We replace all instances of your hostname through http to https.
Disable the HTTPS Enforce from Site Tools and enable it through the SG Optimizer. The tool in Site Tools is designed for apps that are not easily configurable as WordPress.
Thread Starter
bclaim
(@bclaim)
Thank you for the reply. I have disabled HTTPS Enforce in Site Tools and am using the Force HTTPS feature in the plugin now only.
We will be looking to get an app developed for the website. I assume there should be no way to get around the HTTPS protocol (meaning to bypass the Forced HTTPS) once the HTTPS rewrite code is placed in the .htaccess by SG Optimizer? I am referring to direct HTTP requests to the API endpoints (as opposed to direct HTTPS) or would the Site Tools HTTPS Enforce feature be required for API/app use (to prevent any bypass of HTTPS).
Hope this all makes sense. Thanks.
Thread Starter
bclaim
(@bclaim)
Hi again,
Just did some quick tests using Postman and it seems a HTTP connection is possible (bypassing HTTPS), unless HTTPS Enforce is enabled in Site Tools.
The plugin adds rules in the .htaccess file and configures WordPress to properly work through HTTPS. Third party applications may require additional restriction. Not sure how Postman works, I’d suggest getting in touch with their support for additional info.
Thread Starter
bclaim
(@bclaim)
Okay, no problem. Here’s some extra info – this is also true when using the WordPress API through a web browser. Without the Site Tools HTTPS Enforce, it does not redirect to HTTPS (even with the redirect rules in place in the .htaccess).
