Getting started with HTTPS from HTTP


Hi there guys,
Forgive me if this topic exists - but I haven’t found it yet.
Just signed up today for a free plan. I am very excited that I’m using Cloudflare! I would like to use the https version in my blog, since this is the way to move forward. I have switched the ‘Always Use HTTPS’ option in the dashboard. I then went to check my website, and of course, it was not displaying properly. I have now switched off that option until I figure out a proper/efficient way to manage this.

I’m looking for a way to re-direct everything to https with the least amount of harm to my rankings/SEO.
How have you guys managed this switch? Do you just go to your cPanel and make a ‘301 redirect’ thing…?

I’m a bit insecure about this - any help is deeply appreciated!
My site is this!


This switch in Cloudflare essentially just does a 301 redirect.

With the option to force HTTPS turned off, what happens if you visit the
blog using https://? If things aren’t displaying properly, it is most
likely that you are calling resources over HTTP (this could be CSS, JS,

Assuming you can reproduce the problem by switching to https:// then
check your browser’s web developer tools to see what requests are
failing and why, most likely you’ll need to update your theme/blog to
call resources over https. You can do this without redirecting the
entire site (it won’t break HTTP traffic), but will eventually fix the
HTTPS version.

You could also try the “Automatic HTTPS Rewrites” option, this will do
some of what I described above automatically. Like with most changes,
clear the cache to see the results (again, test by manually switching
the URL to https://).


Thank you for replying so fast!
I tried displaying the HTTPS version while it’s forced OFF in Cloudfare’s dashboard and like you said, it’s not displaying properly, (I tried this in Chrome’s incognito). I’m not clear about what you mean by "calling resources over HTTP (this could be CSS, JS,etc)?
I’m afraid I’m not sure how to update my theme to call resources over https either! I can google it I guess. Is it a code in functions.php??

Also, where is the “Automatic HTTPS Rewrites” option. I will scan the dashboard of course in the hope of finding it.

Thanks once again for your help…


The “Automatic HTTPS Rewrites” is further down on the page that has the
Force HTTPS option. Remember to clear the cache.


Thanks I found it shortly after. However, I’m not sure if this will do the job all the way through as you also pointed out??
This is proving to be such a nightmare…! Perhaps I will wait for 24 hours for the SSL to propagate since it’s saying its Active in Dashboard, but when I visit my url it still says ‘Not Secure’ even in Incognito mode.


Hi there,

You haven’t provided a URL so it’s hard for the Community to investigate, however this does sound like mixed content to me:


I have provided a URL in my first thread. Here it is again though: URL
It’s not mixed content. At least I would know something was wrong if that was the case though. Anyhow, I don’t think the SSL has been propagated yet…? I only activated my account today. It says that it’s Active, but it can take up to 24 hrs for changes to take effect.
Am I right?


Apologies, I did not see the link in your initial post.

Navigating to the naked URL in a browser directs to which does load everything and displays Not Secure because it is loaded via HTTP.

Navigating specifically to displays your site without formatting due to mixed content errors. While inspecting these errors with your browser’s dev tools you can check the certificate as well - I see a valid certificate issued currently.


Thanks for checking back again Andy!
I did at some point check there was a certificate loaded there when I was in incognito mode. However, the article about Mixed Content seems a little complicated. Gosh, why would my case need to be complex. I just have a blog :slight_smile: I’m not sure what I’ll do from now on…!
I guess I have to take one step at a time by checking and replacing every instance with https…?!


No problem :slight_smile:

I would first try enabling Automatic HTTPS Rewrites if you haven’t already and see if that reduces the number of HTTP instances - it may take care of a lot of them for you.


One thought, is this WordPress? If so, have you updated your blog’s path
in WordPress’ settings to include the https URL? This can make a
difference. After you change it, wait at least a few seconds and then
use Cloudflare’s clear-cache (or enable development mode) and try again.

This might not take care of everything, but it should make a difference
for WordPress’ own resources. The impact will vary depending on the theme.


Hi guys,
It is WP, I will need to do some digging and see how I can update this? I’m not sure…
Right now I have the settings of Cloudfare to not have HTTPS enabled, because I don’t want any downtime in my website or for it to be displaying wrong.
Thanks again


OK, so I changed my site’s URL from WP General settings, but, I now can’t log in and it is saying that there are too many redirects…!
I have ‘Always use HTTPS’ enabled and ‘Automatic Rewrites’ in Cloudfare’s settings. I’m just worried that since I changed my site’s url I will not be able to login again?
I also get a warning icon that my page is trying to load scripts from unauthorised sources, (see screenshot attached)56%20%CE%BC%CE%BC
The front-end of the site is displaying half OK now - still some features don’t work.
Shoot…what will I do with the login situation?


Ok guys! This is what I’ve done so far:

  1. When I visit my home page in Safari, (both regular and Private windows), all my site is displaying great with my https version.
  2. When I do the same in Chrome, (regular mode, Incognito mode, clearing cache), it’s half displaying with some elements still not displaying. This is most confusing to me!
  3. I visited my PHPMyAdmin and ran the following in my SQL:

UPDATE wp_options SET option_value = replace(option_value, ‘Existing URL’, ‘New URL’) WHERE option_name = ‘home’ OR option_name = ‘siteurl’;

UPDATE wp_posts SET post_content = replace(post_content, ‘Existing URL’, ‘New URL’);

UPDATE wp_postmeta SET meta_value = replace(meta_value,‘Existing URL’,‘New URL’);

UPDATE wp_usermeta SET meta_value = replace(meta_value, ‘Existing URL’,‘New URL’);

UPDATE wp_links SET link_url = replace(link_url, ‘Existing URL’,‘New URL’);

UPDATE wp_comments SET comment_content = replace(comment_content , ‘Existing URL’,‘New URL’);`
I haven’t seen any notable changes…?!

I’m still not able to log in to my site. When I use the “wp-admin” it tells me that ‘this page cannot be displayed’. When I used the “wp-login” prefix, it gives me my site’s 404 page.
Can someone enlighten me please??? I seem to be almost there, but not quite!!

Thanks in advance for all your help and time so far Andy and 'thedaveCA"


Ok my friends…all resolved at the end, thank goodness!!!
After reading at least 10 different blogs on troubleshooting this change and why I wasn’t able to log into my dashboard, I added the following lines in my wp-config file:


_if (_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') _ _ SERVER[‘HTTPS’]=‘on’;

However, I was still not able to log in, which is when I started getting really worried. I kept reading blogs and then while the above solution kept coming up, I noticed that they all said I should add the above lines ABOVE the: "/* That’s all, stop editing! Happy blogging. */ line in my wp-config file - well mine was missing.
So I opened another config file from one other site I own and ensured that it was at the very end of the file. I copied it exactly on wp-config in question and moved the above lines above this ending line!
Voila…it worked immediately!!!
I was able to log in, and correct my logos that weren’t’ showing up at the front-end of my site. Now everything seems to be displaying correctly and of course - I’ve conquered the HTTPS mountain yeeha…:slight_smile:

Thanks for all your help guys. I hope this long post will help some other troubled soul as well!

closed #17

This topic was automatically closed after 14 days. New replies are no longer allowed.