WordPress.org

Ready to get started?Download WordPress

Forums

WordPress HTTPS (SSL)
[Wordpress HTTPS] Entry of URL with and without www doesnt lead to https (15 posts)

  1. webass
    Member
    Posted 1 year ago #

    Hi,
    on a clients site I installed the SSL cert correctly and now use WordPress HTTPS ...
    what I really wonder about is this:
    When You type in the adress in the browser like http://www.mydomain.com or mydomain.com and do NOTHING more, then the URL doesnt change to https automatically.
    Why is this so and is this standard behaviour?

    When I start browsing the site, over the menu, the links ARE forced to https.
    But I expected, that already ONLY typing in the URL would leave to a force to https in the browser without doing anything else...

    Cheers.
    Thanks in advance ofr any input.
    Andre

    http://wordpress.org/extend/plugins/wordpress-https/

  2. Samuel Wood (Otto)
    Tech Ninja
    Posted 1 year ago #

    We have an article for that:

    Administration Over SSL

  3. webass
    Member
    Posted 1 year ago #

    no, sorry.
    My only question is:
    Why, when entering the URl, http://www.mydomain.com there is NOT HTTPS DIRECTLY???

    I mean, the http://www.domain.com STAYS http://www.domain.com instead of being forced to https://www.domain.com.....

    Anything not understood of my question?

  4. webass
    Member
    Posted 1 year ago #

    To say it otherwise:
    When I enter the domain name with www or without, it stays www or wihtout, but NO HTTPS automatically appears, UNTIL I click any links on the page.
    So, the page is secure generally.

    I want to know, why ONLY typing in the domain name doesnt force a https to get infront like on many other pages I see ...

    Furthermore I got a StartSSL cert running, the free version.

    Is it normal? For a small cert? Or is anything missing in WP or htaccess settings?

  5. Samuel Wood (Otto)
    Tech Ninja
    Posted 1 year ago #

    On the Settings->General screen, does the WordPress and Site Addresses have an https in them?

    WARNING: Changing these two values to invalid ones will break the site instantly. Be careful, and if you do change them and break the site, you can read this article to change them back:

    Changing the Site URL

  6. webass
    Member
    Posted 1 year ago #

    Hi,thanks for your post.

    Sure it does, as stated above, the WHOLE website is running correctly on SSL as soon as you surf it and click the first link.
    This is the site http://www.invivo-group.de
    The only problem I have, is, that after entering the URl in the browser, there is no https force.
    It just doesnt change the adress.
    Take a look when You visit the link. nothing will happen, as long as You dont click on the logo or on a menu link. ONLY THEN, on a click, the https exists.

    You know?
    Normally, you type in http://www.mydomain.com and when everything is correct, it will automatically change to https://www.mydomain.com.
    Right?

    Why isnt this the case here?
    Am I missing anythign in the htaccesss maybe?

  7. AITpro
    Member
    Posted 1 year ago #

    Your Response Headers are good so this is URL level / rewrite / settings issue/problem or could be a plugin or theme conflict.

    I sent you an email about the woff problem and a link to that fix.
    your shortcut icon link has http and not https. This is coming from your theme and would need to be fixed in your theme.

  8. AITpro
    Member
    Posted 1 year ago #

    Try adding this before any other code in your .htaccess file. I have seen that some caching plugins may interfere with the Rewrite to https when you incorporate this Rewrite below the cache and in your WordPress Rewrite loop start .htaccess code.

    RewriteEngine On
    RewriteCond %{SERVER_PORT} ^80
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    or

    RewriteEngine On
    RewriteCond %{SERVER_PORT} ^80
    RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [L]
  9. webass
    Member
    Posted 1 year ago #

    Hi Edward,
    thanks for entering the ticket.
    I fixed the ico link, but this alone doesnt solve the problem. Now I have involved the people from theme framework, because the fonts are implemented over their eidtor tool. Maybe we can sort it out first this way, before changing htaccess.

  10. AITpro
    Member
    Posted 1 year ago #

    Corrections/Improvements:

    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteCond %{SERVER_PORT} ^80
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

    or

    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteCond %{SERVER_PORT} ^80
    RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [R,L]
  11. AITpro
    Member
    Posted 1 year ago #

    This is BPS / BPS Pro specific info pertaining to using BPS / BPS Pro Custom Code and in the case where the normal method of incorporating http to https rewriting/redirection into the start of the WordPress Rewrite Loop does not work for some reason.

    Typically/Normally you would incorporate this code into the WordPress Rewrite Loop start. Note: This is for websites with valid SSL certificates and the entire site is intended to be SSL/HTTPS.

    # CUSTOM CODE WP REWRITE LOOP START - Your Custom htaccess code will be created here with AutoMagic
    # WP REWRITE LOOP START
    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTPS} !=on
    RewriteCond %{SERVER_PORT} ^80
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
    RewriteRule ^index\.php$ - [L]

    If the code above does not work to automatically rewrite/redirect from http to https...

    1. Copy this .htaccess code below to the…

    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteCond %{SERVER_PORT} ^80
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

    ...CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE: Add php.ini handler and/or plugin cache code here text area/box…

    IMPORTANT NOTE!!!: If you have/are currently using php/php.ini handler .htaccess code it needs to be copied to this Custom Code text box. If you have .htaccess caching code it should also be copied to this Custom Code text box. The order of the .htaccess code should be this: php/php.ini handler .htaccess code, SSL/HTTPS rewrite .htaccess code then .htaccess caching code.

    See these Threads/posts before trying this if you are using WPSC or W3TC:
    WP Super Cache: http://wordpress.org/support/topic/how-to-setup-supercache-to-work-with-ssl-https-site?replies=6
    W3 Total Cache: http://www.w3-edge.com/weblog/2011/11/how-to-w3tc-https-ssl/

    2. Click the Save Root Custom Code button.

    3. Go to the Security Modes page and click the Create secure.htaccess File AutoMagic button.

    4. Activate Root Folder BulletProof Mode.

  12. AITpro
    Member
    Posted 1 year ago #

    @webass (funny handle LOL) - On a personal note I have not installed and tested the WordPress HTTPS (SSL) plugin yet to see all that it does. It may be that this plugin already handles/does all of these things without having to add additional .htaccess code and this particular issue/problem has to do with some additional factor on your website that is not obvious at this point. Will post back here after testing this plugin.

  13. AITpro
    Member
    Posted 1 year ago #

    hmm ok I have tested this plugin and confirmed that typing in or clicking on an HTTP link will NOT automatically redirect you to HTTPS based on these testing conditions.

    Environment: XAMPP
    WordPress General Settings:
    WordPress Address (URL) https://demo.local
    Site Address (URL) https://demo.local
    Self created OpenSSL SSL Certificate
    vhost configuration:

    <VirtualHost demo.local:443>
        ServerAdmin postmaster@localhost
        DocumentRoot "C:/xampp/htdocs/demo"
        ServerName demo.local:443
        ServerAlias demo.local
        <Directory "C:/xampp/htdocs/demo">
       	Options Indexes FollowSymLinks Includes ExecCGI
        	AllowOverride All
            Order Allow,Deny
            Allow from all
        </Directory>
        SSLEngine on
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile "conf/ssl.crt/demo.local.crt"
        SSLCertificateKeyFile "conf/ssl.key/demo.local.key"
        <FilesMatch "\.(cgi|shtml|phtml|pl|asp|php)$">
           SSLOptions +StdEnvVars
        </FilesMatch>
         <Directory "C:/xampp/cgi-bin">
           SSLOptions +StdEnvVars
       </Directory>
        BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
    </VirtualHost>

    This .htaccess code incorporated into the start of the WordPress Rewrite Loop on the other hand DOES redirect all HTTP Requests to HTTPS.

    # WP REWRITE LOOP START
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]

    WordPress Rewrite Loop start with https rewrite code incorporated.

    # WP REWRITE LOOP START
    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTPS} !=on
    RewriteCond %{SERVER_PORT} ^80
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
    RewriteRule ^index\.php$ - [L]
  14. AITpro
    Member
    Posted 1 year ago #

    My suggestion to the plugin author would be to do a preg_match on the root .htaccess file and preg_replace this .htaccess code into the root .htaccess file.

  15. webass
    Member
    Posted 1 year ago #

    Hi,
    everything works great with this htaccess code.
    On typing the www. and none-www url in browser it is forced to https automatically.

    In the case that the plugin developer follows Your suggestions, I hope that on a plugin update of wordrpress https the two codings dont conflict with each other.

    Thanks again, AITpro.
    Cheers.
    Andre

    P.S.: FYI: The google font problem wasnt causing this issue, according to the theme framework develpers. It is a bug that is older and not has been corrected by google, since. One has no influence on this.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic