I’m going to have to re-create your setup on one of my test systems, so that could take a while. Especially since I’ve never seen Cloudflare before.
First though, I need to verify that the code you display did not get corrupted, as you didn’t enclose it in backticks (the code button). Is this what it looks like?
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS']='on';
require_once(ABSPATH . 'wp-settings.php');
If so, where is this code being placed? You list wp-admin, but that is a folder, not a PHP file.
Thanks, in advance, for the clarification.
Thanks for the prompt reply. oops, that is at the very bottom of wp-config.php right before the last statement as indicated in /wp-content/plugins/ssl-insecure-content-fixer/is_ssl-test.php
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS']='on';
/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');
To re-iterate what is weird (and I may have done something subtle that broke this) that it worked with my set up perfectly for a bit over a week and I did not have any plugin upgrades or new code insertions on this site that I knowingly changed, added or deleted. i.e. everything I run has always been maintained and prior conflicts/plugins always tested and resolved.
refs:
https://wordpress.org/plugins/cloudflare-flexible-ssl/
https://www.icontrolwp.com/2014/10/enabling-cloudflares-universal-flexible-ssl-wordpress-without-infinite-redirect-loops/
thx so much again for taking a look,
stu
Great! That gives me what I need to do some testing and see what I can figure out.
Thanks for asking. I’ll report back here as soon as know anything of interest.
It’s asking a lot to have you go through this, signing up with Cloudflare etc. Your plugin is indispensable for my client, so much that https takes a back seat to the functionality you provide for WordPress as a private site. The good news is that the entire front end of the site works in http or https, and if I force it in admin I’m only kept out as long as I force https. Just a bit inconvenient and not the object of why. https is certainly a reality coming down the road for most savvy site owners.
It took me a while, and a lot of creative thinking, to set up a test environment without incurring any costs, as Cloudflare usage requires a publicly-accessible domain name where I was willing to change name servers with real web hosting behind it. I ended up using a parked domain on to a subdomain of another domain name.
It can take up to 72 hours for name server changes to take effect, so I won’t be able to work on this until then.
Glad that you are in a position to “get by” for the time it takes to address this.
Thanks again!
er, yes. I’ve been on Cloudflare as a beta tester/early adopter since inception in 2009/10. It is actually a great way to manage many sites dns as a developer rather than to login to client hosting/registrar accts regardless whether you use the service or not, it’s a very fast and reliable dns solution. Just set up a couple of A records and a subdomain is easy to point. All my sites are on Ubuntu w/Nginx webservers.
Exactly, no rush here will be cool to see what you come up with.
I have this set up on many sites, yet not that have your plugin with no similar issues. The site in question has an interesting collection of features but turning all plugins off other than essential to this set up didn’t change the fact of what I’m facing lately.
Sorry that this has taken so long. It has been a busy week for support for my plugins, two major ones without Workarounds like yours has. And busy with other responsibilities.
After a detailed look, I now understand what is going on. The bottom line is that the implementation of the plugin’s Custom Login section settings are very restrictive.
In my testing just now on my test systems, which use a WordPress Page as a Custom Login page, everyone is forced to login on the Custom Login page. Once they have logged in, there are still on the Custom Login page. But they really are logged in, as the Admin Bar at the top of the page shows.
If I override the “Omit” Landing Location with the Advanced Setting “Allow Landing Location for Custom Login pages”, then I get myself into a Redirect Loop and cannot login to my site at all, until I either delete my plugin with FTP or use PHPMyAdmin and alter the ‘private_site’ setting in the WordPress database.
The reason you were not seeing this behaviour previously is that WordPress considers https and http as two separate domains. Logging into one does not log you into the other. I’m a little unclear on why my plugin sends you to the Dashboard, as I cannot re-create that on my test system. With WordPress Address (URL) set to http or https, I always end up on the Custom Login page, both for login and immediately after login.
