Hi, For this page’s URL I don’t get any browser warnings… …

By 13th August 2022 Uncategorised

Comment on WordPress CloudFlare Flexible SSL – Making It Work by Paul G..


For this page’s URL I don’t get any browser warnings… not sure what that would be referring to.

It’s easy to understand why I wouldn’t go the extra yard and that’s simply because it’s not just a “yard”. What you’re referring to is massively more complex and beyond the scope of the original plugin – whose mandate was to remove the infinite redirect loops.

To remove browser warnings requires two things:
– full dynamic content rewriting as the page is loaded, before being sent to the browser
– plugins and themes written correctly, using native WordPress functions to includes scripts and styles, to ensure that re-writing these is even possible. Once you’ve been developing WP plugins for any length of time, you’ll find this is rare.

Not a trivial programming exercise, and one that has been attempted by various other plugins already.

This article + plugin solves two significant challenges:
– infinite redirects caused by CloudFlare flexible SSL and WordPress
– no need to actually change your WordPress core site URL, something that often breaks a site and breaks plugins.

The work to get your site fully HTTPS compliant is a whole other job and not “fixable” by any single plugin.

Thanks for your feedback Brett.

Paul G. Also Commented

WordPress CloudFlare Flexible SSL – Making It Work
Glad you like it and happy it was helpful for you.

WordPress CloudFlare Flexible SSL – Making It Work
Hi Ian,

This is really down to how early WooCommerce kicks in and sets-up any URLs that it uses. No way around that really except to make this plugin a “Must-Use” (MU) plugin so it loads first.
See: https://codex.wordpress.org/Must_Use_Plugins


WordPress CloudFlare Flexible SSL – Making It Work
Hi Marcus,

Though not quite related, if you’re changing your website to use HTTPS, you’ll need to update your Webmaster properties accordingly.


Recent Comments by Paul G.

Security: Hide The WordPress Login and Admin Pages (wp-login.php)
Hey Rob,
Brilliant news… Glad it’s working so well for you!

Part 5: Ultimate Comment SPAM Killer – Shield WordPress Security Plugin
Why does WordPress need to do that? I’ve no idea… that’s the way the author of this particular code decided to implement this. 🙂

My approach is to take each “spam” word/pattern and I use “stripos()” on each item of the comment that needs to be checked.

The truth is that efficiency isn’t hugely important in this area because it’s only run when a comment is posted. I could probably optimize my approach too, but again, it’s not critical.

Further reading: http://lzone.de/articles/php-string-search.htm

Part 4: Login Protection – Shield WordPress Security Plugin
There’s nothing you can do about that unfortunately if the bots are cracking away at your page. Most bots would get blocked by the automatic blacklist if they’re repeatedly hitting you with this.

As to XML-RPC, we have a couple of options ranging from by-passing the login/user sessions systems to completely disabling it:

Further WordPress Admin Access Lockdown
Eileen, Lynn,

The automatic updates system is WordPress-controlled and run on a WordPress cron. The Security admin access shouldn’t affect this. If you have enabled automatic updates, but restricted the system using the admin access and you find it’s not working as it should, please let me know in the support forums.

To your first question, if you enable this Security Admin system and lock-down any features, then you must, as an administrator or not, authenticate with the Security Admin system before you can make changes to the zones that have been restricted.

Let me know if it’s still unclear and I’ll elaborate further on areas you need.

Part 5: Ultimate Comment SPAM Killer – Shield WordPress Security Plugin
This is something that you’ll have to test with your particular installation(s) and configuration. Aggressive page caching will probably affect this functionality, but that is the double-edged sword that is “caching”.

I’d be interested to hear what you find with your tests.


x Logo: ShieldPRO
This Site Is Protected By