WordPress.org

Ready to get started?Download WordPress

Forums

WordPress HTTPS (SSL)
[Plugin: WordPress HTTPS] Partial Encryption Error Issues! HELP (5 posts)

  1. richjunkie
    Member
    Posted 3 years ago #

    Hey Mike,

    excellent plugin and great support. I am really struggling (i'm sure i'm not the only one) with trying to get my checkout page on WordPress to validate securely. I am running an ecommerce site and have purchased the SSL certificate and it is installed. How naive of me thinking this would be all I needed to do. Then I noticed the errors on the page and how it was only partially encrypted. Then I found out all the html and css, images etc had to show as 'https' not 'http.' And then their is java script and many incompatible plugins. What a nightmare!

    Then I found your plugin and am finally starting to make some head way. Still not 100% there though. What I am doing is going through the page source of my checkout page and using the text search finding all instances of "http://" on the page. Before I installed your plugin it showed up 31 times, after I activated your plugin with the Internal HTTPS Elements box checked the number of times http:// showed up on the page was 20 (progress).

    Then I decided to check the Force SSL Exclusively option and check the Force SSL box on the actual page. Then I checked the source again and the number of http:// showing on that page went to 37? So I went back
    to the standard plugin setting.

    I have also gone through chrome developers tools and deactivated each plugin one by one while force refreshing the page as I though maybe something was interferring with your plugin but the errors stayed the same.

    It seems there is some unsafe java script and some images on the page that are causing the problem. I have no issue changing links that are not hardcoded but the culprits seem to be image files I have uploaded into the admin library and the links are hardcoded so I really have no clue how to change them to https? I would love your expert advice on this as I really need this page to encrypt properly for my customers and business sake. The link to the page I need to secure is:

    http://www.churtees.co.nz/store/checkout

    Sorry about the massive post!

    Nate

  2. Mvied
    Member
    Plugin Author

    Posted 3 years ago #

    Hey Nate,

    The problem is actually the method the images are being loaded into your page. There is a lot of JavaScript that loads those images. Currently, my plugin has issues finding these and fixing them. Mostly, because the plugin is content aware in that it won't fix things without verifying that they need to be fixed. Due to the nature of JavaScript, there's no sure-fire way to fix them. But, after checking out your site, I think I have an idea. I'm going to do some modifications to the plugin and push out the next version next week. I'll post here when it's updated, and we can go from there.

    Thanks for downloading!
    Mike

  3. vivahume
    Member
    Posted 3 years ago #

    Hi Mike,

    I'd also like to say thanx for the great plugin. I was runing my site 100% SSL but but that is obviously not an optimal solution when only a few pages need it....

    In any event, I think I have a similar problem, I have a plugin (Simple-Real-Estate-Pack) that is adding some javascript to the header, and it seems that these are causing my page to show up as 'partially secure'

    The problem seems to be here:

    <script type="text/javascript">
    //<![CDATA[
    	tb_pathToImage = "http://www.sherissehume.com/wp-includes/js/thickbox/loadingAnimation.gif";tb_closeImage = "http://www.sherissehume.com/wp-includes/js/thickbox/tb-close.png";</script>
    <script type="text/javascript">
    	var srp_url = "http://www.sherissehume.com/wp-content/plugins/simple-real-estate-pack-4";
    	var srp_wp_admin = "https://www.sherissehume.com/wp-admin";
    //]]>
    </script>

    the page is:
    https://www.sherissehume.com/get-started/quick-mortgageapplication/

    If I switch the WP home/site url to https:// then everything is fine... so I only presume they are using bloginfo() or something similar to pull the URL.

    I've played with the options of the plugin but can't seem to find the sweet spot.

    Any thoughts on how to tweak that?

    Thanx again!

  4. vivahume
    Member
    Posted 3 years ago #

    Hi,
    Just to be more specific, it seems the plugin uses:

    get_option('siteurl')

    to pull the path info - this then ends up as http:// in the

    <script>

    tag in the header...

    I would imagine that this is used in many places?? so I'm a bit unsure why it's getting through? [script] tag maybe??

  5. vivahume
    Member
    Posted 3 years ago #

    Hi Again,

    Ok, so with some more digging/reading of your forum I seem to have managed to sort it out...

    For the record, the magic post is here

    I just wanted to add something in regards to the information posted in the codex here where (I presume) you talk about SSL compatibility (backwards compatibility code),

    I originally couldn't get it to work with the example code as is and had to change one line from:

    $wp_content_url = get_option( 'siteurl' );

    to:

    $wp_content_url = site_url();

    This properly returned the correct protocol (HTTPS).

    It also worked with:
    $wp_content_url = get_bloginfo('url');

    I know there are some subtle differences between these various methods to return the url, but unfortunately, I'm not well versed enough to understand the subtleties (only what works!! ;o)

    In any event, I thought I'd pass that along...

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic