How to make Cloudflare Flexible SSL work with WordPress

WordPress is a great and very popular website building tool, and Cloudflare is a great way to get HTTPS on your website for free. Thanks to Cloudflare’s Flexible SSL system, you don’t even need to manage SSL certificates to use it!

However, getting WordPress to show a padlock and make all pages work can be a bit tricky. This article explains a good way to configure your website correctly with Cloudflare Flexible SSL.

Heads up! Instead of making WordPress work with Flexible SSL, you can also configure you website with Full SSL on Cloudflare instead! Using Full SSL is more secure, easier to setup on the WordPress site and quite easy to setup on the hosting side too. See this article on how to set it up: How to setup Full SSL with Cloudflare

Ensure your WordPress admin area is currently accessible

If you’ve already attempted to make WordPress available on HTTPS yourself, you may have locked yourself out of your WordPress admin area. If so, you should probably see errors like this when trying to access it:

  • Google Chrome (and derivatives): ERR_TOO_MANY_REDIRECTS
  • Mozilla Firefox: This page isn’t redirecting properly

To regain access to your WordPress admin area, you can do the following:

  1. Login to your client area, find your hosting account, click Manage and then go click Control Panel.
  2. Go to phpMyAdmin, find your WordPress database and click Connect Now.
  3. Find the table with the name ending with _options and click on the name.
  4. Find the rows with the column option_name matching siteurl and home. These should be the first two in the list, but you can use the Search function if you can’t find them.
  5. Double click the value in the option_value column, and change the start of the URL from https:// to http://.

If you have multiple databases and you don’t know which database corresponds to your WordPress website, you can find your database in the installation details in Softaculous, or by checking the wp-config.php of your WordPress installation.

With this option changed, you should be able to login to the WordPress admin area again.

Make sure your Cloudflare settings are clean

If you’ve just enabled Cloudflare, all the Cloudflare settings should be standard, which is good.

If you’ve already tinkered with the Cloudflare settings before trying to get HTTPS to work, here are some settings to verify:

  • In the SSL/TLS → Overview tab, Encryption Mode is set to “Flexible”.
  • In the SSL/TLS → Edge Certificates tab, the setting “Always Use HTTPS” is set to Off.
  • In the SSL/TLS → Edge Certificates tab, the setting “Automatic HTTPS Rewrites” is set to Off.

Install the Really Simple SSL plugin

The easiest way to get Flexible SSL to work properly is with the - aptly called - Really Simple SSL plugin. You can install the plugin by hand or automatically through the WordPress admin area.

From there, making HTTPS work is as simple as hitting the enable button to make HTTPS work for both your front website and WordPress admin area!

After enabling the plugin, you can also enable the .htaccess in Really Simple SSL, enable Always Use HTTPS in Cloudflare, or both, to enforce HTTPS on all pages.


2 posts were split to a new topic: The key uses greater than 2048 bits