m still in doubt. In order to revert the change, should I use http://mydomain.com in both old and new url fields or should I use //mydomain.com in the old url field and http://mydomain.com in the new url field? Thank you for your help
I never changed mine back because it works well here. An example is my webcams page that the cams themselves barf on https. But with this mod that page is able to be viewed in non-encrypted http protocol.
In theory your example to revert a database back should work. One reason i suggest backing up your database before trying this mod.
Hope this best answers your question.
I never changed mine back because it works well here. An example is my webcams page that the cams themselves barf on https. But with this mod that page is able to be viewed in non-encrypted http protocol.
In theory your example to revert a database back should work. One reason i suggest backing up your database before trying this mod.
Hope this best answers your question.