Today I’ve been looking in to updating this site to HTTPS through the use of the free Cloudflare https service available.
The thing that I really like about Cloudflare is not only is it free but it is offering you free HTTPS as well as free HTTP2. FREE!!! The free plan is kind of faux https as it’s only secure between the cloudflare servers and the client, and not your own website and the cloudflare servers, but still it is a great step in the right direction.
Once you’ve set up for the https you can also get http2 through SPDY as well as have the option of rolling out Service Workers for some offline content as well.
When making the change I also updated the Settings section on the WordPress backend from http://surfthedream.com.au to https://surfthedream.com.au because I noticed that the new responsive images were adding http:// to all of the srcset values and I was getting mixed content errors, where as the rest of the site was stripping the protocol from the files.
As soon as I did this the front end was working perfectly but the wp-admin had a redirect loop. After doing a bit of searching I found that you need to add the following line
$_SERVER['HTTPS'] = 'on';to your wp-config.php file.
Now everything is working perfectly.