WordPress.org

Ready to get started?Download WordPress

Forums

SSL Insecure Content Fixer
CloudFlare Flexible SSL? (4 posts)

  1. ylluminate
    Member
    Posted 3 months ago #

    Is there any way to force content to be rewritten even when SSL is not enabled directly on the server? At present it seems that if I am running Flexible SSL and it normally works for the main page, the page assets are still insecure and will not be rendered.

    https://wordpress.org/plugins/ssl-insecure-content-fixer/

  2. webaware
    Member
    Plugin Author

    Posted 3 months ago #

    G'day ylluminate,

    If your web server can't tell that you're serving pages as SSL, then you can trick it. See this gist for an example of how to do that, and read about why in this blog post.

    cheers,
    Ross

  3. ylluminate
    Member
    Posted 3 months ago #

    Interesting, I'll look at this here. Just a heads up, I used this already as well since I am on CloudFlare: http://www.macuha.com/2012/05/wordpress/how-to-setup-ssl-on-wordpress-admin-using-cloudflare-flexible-ssl/

  4. webaware
    Member
    Plugin Author

    Posted 3 months ago #

    Thanks, interesting. I plan to add some extra features to this plugin so that site admins can use settings to let WordPress know when to honour those custom HTTP headers like HTTP_X_FORWARDED_PROTO, and now also CloudFlare's CF-Visitor.

    NB: CloudFlare Flexible SSL is really only half an SSL -- it encrypts data between your site's visitors and CloudFlare, but then sends all that sensitive data in clear text across the Internet to your web server. Great for giving visitors a happy feeling, but I wouldn't trust it for securing credit card details.

    cheers,
    Ross

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.