iControlWP have published a useful article, “WordPress CloudFlare Flexible SSL – Making It Work” explaining what CloudFlare Flexible SSL is and how to make it work using a plugin.
“Step-by-Step How To: Enabling CloudFlare (Flexible) SSL On WordPress
If you want this to work, and you don’t want to break your site, read all these steps carefully and understand them fully before you make any changes on your site.
If you skip a part, or you mix it up, you stand to break your site.
At no point do you need to change your website’s URL under Settings -> General -> Website Address (URL)
Install our simple CloudFlare Flexible SSL WordPress plugin from WordPress.org and activate it.
Browse to your website using HTTPS instead of HTTP. Your website should load as normal. If it doesn’t, you probably have certain assets such as CSS or JPEGs that are hard-coded to use HTTP and not HTTPS.
Once you have confirmed your website properly loads under HTTPS, you now will want to force all visitors to use it. This is best done by CloudFlare, and not on your WordPress site. Within CloudFlare go to the Page Rules section for your domain and enter a rule just as shown in the screenshot below::
Read full article: https://www.icontrolwp.com/blog/enabling-cloudflares-universal-flexible-ssl-wordpress-without-infinite-redirect-loops/?utm_source=in-plugin&utm_medium=plugin-readme&utm_content=wordpress.org&utm_campaign=cloudflare-flexible-ssl-plugin