Title: Insecure requests in Admin Last modified: August 30, 2016 --- # Insecure requests in Admin * Resolved [korneelwever](https://wordpress.org/support/users/korneelwever/) * (@korneelwever) * [10 years, 4 months ago](https://wordpress.org/support/topic/insecure-requests-in-admin/) * Hey, * I just installed the plugin and the admin part is broken due to blocked request as I’m serving my entire site (including admin) over HTTPS signed by CloudFlare( [https://wordpress.org/plugins/cloudflare/](https://wordpress.org/plugins/cloudflare/)) * > Mixed Content: The page at ‘[https://example.com/wp-admin/admin.php?page=WordfenceSecOpt’](https://example.com/wp-admin/admin.php?page=WordfenceSecOpt’); > was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ‘[http://example.com/wp-admin/admin-ajax.php’](http://example.com/wp-admin/admin-ajax.php’);. > This request has been blocked; the content must be served over HTTPS. > send > @ load-scripts.php?c=0&load[]=jquery-core,jquery-migrate,utils,jquery-ui-widget, > jquery-ui-core,jquery…:5 m.extend.ajax @ load-scripts.php?c=0&load[]=jquery- > core,jquery-migrate,utils,jquery-ui-widget,jquery-ui-core,jquery…:5 window. > wordfenceAdmin.ajax @ admin.js?ver=bad3fc7907a77f805e4d5874fbe7884e:63 window. > wordfenceAdmin.saveConfig @ admin.js?ver=bad3fc7907a77f805e4d5874fbe7884e:100onclick > @ admin.php?page=WordfenceSecOpt:1353 * [https://wordpress.org/plugins/wordfence/](https://wordpress.org/plugins/wordfence/) Viewing 3 replies - 1 through 3 (of 3 total) * [WFBrian](https://wordpress.org/support/users/wfbrian/) * (@wfbrian) * [10 years, 4 months ago](https://wordpress.org/support/topic/insecure-requests-in-admin/#post-6886895) * Hi, * Are you running CloudFlare’s plugin? * [https://wordpress.org/plugins/cloudflare/](https://wordpress.org/plugins/cloudflare/) * Wordfence supports SSL with no change in configuration needed. Are you using Falcon Cache? * Thanks, Brian * Thread Starter [korneelwever](https://wordpress.org/support/users/korneelwever/) * (@korneelwever) * [10 years, 4 months ago](https://wordpress.org/support/topic/insecure-requests-in-admin/#post-6886896) * Yep, running the plugin, https protocol rewriting is switched on. Not using Falcon Cache. * Plugin Author [WFMattR](https://wordpress.org/support/users/wfmattr/) * (@wfmattr) * [10 years, 4 months ago](https://wordpress.org/support/topic/insecure-requests-in-admin/#post-6886965) * Is the site itself served by https, when CloudFlare requests pages on behalf of visitors? I haven’t seen this issue before, but I also haven’t seen protocol rewriting used on a site that isn’t itself running https. (I’m not that familiar with that CloudFlare feature myself.) * -Matt R Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘Insecure requests in Admin’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) ## Tags * [admin](https://wordpress.org/support/topic-tag/admin/) * [HTTPS](https://wordpress.org/support/topic-tag/https/) * [SSL](https://wordpress.org/support/topic-tag/ssl/) * 3 replies * 3 participants * Last reply from: [WFMattR](https://wordpress.org/support/users/wfmattr/) * Last activity: [10 years, 4 months ago](https://wordpress.org/support/topic/insecure-requests-in-admin/#post-6886965) * Status: resolved