WordPress.org

Ready to get started?Download WordPress

Plugin Directory

WordPress HTTPS (SSL)

WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites.

How do I fix partially encrypted/mixed content errors?

To identify what is causing your page(s) to be insecure, please follow the instructions below.

  1. Download Google Chrome.
  2. Open the page you're having trouble with in Google Chrome.
  3. Open the Developer Tools. How to access the Developer Tools.
  4. Click on the Console tab.

For each item that is making your page partially encrypted, you should see an entry in the console similar to "The page at https://www.example.com/ displayed insecure content from http://www.example.com/." Note that the URL that is loading insecure content is HTTP and not HTTPS.

Once you have identified the insecure elements, you need to figure out what theme or plugin is causing these elements to be loaded. Although WordPress HTTPS does its best to fix all insecure content, there are a few cases that are impossible to fix. Here are some typical examples.

  • The element is external (not hosted on your server) and is not available over HTTPS. These elements will have to be removed from the page by disabling or modifying the theme or plugin that is adding the element.
  • The element is internal (hosted on your server) but does not get changed to HTTPS. This is often due to a background image in CSS or an image or file path in JavaScript being hard-coded to HTTP inside of a CSS file. The plugin can not fix these. The image paths must be changed to relative links. For example `http://www.example.com/wp-content/themes/mytheme/images/background.jpg` to simply `/wp-content/themes/mytheme/images/background.jpg`. Ensure you copy the entire path, including the prepended slash (very important).

I can't get into my admin panel. How do I fix it?

Since it is possible to lock yourself out of the dasboard, WordPress HTTPS comes with a way to reset the plugin's settings. The plugin makes no permanent changes to WordPress, so this will restore all settings to their defaults. Follow directions under "How do I reset the plugin's settings?"

How do I reset the plugin's settings?

Go to /wp-content/plugins/wordpress-https/wordpress-https.php and uncomment (remove the two forward slashes before) the line below, or go to your wp-config.php file and add this line. Hit any page on your site, and then remove it or comment it out again.

define('WPHTTPS_RESET', true);

The settings won't save!

Did you reset the plugin following the steps above and forget to comment the line back out or remove it from wp-config.php?

How do I make my whole website secure?

To make your entire website secure, you simply need to change your site url to use HTTPS instead of HTTP. Please read how to change the site url. Alternatively, you can use URL Filters in the WordPress HTTPS Settings to secure your entire site by putting just '/' as a filter. This will cause any URL with a forward slash to be secure (all of them).

How do I make only certain pages secure?

The plugin adds a meta box to the add/edit post screen entitled HTTPS. In that meta box, a checkbox for 'Secure Post' has been added to make this process easy. See Screenshots if you're having a hard time finding it. Alternatively, you can use URL Filters to secure post and pages by their permalink.

I'm using Force SSL Administration and all of the links to the front-end of my site are HTTPS. Why?

For many users this behavior is desirable. If you would like links the the front-end of your site to be HTTP, enable Force SSL Exclusively and do not secure your front-end pages.

I'm getting 404 errors on all of my pages. Why?

If you're using a public/shared SSL, try disabling your custom permalink structure. Some public/shared SSL's have issues with WordPress' permalinks because of the way they are configured. If you continue to recieve 404 errors, there may be no way to use WordPress with that particular public/shared SSL.

I'm receiving a blank page with no error. What gives?

This is most commonly due to PHP's memory limit being too low. Check your Apache error logs just to be sure. Talk to your hosting provider about increading PHP's memory limit.

Is there a hook or filter to force pages to be secure?

Yes! Here is an example of how to use the 'force_ssl' filter to force a page to be secure.

function custom_force_ssl( $force_ssl, $post_id = 0, $url = '' ) {
    if ( $post_id == 5 ) {
        $force_ssl = true;
    }
    return $force_ssl;
}

add_filter('force_ssl' , 'custom_force_ssl', 10, 3);

You can also use this filter to filter pages based on their URL. Let's say you have an E-commerce site and all of your E-commerce URL's contain 'store'.

function store_force_ssl( $force_ssl, $post_id = 0, $url = '' ) {
    if ( strpos($url, 'store') !== false ) {
        $force_ssl = true;
    }
    return $force_ssl;
}

add_filter('force_ssl', 'store_force_ssl', 10, 3);

Requires: 3.0 or higher
Compatible up to: 3.5.2
Last Updated: 2013-3-15
Downloads: 240,586

Ratings

4 stars
4.6 out of 5 stars

Support

7 of 46 support threads in the last two months have been resolved.

Got something to say? Need help?

Compatibility

+
=
Not enough data

0 people say it works.
0 people say it's broken.

100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1
100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1
100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1
100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1
100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1
100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,2,2 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,3,3 100,1,1 100,1,1 100,3,3 100,2,2 100,1,1 100,1,1
100,2,2 100,1,1 100,1,1 100,1,1
67,3,2 100,1,1 100,1,1 0,1,0
100,1,1 100,1,1 100,1,1 100,1,1 0,1,0 0,1,0 0,1,0 0,1,0 0,1,0 0,1,0
100,2,2 100,1,1 100,1,1
89,9,8 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1
60,5,3 100,1,1 100,1,1
100,3,3 100,1,1 100,1,1
50,4,2 100,1,1 100,1,1
100,1,1 100,1,1 100,1,1
100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1
50,2,1 0,3,0 100,4,4 100,15,15 50,14,7 100,1,1 100,3,3 100,1,1 50,2,1
100,2,2 100,3,3 83,6,5 100,1,1 100,1,1 100,1,1 100,1,1
64,25,16 21,14,3 14,14,2 100,1,1 100,2,2 100,1,1 100,1,1
0,2,0 56,9,5 47,17,8 22,18,4 100,2,2 100,1,1 100,1,1
11,9,1 100,1,1 100,2,2 100,2,2 100,1,1
25,4,1 13,8,1 57,7,4 72,29,21 67,3,2
64,11,7 50,4,2 57,7,4 100,3,3 50,2,1 0,1,0
75,4,3
100,5,5 38,8,3 80,5,4
83,6,5
43,7,3
67,3,2
100,7,7
100,5,5
73,11,8
0,1,0
0,1,0