WordPress.org

Forums

SSL Insecure Content Fixer
CloudFlare Flexible SSL? (4 posts)

  1. ylluminate
    Member
    Posted 1 year ago #

    Is there any way to force content to be rewritten even when SSL is not enabled directly on the server? At present it seems that if I am running Flexible SSL and it normally works for the main page, the page assets are still insecure and will not be rendered.

    https://wordpress.org/plugins/ssl-insecure-content-fixer/

  2. webaware
    Member
    Plugin Author

    Posted 1 year ago #

    G'day ylluminate,

    If your web server can't tell that you're serving pages as SSL, then you can trick it. See this gist for an example of how to do that, and read about why in this blog post.

    cheers,
    Ross

  3. ylluminate
    Member
    Posted 1 year ago #

    Interesting, I'll look at this here. Just a heads up, I used this already as well since I am on CloudFlare: http://www.macuha.com/2012/05/wordpress/how-to-setup-ssl-on-wordpress-admin-using-cloudflare-flexible-ssl/

  4. webaware
    Member
    Plugin Author

    Posted 1 year ago #

    Thanks, interesting. I plan to add some extra features to this plugin so that site admins can use settings to let WordPress know when to honour those custom HTTP headers like HTTP_X_FORWARDED_PROTO, and now also CloudFlare's CF-Visitor.

    NB: CloudFlare Flexible SSL is really only half an SSL -- it encrypts data between your site's visitors and CloudFlare, but then sends all that sensitive data in clear text across the Internet to your web server. Great for giving visitors a happy feeling, but I wouldn't trust it for securing credit card details.

    cheers,
    Ross

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • SSL Insecure Content Fixer
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic

Tags

No tags yet.