WordPress.org

Ready to get started?Download WordPress

Forums

SSL Insecure Content Fixer
[resolved] enqueued css & javascript not changed to https:// (5 posts)

  1. purplebabyhippo
    Member
    Posted 11 months ago #

    My site is http://www.reynardscountrywear.co.uk & is an eccomerce site using woocommerce.
    I have purchased a SSL certificate & I want to use it on the my-account & cart pages (secure payment is taken care of with a payment gateway. I can load any of the pages with https:// but all the enqueued csss, javascript, pages links, in-fact everything is served from http:// & therefore it reports an insecure page. I am using wordpress HTTPS as well as your plugin & I have my-account page forced with SSL - when you click on my-account page your are taken to https:// but the page is un-styled & view source shows all the files to be from http://
    I want the user to be re-directed to http://www.reynardscountrywear.co.uk if they type https://www.reynardscountrywear.co.uk for all the pages not secured via force SSL but this is not happening.
    I even changed my wordpress site url to https:// under general settings but all the files were still http:// !
    I have changed it back to http:// as it looked a mess & my client is checking it over.
    I used your test ssl & the page loaded with the green padlock so I presume my SSL is working & detectable.
    Please can you take a look & I would be grateful for any help. I've no experience with SSL & am at a loss as to what to do next.
    The site currently has a password on it: PBH%R3ynards

    http://wordpress.org/plugins/ssl-insecure-content-fixer/

  2. webaware
    Member
    Plugin Author

    Posted 11 months ago #

    G'day purplebabyhippo,

    When you run the "test ssl" function, it actually tells you on the page:

    is_ssl() says: no, SSL not detected

    Your server may be behind a load balancer or reverse proxy.

    The test page can't see any way of detecting SSL, which some reverse proxies provide, so I'm guessing that you're hosted on Network Solutions or similar hosting company that doesn't give you much help there.

    To fix, try downloading this gist and saving it into your plugins folder, then enable the plugin "Force SSL URL Scheme". It only works when your website has the site URL set to use HTTPS, so turn that back on after you install and active this plugin.

    cheers,
    Ross

  3. purplebabyhippo
    Member
    Posted 11 months ago #

    Ross,
    Thank you so much, your plugin has worked! I had to deactivate HTTPS plugin because on the pages I hadn't forced SSL it was stuck in a loop trying to re-direct back to http://
    My home page is now completely secure & the other pages just require me to update some image urls.
    I originally only wanted SSL on the account pages as I was concerned about page load times but I would rather have a completely secure site then the mess I had earlier! Does that mean that it's not possible to secure only part of a site if you have a server behind a load balancer or reverse proxy? My hosting & SSL are from 123-reg but I am thinking of changing to a VPS or cloud hosting so I would like to know so I have the choice next time. Once again, thank you so much for replying so quickly,
    all the best
    Angie

  4. webaware
    Member
    Plugin Author

    Posted 11 months ago #

    G'day Angie,

    Yes, this solution means the whole site needs to be on SSL, because it's the only way to make WordPress know that you're loading content with SSL. Basically, that gist script is saying, "if the site URL uses SSL, tell WordPress that we're using SSL". It's a limitation of your hosting environment.

    cheers,
    Ross

  5. webaware
    Member
    Plugin Author

    Posted 11 months ago #

    Ah, just reread your post. If you change to a host that has a reverse proxy but also supports the HTTP_X_FORWARDED_PROTO server variable, then you can add some code to your wp-config.php to detect when SSL is used, and run the rest of your site on plain HTTP. See the second question in the FAQ for details. Your current host doesn't support that server variable, hence the catch-all fix.

    cheers,
    Ross

Reply

You must log in to post.

About this Plugin

About this Topic