Http/ https loop

Hello, I’ve gone ahead and have fixed my http / https loop that began when I set my nameservers to Cloudflare’s. plugins that are supposed to fix the issue are either doing nothing, or forcing a re-direct, and thus, once again causing a loop. if I remove https in front of the URL, the site loads up perfectly.

So I thought: ok, I’ll just go ahead and re-load all images now that I’m in HTTPS. Nope, it doesn’t work. They all load in as HTTP. Why is that? And is there a way to “trick” it?

Thank you for any suggestions

the website is

1 Like

Here’s an update. I had to once again (this is the 2nd time) changed my name servers back to the original settings. Having those name servers point to Cloudflare has been a trip to ■■■■ and back.

It seems that having name servers pointed to Cloudflare and having an https don’t mix. I will have to once again perform a site restore tomorrow once the name servers propagate back to their original settings (due to trying to fix bugs).

My hosting company removed the redirect that was causing my site to go around in an infinite loop, which helped, but then I was getting “mixed insecure content” and none of my images were displaying. I went in and tried out a couple of plugins (actually everything available) that should have solved the issue by forcing all images to be https. None of those worked. They were showing images to be https on the backend and not displaying on the front end. I uploaded new versions of the same images while in HTTPS, those images keep loading in as HTTP.

Now I’ve removed HTTPS from my site completely and it’s displaying…

This was a test to see how this service works out, I was going to purchase a premium package for 3 of my other sites as well and use it for future clients, but this whole experience has been, so far, a total nightmare.
Additionally, speed tests weren’t really improving. In fact, at one point, the site load went up to 62 seconds… hmmm…

I’m super disappointed because I was really hoping to see some huge improvements in speed, but so far, I’ve gotten very far behind on work (and sleep as it’s 2am where I am)

I don’t know how or why it seems that only I am have such incredible issues, but I did some rather standard stuff… so who knows? Anyway, thank you for those who have been supportive in answering my questions.



1 Like

@troyhunt created a 4-part video series on how to do this:

You can easily fix by adding below code in the wp-config.php

define('FORCE_SSL_ADMIN', true);
// in some setups HTTP_X_FORWARDED_PROTO might contain 
// a comma-separated list e.g. http,https
// so check for https existence
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
1 Like

Thank you! I will try this out next week. I will be away for the weekend. I’m hoping to not suck another 2 days into this… In the wp-config.php, would i just add this to the end?
I wrote about this issue on wednesday, but no one replied on what to do…

Now that the NS have propagated back to Hostgator and I have restored my site to yesterday morning’s settings, I have a question: when I go back and follow these steps, if the “redirect” has been removed from hostgator’s end, will I get that looping again? This is exactly what was happening initially:

If so, do I need to have hostgator remove the redirects?

1 Like

HI Anonymous
I’m exploring all options. If I put this in the wp-config file, will removing a redirect be necessary from the hosting end? I had the site restored to yesterday’s settings and pointed my nameservers back to my hosting company (this was before I got any replies). So I’m going to start from scratch Monday, and I can’t afford to spend more hours on fixing a broken site, so any advice you could give me would be greatly appreciated.
Thank you!


Don’t set HTTP/S redirects at the host. You can use Cloudflare to set the connection to HTTP or HTTPS appropriately for how your host is configured.

If your website works over HTTPS, good. Cloudflare will make sure all visitors use HTTPS.
If your website does not work over HTTPS, not so good, but Cloudflare can connect to your server over HTTP, then make sure all your visitors use HTTPS.

As for forcing Wordpress Admin to use SSL, I’m not so sure that will work if your host doesn’t support HTTPS. Cloudflare Flexible mode connects with HTTP, and if your site is trying to force HTTPS, Cloudflare will go into a loop as it tries to connect with HTTP.

The shared code is just to fix the redirect loop and force HTTPS at /wp-admin/ only. You should still consider forcing HTTPS globally using below steps (Same what @sdayman suggested)


  • Login to Cloudflare > Select domain > Go to SSL/TLS app > Enable Automatic HTTPS > Enable Automatic HTTPS rewrite.

That’s all.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.