I have added in our main .co.uk domain to Cloudflare and it is working fine.
I have discovered that our .co.uk/blog (which is wordpress) is showing now as https: but the blog is all messed up and when we try to look onto control panel, it wont let us even with the saved passwords.
The .co.uk/blog isnt showing in the DNS list. Do I need to add it? If so how? What should I enter as the value.
If this isnt the reason for our WP blog being in a mess, then we might have been hacked but I am hoping the DNS is the reason.
Hope someone can help this newb!
My guess is mixed content but without the domain it is impossible to say anything concrete.
Yes, you do have a mixed content issue. On the main site, but particularly on the blog page.
Search the forum here for that keyword and you should get plenty of answers. Respectively, the search engine of your choice will have an equal myriad of answers.
Thank you for confirming it wont be a hack.
However, I am not sure what to search for in order to find my answer.
We cannot log onto the wp admin due to this issue, so I am presuming I have to do something with the SSL on my main domain through the Cloudflare admin panel to let the WP side kick into gear again and let us be able to log into the control panel and add in the plug in??
I am struggling to work this out.
There are pleeeeenty of threads here on the forum, respectively you will find a lot on information online as well.
Partially, the problem is your site is loaded via HTTPS but it embeds regular HTTP links and browsers dont like that a bit.
have you got a page rule for *.yourdomain.com/wp-admin with:
Cache Level: bypass
I contacted CF support with a similar issue. They gave me this solution and it worked for me.
This won’t sort out the mixed content issue but may help you access your admin area
Can you remember what your solution was for this please?
I would like to try it but I am not a web developer / designer.
I have had some info back from whynopadlock on the main www.steel-city.co.uk site - it looks to be down to a few youtube images on the homepage that wont change over to HTTPS:// - I have logged a support ticket with vpasp to find out how we change that as it is a custom site.
But the blog is worrying me… wordpress.
I really dont know what to do… we cant access the back end, as it wont let us log on… it must be confused. Can anyone tell me what I need to do in order to undo whatever is stopping this… or what I can do to put it right?
(sorry, this is just an alien area to me).
See my previous post - have you done this?
Thank you @domjh but I dont know how to do any of that! Sorry! If there was a set of instructions… I would certainly give it a go!
1.Log into your Cloudflare dashboard
2. Select the domain you are having the issues with
3. On the menu with the blue squares, click ‘Page Rules’
4. Click ‘Create Page Rule’
5. In the URL box, enter *steel-city.co.uk/blog/wp-admin
6. Click Add a setting and choose Disable Security
7. Click Add a setting and choose Cache Level: bypass
8. Click Add a setting and choose Disable performance
Also, while you are logged in and have your domain selected, choose the ‘Crypto’ tab from the top.
Scroll down and make sure the following options are turned on:
Always Use HTTPS
Automatic HTTPS Rewrites
Sorry, please note the edit to step 5 in the above post, your setup is configured slightly differently
OH MY LIFE, that all worked!!! Thank you sooo much!!!
We still have some mixed messages, but we will work on those!!!
Did you then have an issue posting new pages?
Looks like the permalink on WP is still defaulting to HTTP:// so we can now see the pages when we are outside the admin as they are now HTTPS… but when in admin we cant see the posts or write new ones.
I presume there is a plugin…?
Glad that worked OK, yes - just have a look at the mixed content and it should all be ok.
Up at the top, in the address bar, when you load the admin area - to the left of the bookmark (star) icon, is there another icon that, when clicked, gives you the option to load scripts from unauthenticated sources?