WordPress.org

Ready to get started?Download WordPress

Forums

WordPress HTTPS (SSL)
[resolved] [Plugin: WordPress HTTPS] HTTPS partially secure (12 posts)

  1. Mr.Harmlos
    Member
    Posted 3 years ago #

    In the header.php of my template firebug tells me it gets "http://" answeres and that makes my WP partially secure ...
    (own CA with own SSL cert imported CA in the right places and works)

    theses are the rotten eggs in the header.php of my template:

    <?php wp_enqueue_script("jquery"); ?>

    and

    <link rel="stylesheet" type="text/css" media="all" href="<?php bloginfo( 'stylesheet_url' ); ?>" />

    get_stylesheet_uri is in general_template.php --->

    function get_bloginfo( $show = '', $filter = 'raw' ) {
    case 'stylesheet_url':
    $output = get_stylesheet_uri();
    break;}

    themes.php :

    function get_stylesheet_uri() {
    	$stylesheet_dir_uri = get_stylesheet_directory_uri();
    	$stylesheet_uri = $stylesheet_dir_uri . "/style.css";
    	return apply_filters('stylesheet_uri', $stylesheet_uri, $stylesheet_dir_uri);
    }

    My Php is beginner ^^ So where is what broken and how to fix :D

    greets and thanks for your plugin btw ;)

  2. hedronist
    Member
    Posted 3 years ago #

    You are not alone. Checkout this plugin: WordPress HTTPS.

  3. Mr.Harmlos
    Member
    Posted 3 years ago #

    uhm how do i say this ... hedronist did you notice the tag in the post title ;)

  4. Mvied
    Member
    Plugin Author

    Posted 3 years ago #

    Mr.Harmlos, what he's saying is that the plugin should fix what you're pointing out. If not, your settings aren't correct, or there's a bug.

    What is your website?
    What settings do you have enabled?

    Thanks,
    Mike

  5. Mr.Harmlos
    Member
    Posted 3 years ago #

    Hi
    Thx for your care ;)

    Website is local atm ...
    Basic WordPress 3.04

    Plugins:

    nginx Compatibility (PHP5)
    WordPress HTTPS

    Template is a modded witheboard http://whiteboardframework.com/

    As i understand the Template css location is called by internal code in WordPress ... and jquery too ...
    If i click on a post it is a http link too ...

    If i change WordPress address (URL) Site address (URL) to https (the brute version) the website is secure ...

    I dont understand code good enought to solve this ...

    any idea ?

  6. Mvied
    Member
    Plugin Author

    Posted 3 years ago #

    You don't need code to resolve this, like I said, my plugin should be fixing them. That's the primary purpose of the plugin, and if it's not working, there's a problem. The plugin uses output buffering to modify the rendered source code AFTER WordPress generates the HTML that the end-user would see. WordPress HTTPS scans through the code and makes the proper modifications to make sure elements and links are HTTPS if they need to be.

    What settings do you have enabled?

    Thanks,
    Mike

  7. Mr.Harmlos
    Member
    Posted 3 years ago #

    Internal HTTPS Elements - on
    External HTTPS Elements - on

    The rest off ...

    Bypass External Check doesnt changes things ...

    i used firebug in mozilla to track the non https parts ...

    and that would be ... as in the first post mentioned :

    <?php wp_enqueue_script("jquery"); ?>
    =
    http://domain/wp/wp-includes/js/jquery/jquery.js?ver=1.4.2

    and
    <link rel="stylesheet" type="text/css" media="all" href="<?php bloginfo( 'stylesheet_url' ); ?>
    =
    http://domain/wp/wp-content/themes/whiteboard/whiteboard/style.css

    nging config for SSL

    server {
    	listen       		443 ssl rcvbuf=64k backlog=128;
            server_name  		x;
    
    	charset 		utf-8;
    
    	ssl                 		on;
    	ssl_certificate     		x:/x/x/ssl.crt;
    	ssl_certificate_key 		x:/x/x/ssl.pem;
    
    	ssl_session_timeout 		2m;
            ssl_protocols  			SSLv3;# TLSv1;
            ssl_ciphers  			HIGH:!ADH:!MD5;
            ssl_prefer_server_ciphers   on;
    
    	location ~ \.php$ {
    	root           		html;
    	fastcgi_param 		HTTPS true;
    	try_files		$uri  /er/404.html;
            fastcgi_pass   		127.0.0.1:9000;
            fastcgi_index  		index.php;
    	include        		fastcgi_params;
            fastcgi_param  		SCRIPT_FILENAME  x:/x/nginx/html$fastcgi_script_name;
            }
      location / {
    	root 					html;
    	index 					index.html index.php index.htm;
    	}

    no rewrite rules ...

    WordPress runs on mysql
    php is newest stable ....

    Everything pretty much standard ...

    ill try the standard template ...
    same problem the css file is not https ..

    in my template there are 2 backgroundpictures and their not https too

    http://wordpress.pastebin.com/5jAsjaGt - The header.php ...

    its a private Blog so it doesnt matter that much but ... i mean it should work .... and i like things that work ^^

    greets

  8. jackaperkins
    Member
    Posted 2 years ago #

    Like others I found partial success with the HTTPS wordpress plugin, but my style sheets and other header links were wrong. I have http://mydomain and https://passthroughssl.differentdomain , so my linked style sheets ended up with HTTPS of the first url, as it's the site url.

    Try the three lines of php in your wp-config.php file here:

  9. Mvied
    Member
    Plugin Author

    Posted 2 years ago #

    Hey jackaperkins,

    If you're having problems with the plugin, please start a support topic.

    Thanks,
    Mike

  10. Mr.Harmlos
    Member
    Posted 2 years ago #

    The problem is still peresistent .... and not resolved but ignored ...

  11. Mr.Harmlos
    Member
    Posted 2 years ago #

    While digging around in the problem

    i added the priority 1 to all of your filters ... didnt help ..^^

    i found

    // If URL matches home_url, but lacks www, add www
    			// if ( strpos(get_option('home'), '://www.') !== false && strpos($url, '://www.') === false && parse_url($url, PHP_URL_HOST) != NULL ) {
    			// 	$url_host = parse_url($url, PHP_URL_HOST);
    			// 	$url_host_www = 'www.' . $url_host;
    			// 	if ( strpos(get_option('home'), $url_host_www) !== false ) {
    			// 		$string = str_replace($url_host, $url_host_www, $string);
    			// 	}
    			// }

    since i use no-ip.org and the free version doesnt allow www dns i deactivated the option ... checkbox optionable for others maybe ?

    looked into the devtools errors again ....

    [blocked] The page at https://domain/ ran insecure content from http://domain/wp-content/themes/whiteboard/whiteboard/style.css.
    [blocked] The page at https://domain/ ran insecure content from http://domain/wp-includes/js/l10n.js?ver=20101110.
    [blocked] The page at https://domain/ ran insecure content from http://domain/wp-includes/js/jquery/jquery.js?ver=1.6.1.
    [blocked] The page at https://domain/ ran insecure content from http://domainhttps/?ver=3.2.1.
    [blocked] The page at https://domain/ ran insecure content from http://platform.twitter.com/anywhere.js?id=xxxxxxxxxx&v=1.
    [blocked] The page at https://domain/ ran insecure content from http://domain/index.php?ak_action=aktt_css&v=2.4.
    [blocked] The page at https://domain/ ran insecure content from http://domain/index.php?ak_action=aktt_js&v=2.4.
    [blocked] The page at https://domain/ ran insecure content from http://domain/wp-content/plugins/wp-syntax/wp-syntax.css.

    This seems not normal [ http://domainhttps/?ver=3.2.1. ]

    So as it seems to me like

    function bloginfo didnt do anything ...

    and may be the non existing www messes up the regexp filter ...

    ...

  12. Mvied
    Member
    Plugin Author

    Posted 2 years ago #

    Mr.Harmlos,

    I took a hiatus from the plugin, but have been back for a couple of months now. I marked it resolved since it was so old.

    Commenting out that section really won't have any affect no matter what your domain is. If your home_url has www in it and the URL given to that method matches the domain, but lacks www, it adds it so that it is properly rewritten by this line: $string = str_replace($this->http_url, $this->https_url, $string);

    The plugin does not rely on filters to fix the source, it uses output buffering. The filters are there to help, but are not what fixes most of the insecure content issues.

    It's more likely that, for some reason, the output buffering is not working correctly, or you have WordPress set up in an unusual way. Either way, I'm not going to be able to help without seeing the website since everything you're showing me should be fixed by the plugin already.

    Thanks,
    Mike

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic