WordPress.org

Ready to get started?Download WordPress

Forums

WordPress HTTPS (SSL)
HTTPS when logged in HTTP when not (6 posts)

  1. baritoneuk
    Member
    Posted 1 year ago #

    I have "Force SSL Administration" switched on which works really well to force SSL for the WP dashboard.

    However I want to force SSL when logged in (pages, posts and admin) and to redirect to HTTP when not logged in (except for pages marked as SSL). I don't really want two versions of the site (SSL and non-SSL) to be available. Just SSL for logged in and non-SSL if you're not logged in.

    I'm finding that if someone logs in on HTTP they get redirect to HTTPS and they're not logged in anymore. I don't know whether there could be some incompatibility with the "Theme My Login" plugin? I am redirecting subscriber users to a "members page" on the website once they log in- they never see the WP dashboard.

    Thanks.

    http://wordpress.org/extend/plugins/wordpress-https/

  2. Mvied
    Member
    Plugin Author

    Posted 1 year ago #

    What are your Site URL and SSL Host? What other settings do you have enabled?

  3. baritoneuk
    Member
    Posted 1 year ago #

    I'd rather not list the URL at the moment as the site hasn't gone live yet.

    It's difficult to know what settings you might need for this. I've built a custom theme built on the Roots theme.

    Could you tell me what is supposed to happen with WordPress HTTPS? It looks like it doesn't do what I want to do out of the box.

    For the time being I've created my own work around by adding the following to my functions.php file:

    $https_URL = "https://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
     $http_URL  = "http://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
    
    if((strpos($_SERVER["REQUEST_URI"],"/login/") !== FALSE OR strpos($_SERVER["REQUEST_URI"],"/contact/") !== FALSE) && $_SERVER["HTTPS"] != "on") {
            header("Location: $https_URL",TRUE,301);
            exit();
    }
    
     // This forces logged in users to use HTTPS
    if (is_user_logged_in() && $_SERVER["HTTPS"] != "on"){
            $newurl = "https://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
            header("Location: $https_URL");
            exit();
    }
    
     // Forces not logged in users to use HTTPS (except for certain pages)
    if (!is_user_logged_in() && $_SERVER["HTTPS"] == "on" && strpos($_SERVER["REQUEST_URI"],"/login/") === FALSE && strpos($_SERVER["REQUEST_URI"],"/contact/") === FALSE){
            header("Location: $http_URL",TRUE,301);
            exit();
    }

    It's a bit of a hack, but it works. I'd far rather use the WordPress HTTPS plugin.

    Thanks!

  4. Mvied
    Member
    Plugin Author

    Posted 1 year ago #

    Force SSL Exclusively does exactly what it describes. Anything not forced to be HTTPS will be redirected to HTTP.

    If your SSL Host does not match your Site URL, it will not be possible to log into both HTTPS and HTTP at the same time. That's why I asked.

  5. baritoneuk
    Member
    Posted 1 year ago #

    I'm not sure how the plugin implements redirection- do you rewrite links from http:// to https:// and vice versa? If so, I am wondering whether it is the Roots Theme that is causing the issues. Roots makes all links site relative. This might mean that the HTTPS plugin won't work.

  6. Mvied
    Member
    Plugin Author

    Posted 1 year ago #

    Impossible to say without looking at it myself, really. It could be anything.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic