WordPress: Insecure content behind reverse proxy/load balancer

When running WordPress behind a load balancer or reverse proxy, you may find that you’re getting lots of insecure content warnings in your browser. This may cause the page to load improperly, as all the content is not being delievered.

Most reverse proxies and load balances will add an additional header to the request, allowing the server to identify the clients’ real IP address. One common name for this header is ‘X-FORWARDED-FOR’. The reverse proxy/load balancer may also add the ‘X-FORWARDED-PROTO’ header. I’ll assume this is the senario moving forward. If you’re not sure what your headers are named, or if they’re present at all, contact your reverse proxy/load balance provider or administrator.

There are several solutions to fix this. A simple plugin can apply the fix – SSL Insecure Content Fixer.

However, if you want to apply the fix yourself, it’s quite simple. After installation, add the following lines to your wp-config.php file:

/** Custom SSL Handlers **/
$_SERVER[‘HTTPS’] = ‘on’;


Save, and that’s it!