Hi, a while go I activated SSL with Cloudflare, and used multiple Plugins to make it work on my Wordpress website. It’s all working fine now, but I have the feeling I don’t need all those Plugins only for SSL. How do I know which ones are necessary and which ones are safe to delete?
The Plugins that are activated now:
Thanks in advance!
You do not need any plug-ins. You only need a valid certificate on your server. Do you have that? If yes, you are good to go. If not, your whole site is still insecure and you need to fix this immediately.
Thank you, I do have a certificate but I was afraid to lose it when I would delete those plugins. For example the Flexible SSL for Cloudflare says:
" What happens if I disable this plugin AFTER enabling Flexible SSL on Cloudflare?
Your WordPress site will not load on HTTPS/SSL. You will create an infinite loop loading problem and the only way to solve this is to turn off SSL redirects within Cloudflare. "
You seem to have an Origin certificate on your server and - if your encryption mode is Full Strict - you should be good to go. No other plugins necessary, unless you need them to e.g. rewrite HTTP links to HTTPS but Wordpress should do this on its own.
Flexible SSL is supposed to be completely ignored as that leaves the impression of security even though it is fully unencrypted.
With an Origin certificate and Full Strict you should be good to go and not require anything else. Just make sure you renew the certificate before it expires.
Okay got it, Thank you!
Hi, So I just deactivated and deleted the extra Plugins and first it seemed okay and the the site remained secure, but now it shows not secure even though the certificate shows approved.
Also my updates in a new post do not safe correctly. I did do a backup before deleting the plugins and making the changes but I prefer not to put it back, is there any other way to make my site secure and working again?
No issues here
Check your browser cache and make sure you do not have any mixed content.
That seems to be in your administrative area though, right? The public page seems to be okay.
It might be that something on there embeds an HTTP link and that could be the reason for that warning. That should generally not happen and you should track down that link and fix that. It could be that one of those plugins earlier forced that resource to HTTPS, but that would be rather a question for Wordpress then.
Your public page seems fine.
This topic was automatically closed after 30 days. New replies are no longer allowed.
