Wordpress Subdomain

My guess is mixed content but without the domain it is impossible to say anything concrete.


Yes, you do have a mixed content issue. On the main site, but particularly on the blog page.

Search the forum here for that keyword and you should get plenty of answers. Respectively, the search engine of your choice will have an equal myriad of answers.

Thank you for confirming it wont be a hack.
However, I am not sure what to search for in order to find my answer.

We cannot log onto the wp admin due to this issue, so I am presuming I have to do something with the SSL on my main domain through the Cloudflare admin panel to let the WP side kick into gear again and let us be able to log into the control panel and add in the plug in??

I am struggling to work this out.

“Mixed content”.

There are pleeeeenty of threads here on the forum, respectively you will find a lot on information online as well.

Partially, the problem is your site is loaded via HTTPS but it embeds regular HTTP links and browsers dont like that a bit.

1 Like

have you got a page rule for *.yourdomain.com/wp-admin with:
Disable Security
Cache Level: bypass
Disable performance

I contacted CF support with a similar issue. They gave me this solution and it worked for me.

This won’t sort out the mixed content issue but may help you access your admin area

Can you remember what your solution was for this please?
I would like to try it but I am not a web developer / designer.

I have had some info back from whynopadlock on the main www.steel-city.co.uk site - it looks to be down to a few youtube images on the homepage that wont change over to HTTPS:// - I have logged a support ticket with vpasp to find out how we change that as it is a custom site.

But the blog is worrying me… wordpress.

I really dont know what to do… we cant access the back end, as it wont let us log on… it must be confused. Can anyone tell me what I need to do in order to undo whatever is stopping this… or what I can do to put it right?
(sorry, this is just an alien area to me).

See my previous post - have you done this?

Thank you @domjh but I dont know how to do any of that! Sorry! If there was a set of instructions… I would certainly give it a go!

1.Log into your Cloudflare dashboard
2. Select the domain you are having the issues with
3. On the menu with the blue squares, click ‘Page Rules’
4. Click ‘Create Page Rule’
5. In the URL box, enter *steel-city.co.uk/blog/wp-admin
6. Click Add a setting and choose Disable Security
7. Click Add a setting and choose Cache Level: bypass
8. Click Add a setting and choose Disable performance

1 Like

Also, while you are logged in and have your domain selected, choose the ‘Crypto’ tab from the top.

Scroll down and make sure the following options are turned on:
Always Use HTTPS
Automatic HTTPS Rewrites

Sorry, please note the edit to step 5 in the above post, your setup is configured slightly differently

OH MY LIFE, that all worked!!! Thank you sooo much!!!
We still have some mixed messages, but we will work on those!!!

1 Like

Did you then have an issue posting new pages?
Looks like the permalink on WP is still defaulting to HTTP:// so we can now see the pages when we are outside the admin as they are now HTTPS… but when in admin we cant see the posts or write new ones.

I presume there is a plugin…?

Glad that worked OK, yes - just have a look at the mixed content and it should all be ok.

Do you use Chrome?

Yes we do!

Up at the top, in the address bar, when you load the admin area - to the left of the bookmark (star) icon, is there another icon that, when clicked, gives you the option to load scripts from unauthenticated sources?

Yes there is… it is a shield with an red x against it…!

This is the url we see in the post admin… but when we click the link it takes us to the https
Currently we cant edit posts or edit
Trying a new post has the same permalink http