Reading topics and comments in this forum I believe that one SSL certificate should be enough because I have subfolders.
Should be, yup π
You may need a plugin like http://wordpress.org/extend/plugins/wordpress-https/ to force https across the board.
Hi Mika,
I’ve seen that plugin, although I think that it’s an interesting plugin, I haven’t tried it because on the FAQs the author says:
How do I make my whole website secure?
To make your entire website secure, you simply need to change your site url to use HTTPS instead of HTTP.
Which is what I did for the single site by the way, therefore I thought that it was better suited for those websites that want to secure only some areas, like admin pages, login, edit profile, ecc.
And that would be ok if only I hadn’t read on the web that mixed http/https browsing is potentially dangerous for logged in users, because it exposes users’ cookies to the unfriendly world, so to speak.
Ideally I would like to come up with a situation where users normally use “http” on the frontend but once they log in they use “https” everywhere, back and front end, until they log out. So I have to find an easy-enough-for-me way to recognize logged in users and keep their connections ‘always secure’ through https and SSL.
Even an always on secure connection, wether the users are logged in or not, would be ok I guess.
Do you think it’s possible? I mean for me, obviously! :o)
Thanks a lot
I thought to do the same with Multisite but, since I can’t do this change in Network Settings, do I have to do it in Sites –> Edit Site –> Settings for every subsite (Siteurl, Home, Fileupload url)?
Basically that’s what you have to do :/ And even then I’m not 100% sure it’ll work.
Hi Mika,
(Houston) I have a problem!
You might well say that this is nothing new… π
It doesn’t seem like the protocol part http://
is changeable on the main site, in fact in Sites–>Edit Site–>Settings http://localhost
is greyed out in all the istances (Siteurl and Home) except Ping Sites, File Upload URL and Network Sidebar Login Forum Url.
Instead in the subsites, like http://localhost/fr-FR
, Siteurl and Home aren’t greyed out.
How can I change the protocol in the URLs of Siteurl and Home of the main site?
Have a nice day and thank you.
You’d have to set it before you flip on Multisite, I’d imagine. Or edit directly in the DB.
Ouch! Editing a database, never done before…
I guess that I’ll try to edit the DB first and if I break the database, turning my test site into garbage, then I’ll try to set https on a new installation before flipping to multisite.
Hopefully I’ll be able to publish my website before the end of my days! π
Thanks a lot Mika.
Hi mika,
I looked at the tables of my database and found the “http”s, that I’m supposed to change into “https”s, only in the options tables. I have three of them: wp_options for the main site, and wp_2_options and wp_3_options for the subsites. (Well, also in the links tables there are “http”s but they are in the links to wordpress.org).
I changed them manually one by one and, after a couple of failed attempts, the secured site came to life. Overall it seems to work even if there are some rough spots that I’d like to eliminate. For example, if I want to add a custom menu link, WordPress still starts the URL with “http://”. I noticed it because I had to change all the custom menu links that I had already, but I’m sure that I’m going to find more links that needs to be manually adjusted.
Now I think that I need to find a way to redirect all the requests to the http site to the secured one.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Maybe? In theory that should do it.
I guess that I have to add that code to the .htaccess file.
I’ll keep that in mind when I publish my real website, but I realized that I don’t need it in my development environment right now. In fact, for some kind of magic, the website responds at http://localhost
and then, whatever thing one does or clicks, she goes directly through https to the corresponding secured page and never leaves the secured site.
I don’t know exactly why it works this way but I think it depends on WebMatrix and its behind the back “bindings”: WebMatrix uses a file named applicationhost.config where there is something like this:
<bindings>
<binding protocol="http" bindingInformation="*:80:localhost" />
<binding protocol="https" bindingInformation="*:443:localhost" />
</bindings>
.
Thanks a lot for your help and support, have a good day! π
Hi Mika,
I’m uploading my website and I wonder where I am supposed to put your snippet of code, I have an .htaccess file that looks like this:
# Use PHP5 Single php.ini as default
AddHandler application/x-httpd-php5s .php
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
# uploaded files
RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]
# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^[_0-9a-zA-Z-]+/(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^[_0-9a-zA-Z-]+/(.*\.php)$ $1 [L]
RewriteRule . index.php [L]
# END WordPress
Thanks!