I have enabled SSL within CloudFlare for my GoDaddy-hosted Wordpress site. However, images within the body of my posts have URLs hardcoded by WordPress to begin with HTTP. This obviously incurs costly redirects from HTTP to HTTPS during rendering of my pages.
So I enabled “Automatic HTTPS Rewrites” as a page rule in CloudFlare for the folder containing those images, and this did seem to remove the redirects (according to PingDom). But when I view the source of my site, those same image URLs are still HTTP rather than HTTPS.
I would have thought that CloudFlare would have manipulated the URLs within the (cached) HTML itself, in which case I’d be able to see the change with my own eyes when I view the source? But it seems like CloudFlare might instead be doing something a little more ‘automagic’ during the request/response? I’m really just looking for advice on this topic, or clarification.
And related, is there a way with these page rules to rewrite other kinds of URLs? For example, the fact that Twitter tags within my HTML are still being written by WordPress beginning with HTTP is bad, because it means that people who tweet my articles automatically do so with a URL beginning with HTTP, and thus when their followers click on that link, they incur the penalty of a redirect before page load.
I could probably solve all of this by installing SSL on my GoDaddy site, such that everything is HTTPS both in front and behind the CloudFlare cache. But I have grave concerns about how poorly my meagre managed WordPress install might perform if it is tasked with doing SSL encryption (GoDaddy provide no way to add more CPUs, RAM etc to managed WordPress instances).
Clear as mud? Have I made sense at all guys? Anybody correct me onto the right path?