What is Protocol Rewriting in the CloudFlare Wordpress Plugin

What is Protocol Rewriting?
When you load your WordPress site, your computer connects to your website using one of two protocols: HTTP or HTTPS. The second ("HTTPS") is used when you create a secure connection using an SSL certificate.

Protocol rewriting in this context convert links within your WordPress site to images, stylesheets, and scripts from using either "http://" or "https://" to using just "//". This rewrite tells your browser to load all of these assets using the same protocol as the base page loaded.

Specifically, the plugin targets links within the following tags:

  • link
  • script
  • img
  • base

Why would I need Protocol Rewriting?
Protocol rewriting is most beneficial to websites that use Flexible SSL. When using Flexible SSL, your origin server receives the connection over "http". The source code that is returned will then link to all assets using "http://" at the start of the link. The browser sees the page as loaded over "https" though, so it will block all of these "insecure assets". (This is commonly referred to as a "mixed content warning")

By rewriting all the links to start with just "//", the browser will try to load all the assets over the same protocol as the main page ("https" if using Flexible SSL), CloudFlare will connect to your origin over http to get the asset, and the "mixed content warning" will disappear. 

Additional Notes
By default, this option is enabled. For the majority of users (even those not using Flexible SSL) there will be no negative effects. If you do notice any issue, this rewriting can be disabled in the settings for CloudFlare on the admin side of your WordPress installation. Please submit any issues to CloudFlare support as well.

Have more questions? Submit a Request


Article is closed for comments.