Solve the Akismet problem with CloudFlare SSL

Today, I’ve spent time on diving in the solve the problem when using Akismet anti-spam plugin over the HTTPS with the setup using CloudFlare flexible SSL.


Akismet is one of most common anti spam plugin used in WordPress. I’ve used this plugin for years and really been satisfied with it. The problem occurs when I put this blog after the CloudFlare CND services and enable its flexible SSL support.

The first thing I’ve tried is install the CloudFlare flexible SSL plugin for WordPress. After that, most of problems was resolved but one. My Firefox still gives me a notification that their are some mixed content on my site, which means some of my resources were loaded from unsecured  protocol. I opened the web console and realized that the Akismet js file is still hosted over non-SSL domain.

[blocked] The page at ‘’ was loaded over HTTPS, but ran insecure content from ‘’: this content should also be loaded over HTTPS.

I tried to install many HTTPS forcing plugins from WordPress repository but nothing helps.

The reason

The reason why the CloudFlare flexible SSL plugin works for other resources but the Akismet ones is the order WordPress loads its plugins. The CMS sort active plugins by their names before saving into the database and load the plugin using that order. Therefore, the Akismet was loaded before the CloudFlare flexible SSL, and all of Akismet resources was still using the non-SSL domain.

My working solution

The most easy way is install a WordPress plugin to customize the loading order of the CMS active plugins. I can find this plugin and confirmed that it works correctly. However, I do not want to install too much plugin into my WordPress installation. I tried to change the order of active plugin right before they are saved to the database. Fortunately, WordPress support the active_plugins hook called right there. I add these lines of code into my functions.php in my theme:

function pureclean_sort_plugins() {
    $active_plugins = get_option('active_plugins');
    $this_plugin = 'cloudflare-flexible-ssl';
    $this_plugin_key = array_search($this_plugin, $active_plugins);
    if ($this_plugin_key) { // if it's 0 it's the first plugin already, no need to continue
        array_splice($active_plugins, $this_plugin_key, 1);
        array_unshift($active_plugins, $this_plugin);
        update_option('active_plugins', $active_plugins);
add_action("activated_plugin", "pureclean_sort_plugins");

Finally, deactivate a plugin and reactive it to make these code work (don’t forget this step). The problem was resolved.


Leave a Reply