Infinite redirect issue with Wordpress admin and Cloudflare

Infinite redirect issue with Wordpress admin (aka err_too_many_redirects)

Very short answer: Add the following snippet to the top of your wp-config.php file.

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
   $_SERVER['HTTPS']='on';
else
   $_SERVER['HTTPS']='off';

Longer answer:

Hi! I recently was setting up a wordpress website for our CV Application https://thecvapp.com and suddenly wp-admin URL started redirecting to itself, to the same exact URL. And when this happens enough times, Google Chrome just spits out the “err_too_many_redirects” error, as there’s probably an infinite loop. I’m using Cloudflare to manage my SSL and all the caching, plus some more.

Why is this happening?

My Cloudflare SSL settings was set to “Flexible” mode, this works as following, Browser sends an SSL request, Cloudflare captures this and decrypts, then sends an HTTP request to your server. It’s called “terminating” the SSL at Cloudflare level.

Your webserver in the end receives an HTTP request. This is very easy to setup since your server doesn’t need to manage private keys and encryption etc., but less secure indeed. Everything is a trade-off afterall!

What’s the solution?

The solution is either terminate the SSL at wordpress level and setup the SSL correctly, BUT the easier solution is adding the following snippet to the top of your wp-config.php.

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
   $_SERVER['HTTPS']='on';
else
   $_SERVER['HTTPS']='off';

What this does is, checks an HTTP header put by cloudflare, to see if the connection had been an SSL and had been already secured at browser level. If so, it’s okay to accept even though current request is HTTP.

---

Congratulations! Keep blogging like a champion, and please follow me on @EralpBayraktar :)