WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Core Changes for SSL (6 posts)

  1. billibones
    Member
    Posted 1 year ago #

    Hey all, new to the forums here, but have a situation thats driving me crazy ... I have recently attempted to enable SSL on my wordpress site, and I am getting alot of insecure calls into the page. I can't find these things anywhere in any of the source code (checked through the entire wordpress installation and even the DB.)'

    I have tried WP Https to no avail, and have read through multiple forums that express similar issues with wordpress and ssl ... Can anyone just guide me as to where or what functions i need to be looking for to change in order to get everything to come through over SSL. I have learned that there are two different areas being called that can cause problems:
    Some in the root of WordPress and others from the plugin directory of said culprit plugin.

    I have my installation setup (General / Settings) to use https: for the site. And have run a test tool, that shows the base URL to be SSL and all forms to be SSL however the following come in insecure and I cant find how / where to change this ... ANY advice would be much appreciated. I have been looking and reading articles on the web in regards to SSL issues and just cant seem to wrap my head around how to get these things corrected. (I am using PageLines - Whitehouse theme)

    (Note: http://www..... = my domain name)
    SSL Checker Results
    ===============

    Unsecured Links:
    <a href="http://www...../wp-admin/post.php?post=912&action=edit" >
    <a href="http://www...../wp-admin/post.php?post=912&action=edit" >
    <a href="http://www...../wp-admin/post.php?post=908&action=edit" >
    <a href="http://www...../wp-admin/post.php?post=908&action=edit" >
    <a href="http://www...../wp-admin/post.php?post=906&action=edit" >
    <a href="http://www...../wp-admin/post.php?post=906&action=edit" >
    <a href="http://www...../wp-admin/post.php?post=812&action=edit" >
    <a href="http://www...../wp-admin/post.php?post=812&action=edit" >
    <a href="http://www...../wp-admin/about.php" >
    <a href="http://www...../wp-admin/about.php" >
    <a href="http://wordpress.org/" >
    <a href="http://codex.wordpress.org/" >
    <a href="http://wordpress.org/support/" >
    <a href="http://wordpress.org/support/forum/requests-and-feedback" >
    <a href="http://www...../wp-admin/" >
    <a href="http://www...../wp-admin/" >
    <a href="http://www...../wp-admin/themes.php" >
    <a href="http://www...../wp-admin/customize.php?url=http%3A%2F%2Fwww.....%2F" >
    <a href="http://www...../wp-admin/widgets.php" >
    <a href="http://www...../wp-admin/nav-menus.php" >
    <a href="http://www...../wp-admin/themes.php?page=imporved-simpler-css/improved-simpler-css.php" >
    <a href="http://www...../wp-admin/update-core.php" >
    <a href="http://www...../wp-admin/edit-comments.php" >
    <a href="http://www...../wp-admin/post-new.php" >
    <a href="http://www...../wp-admin/post-new.php" >
    <a href="http://www...../wp-admin/media-new.php" >
    <a href="http://www...../wp-admin/link-add.php" >
    <a href="http://www...../wp-admin/post-new.php?post_type=page" >
    <a href="http://www...../wp-admin/user-new.php" >
    <a href="http://www...../wp-admin/profile.php" >
    <a href="http://www...../wp-admin/profile.php" >
    <a href="http://www...../wp-admin/profile.php" >
    <a href="http://www...../wp-login.php?action=logout&_wpnonce=5d6399e3b2" >
    <a href="http://www...../wp-login.php?action=logout&_wpnonce=5d6399e3b2" >
    
    Unsecured Images:
    <img src="http://www...../wp-content/uploads/2013/01/100bill-150x145.jpg" >
    <img src="http://www...../wp-content/uploads/2013/01/ameraqLion.png" >
    <img src="http://www...../wp-content/uploads/2013/01/chromeSSLdisplayissues-300x143.png" >
    <img src="http://1.gravatar.com/avatar/b8e81a516c52afb49a779dc485e86542?s=16&d=http%3A%2F%2F1.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D16&r=PG" >
    <img src="http://1.gravatar.com/avatar/b8e81a516c52afb49a779dc485e86542?s=64&d=http%3A%2F%2F1.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D64&r=PG" >
    
    Unsecured CSS/Scripts/Style Sheets:
    <link href="http://www...../wp-content/themes/whitehouse/css/960.css" >
    <link href="http://www...../wp-content/themes/whitehouse/css/reset.css" >
    <link href="http://www...../wp-content/themes/whitehouse/css/trans.css" >
    <link href="http://www...../wp-content/themes/whitehouse/css/wp.css" >
    <link href="http://www...../wp-content/themes/whitehouse/style.css" >
    <link id="upm_polls.css-css" href="http://www...../wp-content/plugins/upm-polls/css/polls.css?ver=3.5" >
    <link id="admin-bar-css" href="http://www...../wp-includes/css/admin-bar.min.css?ver=3.5" >
    <link id="contact-form-7-css" href="http://www...../wp-content/plugins/contact-form-7/https://www...../wp-content/plugins/contact-form-7/includes/css/styles.css?ver=3.3.2" >
    <script src="http://www...../wp-content/plugins/upm-polls/js/jquery-1.4.2.min.js?ver=3.5" >
    <script src="http://www...../wp-includes/js/jquery/jquery.js?ver=1.8.3" >
    <div id="upm_loading" background="rgba(0, 0, 0, 0) url(http://www...../wp-content/plugins/upm-polls/img/loading.gif) no-repeat scroll 50% 50% / auto padding-box border-box" background-image="url(http://www...../wp-content/plugins/upm-polls/img/loading.gif)" >
    <script src="http://www...../wp-includes/js/admin-bar.min.js?ver=3.5" >
    <script src="http://www...../wp-content/plugins/contact-form-7/https://www...../wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.23" >
    <script src="http://www...../wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.3.2" >
  2. billibones
    Member
    Posted 1 year ago #

    Ok I was able to correct the Unsecured Links section. This was an oversight on my part as I was logged in as the admin, and the admin bar was causing the reference to the invalid links.

    I am still trying to figure out the "Unsecured Images" and "Unsecured CSS/Scripts/Style Sheets" areas to modify or adjust.

    Unsecured Images:
    <img src="http://www...../wp-content/uploads/2013/01/100bill-150x145.jpg" >
    <img src="http://www...../wp-content/uploads/2013/01/ameraqLion.png" >
    <img src="http://www...../wp-content/uploads/2013/01/chromeSSLdisplayissues-300x143.png" >
    <img src="http://1.gravatar.com/avatar/b8e81a516c52afb49a779dc485e86542?s=16&d=http%3A%2F%2F1.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D16&r=PG" >
    <img src="http://1.gravatar.com/avatar/b8e81a516c52afb49a779dc485e86542?s=64&d=http%3A%2F%2F1.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D64&r=PG" >
    
    Unsecured CSS/Scripts/Style Sheets:
    <link href="http://www...../wp-content/themes/whitehouse/css/960.css" >
    <link href="http://www...../wp-content/themes/whitehouse/css/reset.css" >
    <link href="http://www...../wp-content/themes/whitehouse/css/trans.css" >
    <link href="http://www...../wp-content/themes/whitehouse/css/wp.css" >
    <link href="http://www...../wp-content/themes/whitehouse/style.css" >
    <link id="upm_polls.css-css" href="http://www...../wp-content/plugins/upm-polls/css/polls.css?ver=3.5" >
    <link id="admin-bar-css" href="http://www...../wp-includes/css/admin-bar.min.css?ver=3.5" >
    <link id="contact-form-7-css" href="http://www...../wp-content/plugins/contact-form-7/https://www...../wp-content/plugins/contact-form-7/includes/css/styles.css?ver=3.3.2" >
    <script src="http://www...../wp-content/plugins/upm-polls/js/jquery-1.4.2.min.js?ver=3.5" >
    <script src="http://www...../wp-includes/js/jquery/jquery.js?ver=1.8.3" >
    <div id="upm_loading" background="rgba(0, 0, 0, 0) url(http://www...../wp-content/plugins/upm-polls/img/loading.gif) no-repeat scroll 50% 50% / auto padding-box border-box" background-image="url(http://www...../wp-content/plugins/upm-polls/img/loading.gif)" >
    <script src="http://www...../wp-includes/js/admin-bar.min.js?ver=3.5" >
    <script src="http://www...../wp-content/plugins/contact-form-7/https://www...../wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.23" >
    <script src="http://www...../wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.3.2" >
  3. redrocksrover2
    Member
    Posted 1 year ago #

    Hi.

    1) Were these images, CSS, and JS files uploaded into WP before you set your WP site to use SSL?

    2) It sounds like you have, but ensure that the WordPress address URL and Site address URL in your WP General settings are both set to use https:// instead of http://

    3) See this page for information about confirming that your .htaccess file is rewriting requests for WP content as HTTPS: http://ithemes.com/codex/page/Fix_Non-SSL_Elements_on_SSL_Page. (Personally I would avoid the "Solution #2" suggestion at the bottom of that page to use a plugin.)

    4) Be sure that you are forcing SSL for all admin activities in your wp-config.php file: define('FORCE_SSL_ADMIN', true); Of course this won't affect your content - only admin pages and logins.

    5) Check that you don't have hard-coded URLs in any of your templates, template modules, or widgets that start with http://. Also be sure that if you're using any plugins that they, too, aren't outputting hard-coded URLs to http://

    Hope that helps somewhat in tracking down the issues...

  4. billibones
    Member
    Posted 1 year ago #

    Thank you very much for you reply. Most (I'd say 80%) of the images, CSS and JS files were uploaded into WP prior to going SSL. (I will start a new side sandbox with a fresh install of WP and start SSL ... perhaps then a migration of the old site in this new one?

    I had looked into modifying my htaccess file, but when I did, I would get the message: Too many redirects. I checked memory and upped to 80mb. But with the same result. My current htaccess:

    # BEGIN WordPress
    RewriteCond %{SERVER_PORT} !=443
    RewriteRule .* https://%{HTTP_HOST}/$1 [R=301,L]
    # END WordPress

    I was forcing SSL on Admin and Login, but the Admin pages would display as insecure. (Although in general settings I am set to https:)

    I noticed the plugins causing some breaks, and I am looking to find the code that is offending ...

    Thanks so much for your reply. I think I should find a solution one way or the other with your suggestions =).

    Much appreciated. Sometimes you are just staring at it too long and not able to see some of the potential problem areas to perhaps consider. Thanks again!

  5. billibones
    Member
    Posted 1 year ago #

    Just wanted to follow up with this and thank you again. As of 4am last night I was finally able to get the entire site secure. A little bit of a headache and some of it cryptic, but its working! lol ...

    Still have some areas I dont understand though ... One of my insecure calls was coming from a jquery.js?ver=x.x.x (in this case 1.8.3) .. Not sure where that came from as I use the 1.9.x library. Didn't look like it was from a plugin but from WP itself. And I could only locate it in the "cache'd") (<-- I think that's what these are (folders start with strange file names like: ar\__cat, de\__cat,ja\_ this goes all the way into the Zh\_) files within WP (Not sure if I can get rid of these, about 223 files like this all with this 1.8.3 call., and I could not find the offending register of the jquery library. (ie. wp_enqueue_script) ... /shrug...

    Anyhow I have manually gone through and changed all of those and loaded it up one more time before going to bed and got all "green" locks across 4 different browsers. (Talk about smiling ...) lol .. Anyhow I just wanted to say thank you again for replying back ... Really helped me step away from the code for a minute and look over everything again.

    Peace!

    (FYI: Just a side note: I was able to get this site SSL compliant without the use of WP HTTPS and using Network Solutions Shared SSL. (I know folks have had issues with these guys: but it does work!))

  6. redrocksrover2
    Member
    Posted 1 year ago #

    @billibones: With regard to the jQuery library links, if you're doing so, you really shouldn't manually place jQuery scripts into your templates because they can really screw with WordPress's own script management.

    See here:
    http://www.ericmmartin.com/5-tips-for-using-jquery-with-wordpress/

    In short: use the wp_enqueue_script(), wp_deregister_script() and wp_register_script() functions to modify and/or add your own libraries, then let WP manage the dependencies. This could help to solve your insecure/non-SSL calls, and it'll be particularly important if you're using plugins that rely on jQuery, too.

Topic Closed

This topic has been closed to new replies.

About this Topic