WordPress With Load Balancer SSL Termination

26th February 2016

WordPress With Load Balancer SSL Termination

If attempt to run WordPress in a load balanced environment with SSL terminated on the load balancer(s), you may find requests to your site get stuck in a redirect loop.

This is due to WordPress not trusting forwarded SSL by default.

To solve this issue, you simply need to add the following snippet to your wp-config.phpfile:

if ( $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' ) {
    $_SERVER['HTTPS'] = 'on';
}

To be slightly more secure, you might wish to also perform a check on the IP address that the request has come from, to ensure it has really come from your load balancer(s).

Another issue you might come across under this setup is your visitors real IP addresses not being recorded in places such as comments - but you instead get the IP address(es) of your load balancer(s). If you don't resolve this server-side, this little snippet may help you:

if( isset( $_SERVER["HTTP_X_FORWARDED_FOR"] ) ) {
    $_SERVER['REMOTE_ADDR'] = $_SERVER["HTTP_X_FORWARDED_FOR"];
}