You may want this in your wp-config:
define('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);
Also, do I need to make any changes in the database using something like the script “Search and Replace for WordPress Databases Script?”
Yes. Do a search for ‘http://domain.com’ and replace with https 🙂
Ipstenu – thank you very much.
I took the steps and everything seems to be working fine.
Also, in .htaccess under “RewriteEngine On”…
I included this code, which seems to do a great job at redirecting all incoming traffic to https:
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
I was initially terrified at the thought of having to create individual redirects for each page in our site.
Thanks again!
The only thing I think I’m missing is scanning whole website for insecure links. Site has thousands of pages, and doing this manually won’t work.
Any suggestions for a good script/site that will scan whole site and identify insecure links?
Thank you for the link.
Apologies – I should have been more clear.
I’ve discovered just because there are no “not secure” links in the database, it doesn’t mean that they don’t still exist in the site.
For example, I’ve had to remove the following plugins:
Really Simple Share
Feedburner plugin (for showing list of most recent posts)
Both of these plugins appear to use CDNs that use servers that are not secure. It took forever for me to figure out why, but pages/posts with these plugins trigger “page not secure” warnings in the users browser.
What I was looking for was a script that could scan a site and find pages that will trigger “page not secure” warnings for the user. I found one site that does this, but it only scans 200 pages, and it shows a lot of false positives (from outgoing links, which don’t seem to trigger warnings). A script that could scan a site for warnings, and maybe even monitor it, would be great.
I still have other kinks to work out, such as issues with the WP Flowplayer Plugin – on our secure site, it works on a desktop, but not on a mobile (it did before).
Even though Google is pushing for all sites to become secure, it seems as if the tech isn’t quite yet there, or at least easy to put into place.
Ah!
I used https://www.whynopadlock.com/ and studied the page. But … If you have “WordPress HTTPS” installed and active, the only thing that I’ve had issues with are:
1) Plugins that hardcode in http (boo)
2) Images in backstretch I’d set up before I switched over: http://halfelf.org/2014/ssl-for-one-domain-on-multisite/
