WordPress HTTP & HTTPS Via This Protocol Relative Mod

Are you ready to go https with your WordPress blog?

Securing WordPress With TLS Encryption
Securing WordPress with Protocol Relative

Here is a neat trick that will allow your blog to accept both HTTP and HTTPS using Protocol Relative with no insecure page errors.

Ive been running WordPress for many years and recently made the jump to TLS Encryption by using CloudFlare Free https.

CloudFlare and many others have disabled SSL because of a security vulnerability. The latest encryption protocol is “transport layer security” (TLS.)

The disadvantage of this is, many older browsers do not support it and will not connect to a TLS encrypted site. So if you go https with your blog you may be preventing others from viewing your articles.

I found a way to make WordPress easily accessible by both http and https protocols. That’s the ticket for taking advantage of a secure WordPress blog and at the same time not blocking any faithful followers of your articles.

This process can be tricky to implement, and after conversion your database will not be able to be reverted back. So do a full backup of your blog before beginning!

The most important task is to export your current database to disk before attempting to implement this mod. If your running under cPanel simply log in, navigate to MySQL and click on your blogs database. At the top you will see an export tab. Click it and export your database to disk. If something goes wrong during this process you can always re-import your good database to get your site back online.

You will need these two plugins. WordPress HTTPS and Velvet Blues Update URLs. Download these plugins and install, but do not activate yet.

Next verify https is available by adding https:// to your blogs url. If you just set up CloudFlare it can take up to 24 hours before your domains certificate is fully active. If you get an invalid certificate warning give it more time. Also check your cf settings to be sure that https is set to flexible mode.

Next activate WordPress HTTPS Plugin. Navigate to it’s settings and be sure your domain is displayed properly. Check proxy setting to auto. At this point your blog should be displaying properly in https. If you get insecure warnings ignore them for the time being.

Next is to add this code snippet to your wp-config file. Add it just above the line that says: /* That’s all, stop editing! Happy blogging. */

define('FORCE_SSL_ADMIN', true);
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')

This forces WordPress Admin into https mode.

Verify you can navigate within your WordPress admin area. Ignore any insecure browser warnings. This is common when in your admin area.

WordPress https required update urls pictorialNext activate velvet blues update urls plugin. We will be changing any urls within your database to Protocol Releative. This //url allows both http and https to access articles, media, etc, on your sire regardless of their protocol.

Click the thumbnail to your left to expand and show how i set up velvet blues update urls to make the needed database changes.

If all went well, you should be able to access your site by both http and https. A view of your homepage source code should show your pages with http and protocol relative views. If so you got it!

Some plugins might need manual intervention. One that i run is Simple-Press WordPress Forums. To make that one work in both protocols i had to go into my database and change it’s page url to protocol relative. Not a big deal if you are experienced in MySQL databases.

I also suggest changing your WordPress urls under general settings to https. This will force Yoast WordPress SEO to make your sitemap urls https. You do not want an https site with http sitemap urls.

wordpress https url setting
WordPress https url setting. Do this so your sitemap generates https urls.

This setup is working well for us. It allows this blog to be available under both http and https protocols. A win-win combination!

One of our pages, Doc’s webcams, does not support https. Just added a link above the cam displays saying: These cams do not support encryption. Click here for non-secure page. that takes care of that little problem.

If you have questions comment below. 😉

I'm an outspoken good ole southern boy. Fidonet computer bulletin board system operator, hobbyist webmaster, and MAGA blogger. Just hanging out in cyberspace keeping up with tech, 'blogging my opinion' without beating around the bush!

Notify of
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
June 12, 2017 12:36 PM

Thanks for recommending Velvet Blues. That plugin saved me a lot of work. 🙂

June 12, 2017 1:30 PM
Reply to  Anonymous

Thanks for your comment. It’s pretty old, so I’m happy to hear it still works.

March 2, 2015 8:55 AM

Hi! and thank you for this post which is certainly helping me understand how to use ssl with cloudflare in wordpress. I would be very grateful if you please could clarify an issue for me. I have changes urls using the plugin you recommend (velvet blues update urls) from old url: http://mydomain.com to new url: //.maydomain.com, following your instructions. Now, in order to revert the changes if necessary, what should I enter in old url, //mydomain.com or http://mydomain.com?

May 1, 2015 5:40 PM
Reply to  DocCyber

Hi DocCyber, thanks for your response. Although I’m still in doubt. In order to revert the change, should I use http://mydomain.com in both old and new url fields or should I use //mydomain.com in the old url field and http://mydomain.com in the new url field? Thank you for your help