I have Cloudflare enabled for my Wordpress site with the following setting for SSL:
Full - Encrypts end-to-end, using a self signed certificate on the server
I previously used a plugin called Really Simple SSL and am unsure if that is necessary any more with Cloudflare (I think) directing all traffic to use SSL.
Here are my Really Simple SSL Settings to give you an idea of what it is doing:
You should switch that to Full Strict, as your current setting is insecure. And you need to make sure your server is properly configured for SSL.
Generally, the best approach is to to make sure your site works fine on HTTPS without Cloudflare.
If it does, it will work out of the box on Cloudflare as well. You may want to pause Cloudflare for that.
What’s the domain?
wednesdaysinmhd-com (won’t let me put in real link)
I’m 99.9% sure it works fine. I have had SSL enabled to allow Stripe/Paypal payments via Woocommerce for years. I have an auto-renewing certificate
All right, the server seems to be properly configured.
I’d fix the encryption mode (Full Strict) first.
Do you have any actual issues with your site?
As for the screenshot you posted, Cloudflare already covers most of that.
Thanks for the quick replies!
No issues. Was just looking to get rid of an unnecessary plugin. I guess I can disable it after going Full Strict but not sure how much ‘work’ it will take to find any
mixed content errors.
mixed content, you can enable “Automatic HTTPS Rewrites”.
Alternatively you could also send
CSP: upgrade-insecure-requests - HTTP | MDN
The important thing is that you use Full
Strict, as you otherwise wouldn’t have any encryption at all or just an unverified one.
The only thing, considering that Cloudflare forces HTTPS, the certificate renewal may not work (as they typically insist to verify it via HTTP). In that case you could check out Origin certificates, as they are easier to manage, though they only work with Cloudflare.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.