Ask your WordPress questions! Pay money and get answers fast! (more info)

SSL Help WordPress

  • SOLVED

I need some help with my SSL converting on my website.

I am pulling my wordpress it into an facebook app iframe which requires https on my page. So all my permalinks/bloginfo links need to be in https to.

I have my SSL certificate but I think I have set it up wrong and that maybe causing me ball ache.

I have my SSL setup so it looks like this...

<strong>http://www.mysite.com</strong> - non ssl
<strong>https://secure.mysite.com</strong> - ssl

When I set up my certificate I should have just used. https://www instead of https://secure - But I cannot change this now. So I just some how need to work with this sub domain.

I've tried using the wordpress https plugin, but for some reason when using that plugin, if I visit this address...

<strong>https://secure.mysite.com</strong>

...it then redirects back to

<strong>http://www.mysite.com</strong>


So I need to abandon this plugin and do it manually which maybe a more solid fix.

Can any one please help me with a function that will safely convert all my permalinks/bloginfo php on my page into <strong>https://secure</strong> if my page is in SSL mode.

I don't want to necessarily force SSL - but I just want my page to be secure when visiting my site in SSL.

I understand I will have to make some fixes to my external js libraries etc, but I just need the wordpress and php side of things taken care of.


Can anyone help me with a fully working function?


Thanks

Answers (3)

2013-04-19

Daniel Yoen answers:

maybe like this :

<?php
function node_ssl_template_redirect()
{
if (!is_ssl())
{
if (0 === strpos($_SERVER['REQUEST_URI'], 'http'))
{
wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']), 301);
exit();
}
else
{
wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], 301);
exit();
}
}
else if (is_ssl() && !is_admin())
{
if (0 === strpos($_SERVER['REQUEST_URI'], 'http'))
{
wp_redirect(preg_replace('|^https://|', 'http://', $_SERVER['REQUEST_URI']), 301);
exit();
}
else
{
wp_redirect('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], 301);
exit();
}
}
}
add_action('template_redirect', 'node_ssl_template_redirect', 1);
?>


hope this help :-)


Daniel Yoen comments:

note : SSL need static ip address :-)


Josh Cranwell comments:

Hi Daniel.

Thanks for you answer.

Yes it is static.

OK i've tried your functions but it only changes the https part.

How should it be done so... <strong>http://www</strong> gets converted to <strong>https://secure</strong> ?


Thanks


Daniel Yoen comments:

You just need to add subdomain from cpanel :-)


Josh Cranwell comments:

I don't have cpanel. What is it?

I don't manage my servers or domains.

Can this not be done my side using a function?


Daniel Yoen comments:

how do you manage your hosting account?. or you're working for a client ?

note : if you buy ssl for mydomain.com, you can't use for sub.mydomain.com, but if you buy ssl for *.mydomain.com will cover sub.mydomain.com

hope this help :-)


Josh Cranwell comments:

We have a guy that does it it for us. He will charge me for his time so I simply just need use a function my end to save cost.

The SSL only works like this...

<strong>https://secure.mysite.com</strong>

It does not work like this...

<strong>https://www.mysite.com</strong>


You function above works great for converting <strong>http</strong> into <strong>https</strong> but my www is still in the outputted html.

Is there now way to change www to secure when in SSL using a function like yours above?

Thanks


Josh Cranwell comments:

Hi Daniel.

I just tried my site with out that function and I still get the same results with out it.

And I still get the same result so I guess it does not do anything. I thought it did because when viewing my page source is SSL mode, all <strong>http</strong> strings had an <strong>s</strong> on the end.

Any I deleted your function and tested in <strong>ssl</strong> by visiting...

<strong>https://secure.mysite.com</strong>

in my source - all the <strong>http</strong> strings had an <strong>s</strong> on the end.


It's just this damn <strong>secure</strong> subdomain/host causing me grief :(


Daniel Yoen comments:

Sorry, try to add :

define('WP_SITE_URI', ($_SERVER["HTTPS"]?"https://":"http://").$_SERVER["SERVER_NAME"]);
define('WP_SITEURI', ($_SERVER["HTTPS"]?"https://":"http://").$_SERVER["SERVER_NAME"]);


in wp-config file

2013-04-19

Clifford P answers:

In my opinion, you should buy a new SSL cert with www.mysite.com (www covers both www and non-www: both www.mysite.com and mysite.com). An SSL cert is cheaper than this $30 question.

Once you get your SSL working as desired, this can help you get rid of those mixed content warnings: [[LINK href="https://managewp.com/wordpress-ssl-settings-and-how-to-resolve-mixed-content-warnings"]]https://managewp.com/wordpress-ssl-settings-and-how-to-resolve-mixed-content-warnings[[/LINK]]


Josh Cranwell comments:

Thanks Clifford P.

Such a simpler method but my renewal came round and we're paying £150 for yearly cost. But becuase we dont manage our servers, we just let our server guy do it for us. So we've payed for upfront so I would rather not spend anymore on a new SSL if I can be worked around with a clever function.

But as soon next renewal comes round I will fix this to use www so it works with out it to :-)


Clifford P comments:

Maybe you have a super duper SSL cert, like for a bank. If not, that's really, really, really expensive. They're $10-$75.


Josh Cranwell comments:

I know - i've been mugged.


Clifford P comments:

You might have to setup DNS to point 'secure' subdomain to the WP site.

2013-04-19

Asad Iqbal answers:

You better ask your hosting provider for this. There may have some different issues for this. From which provider you purchase your ssl? And is it domain specific or wildcard ssl?

Btw, I own a hosting company, I can provide cheaper plan with ssl, if you are interested then pm me :)