Setup SSL with cloudflare, mixed content on WordPress site

Website, Application, Performance Security
1

Hi Guys,

I activated my SSL a week ago, and made the proper redirections to my namecheap.com domain. Everything seemed to be fine until I doubled check and I am getting some mixed content issues, where on Chrome it shows connection encrypted but the site does not fully display my content. I have installed the correct plugins on the Word Press admin site but I am still getting the same results.

Help would be appreciated.

Thank you

2

I’m betting that your site wasn’t using HTTPS before you added it to Cloudflare, which is the root cause of this problem. But I’m sure a search for Mixed Content will net some explanations.

3

Yes it wasn’t that’s why I went with CloudFlare.

4

Make sure to open port 443 on the origin server, @user58110

5

Not the best solution due to the “Flexible SSL” option, but it should work:

  1. Put the SSL option to Flexible SSL in Cloudflare dashboard and make sure the A records for @ and WWW are on :orange: cloud
  2. Put define('FORCE_SSL_ADMIN', false); at the top just after <? to your wp-config.php file
  3. If you have phpMyAdmin, change the site_url and home_url in your table named with prefix_options from http:// to https://
  4. Login to the WordPress admin
  5. Check the value for the site and home URL field in the Settings menu
  6. Install and activate Really Simple SSL plugin
  7. Due to the mixed content, install and activate the Better Search Replace plugin
  8. Naviate to Tools menu and choose Better Search Replace tool
  9. Enter the http://yourwebsite.com/ in the first field and https://yourwebsite.com/ in the second and go with “run”
  10. After that, you would get results, if all good, do it again but “uncheck” the option that says “dry run”
  11. Turn on the “Always Use HTTPS” option and “Automatic HTTPS Rewrites” option under the “SSL/TLS menu” → click on the sub-item “Edge Certificates” in the Cloudflare dashboard
  12. Change the added value for parameter define('FORCE_SSL_ADMIN', false); to true
  13. Check if all works
  14. Write us back with feedback information for further actions in case you have an option to upload custom SSL certificate generated on the Cloudflare dashboard, or if you have an option to generate an SSL certificate at your origin via cPanel AutoSSL or some other so you could use the benefits of the “Full SSL” option in the Cloudflare dashboard

Hope it helps :slight_smile:

The define('FORCE_SSL_ADMIN', false); usually works for me when the WordPress website is old and was only on the HTTP, while in the meanwhile being recently added to the Cloudflare.

Moreover, as already mentioned, you have got SSL certificate from NameCheap for your domain?
Well, maybe your origin does not have SSL feature enabled, or misconfigured and not allowed secure connections (over 443 port).
Or, if you can access your Website over HTTP, use the above steps to make it work.

1 Like
6

This topic was automatically closed after 31 days. New replies are no longer allowed.