This is a short tutorial showing how to setup wordpress and cloudflare flexible ssl.
Cloudflare offer a service called ‘flexible ssl’ this means that cloudflare encrypts your content between the end-user and cloudflare, but the connection between cloudflare and your site is not encrypted. This is a good solution if you are on a shared host and want an SSL certificate, but your host is unable to give you one.

WordPress and cloudflare flexible ssl configuration

1) Add this to your wp-config to set wordpress to always use ssl for the login screen and the admin section:

define('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);

if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {

2) Go to your admin section, and change the options for site address and wordpress address in this order:

  • site address (url) – make it have https:// at the start, hit save
  • wordpress address (url) – make it have https:// at the start, hit save

if you do this part in the wrong order your wordpress will break, and you have to edit the database directly.

wordpress and cloudflare

Misc cleanups on your site

3) goto cloudflare and in page rules, enable https always for your domain name


4) update all the links to images that you have in your database:

update `wp_posts` set post_content = replace(post_content, '' , '/') WHERE `post_content` like '%'

You now should be able to have https on everything and cloudflare should redirect your users too)

Sources: Cloudflare