So you are hosting a WordPress Blog running on IIS (Internet Information Services) which is behind CloudFlare CDN (Content Distribution Network) and you want to enable CloudFlare’s free Flexible SSL so your WordPress Blog can be accessed over https. You have tried to set this up, however have ended up with an annoying a redirect loop leaving your WordPress Blog inaccessible, here is how to fix that redirect loop.

CloudFlare Flexible SSL Setup for WordPress Running On IIS:

  1. Log in to CloudFlare and find your domain
  2. Click the settings cog next to it and select “Cloudflare Settings”
  3. Scroll down to SSL and enable Flexible SSL

cloudflare-flexible-ssl

Next in your WordPress Admin Panel:

  1. Go to Settings
  2. Change your blogs URL’s from http:// to https://

wordpress-cloudflare-https-settings

You will have now forced WordPress to use https:// however you will find you now have the infamous redirect loop error.

Fix WordPress / CloudFlare Flexible SSL Redirect Loops:

  1. Open your wp-settings.php file and find the line which says require_once(ABSPATH . ‘wp-settings.php’)
  2. Before this line add the following code:
// Force Admin Login To SSL
define('FORCE_SSL_ADMIN', true); 
// CloudFlare SSL Fix
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') { 
$_SERVER['HTTPS']='on'; 
}
else {
$_SERVER['HTTPS'] = false;
} 
define('WP_SITE_URI', ($_SERVER["HTTPS"]?"https://":"http://").$_SERVER["HTTP_HOST"]);
define('WP_SITEURI', ($_SERVER["HTTPS"]?"https://":"http://").$_SERVER["HTTP_HOST"]);
define("WP_CONTENT_URL", WP_SITE_URI . "/wp-content");                   
define("WP_CONTENT_URL", WP_SITE_URI . "/wp-content");

Add these after the require_once(ABSPATH . ‘wp-settings.php’) line:

wp_cache_set("siteurl_secure", "https://" . $_SERVER["SERVER_NAME"], "options");
wp_cache_set("home", WP_SITE_URI, "options");
wp_cache_set("siteurl", WP_SITE_URI, "options");

That should fix your WordPress / Cloudflare redirect loop problems when accessing your WordPress blog from behind Cloudflare, now you simply need to force all connections to your blog to use https, to do this:

  1. Log in to CloudFlare and find your domain
  2. Click the settings cog next to it and select “Page Rules”
  3. Select always use https
  4. enter *yourdoamin.com* for the rule patterns, in this example i entered *matthill.me.uk*
  5. Click add rule

wordpress-cloudflare-https-redirect

All your old http:// url’s will now 301 redirect to the https:// URL’s.

The 301 redirect tells Google and other search engines that the page has moved permanently.

Note: if you do not wish to force https on sub domains enter yourdoamin.com* for the page rule on Cloudflare instead.

That’s it, your WordPress Blog should now be working fine with CloudFlare Flexible SSL.

You can test your SSL setup with Qualys SSL Test, matthill.me.uk got a grade “A” test result, which is the highest you can obtain.

ssl-test-results

Author

Matt has always had a passion for computers, gadgets and technology. He will never be found too far away from a good cuppa tea.

4 Comments

  1. what about .htaccess ? i follow your instruction but still cant not acces my site 😀 and still cant not login to dashboard

  2. Thank you for the tutorial. Would you happen to know why some images would fail to load on the website when cloudflare SSL is enabled?

    • Are you embedding images with http or https?

      Edit the post and change any images to https:// and they should load.

Write A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.