How do I fix the infinite redirect loop error after enabling Flexible SSL with WordPress?

September 29, 2016 0 By admin

Some users may experience redirect loops after activating CloudFlare’s free Universal Flexible SSL option with a WordPress site. In order to fix this issue and/or get things set up properly to use with WordPress, please follow the steps outlined below:

1. Install either CloudFlare Flexible SSL WordPress plugin or WordPress HTTPS plugin. Many WordPress users are using these plugins to resolve redirect loop issues in WordPress and to make the transition to https:// easier.

Note: These plugins were not created by and we do not provide support for questions related to these plugins. If you have questions or issues related to using either one of these plugins, please direct your concerns to the plugin author.

2. Install the CloudFlare WordPress plugin to make sure that the original visitor IP is being passed back at the WordPress level. Since it is likely that some of your other plugins rely on original visitor IP, installing the CloudFlare WordPress plugin will restore visitor IPs back to the WordPress level and not show CloudFlare’s IPs.

3.Go to your website over https:// to see if your website loads. Given that you didn’t have the domain set to use SSL prior to activating Universal SSL, it is likely that you will have a mixed content error warning when you look in the corner of your browser window. In order to make this error go away, you will need to go through your site and make sure assets are being loaded over HTTPS and not HTTP. Solutions can be found at:

Mozilla’s tutorial on fixing mixed content errors

WordPress Plugin: SSL Insecure Content Fixer

4. Create a page rule with the Always Use HTTPS action for the pattern “http://**”, replacing with your domain to redirect all HTTP requests to HTTPS at our edge.

5. If you are still seeing the error, check to make sure there are not any redirects created at your origin server. With WordPress, these will generally be created in the “.htaccess” file. If you are using the Page Rule above, remove any redirect code here to prevent any infinite loops. Otherwise, if you’d prefer to use the redirect implemented on your server rather than the Page Rule, the redirect code may need to use the “X-Forwarded-Proto” header which checks the protocol sent from the visitor. The code itself would look like this:
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
This will have the redirect only trigger on HTTP connections, preventing the loop from occurring.