Support » Plugin: Easy HTTPS Redirection » Not forcing external URLs to use https

  • Resolved geoffm

    (@geoffm)


    I’m aware that this has been raised before, but I’m not clear if there is a fix available. I want to use this plugin, which seems great to me. I have it running a test site at the moment. The issue is that I want to apply redirection on the entire site (which is pretty big) and will need to enable ‘Force resources to use HTTPS URL’, because there are lots of links in there. But I don’t want to force the use on external URLs, which on some pages we link to, and which are essential. Is there a way to exclude external URLs from being changed to https?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support mbrsolution

    (@mbrsolution)

    Hi, from what I read above your situation is a bit tricky. Unfortunately there is no option in the plugin to exclude certain links from changing if you enable the following feature Force resources to use HTTPS URL.

    Kind regards

    Plugin Author mra13

    (@mra13)

    Hi, Let me explain something on the external URLs. Some people get a little confused on this so maybe this explanation will be of some help.

    The external links (outgoing links) are not touched by our plugin. It only forces the URLs (static resources) that are used in an EMBED in your webpage. So lets say for example, you have embedded any image in your blog post. This image is coming from an external source. If that image URL is not using HTTPS then your full post is going to show the SSL warning (meaning its no longer a secure page).

    The way SSL works is that you can’t embed anything using non-https URLs if you want the page to be fully SSL secured. So things like images, JS files, CSS files etc that are embedded in your site must be in HTTPS. there is no other way.

    However, if you have a simple outgoing link to another site (for example a link to a reference page, an amazon product page etc.) and that link is non-https, that is totally fine. That link has no bearing in your page being SSL secured. So our plugin won’t touch that.

    geoffm

    (@geoffm)

    Hi, thanks for that explanation (and the very prompt feedback). But still, it would be easier if you could exclude certain pages, rather than having to include them. The site I am referring to is a gliding club. One of our pages embeds images from web cams, from a non-secure source. The plugin forces those images to https, which means they don’t work. Now, I don’t really care if that page isn’t secure. The problem is there’s a 100 or so pages on that site. So the only way I can make those images display is – I think – by not including them in the https redirection. But that means selectively choosing 99 pages to be re-directed, rather than choosing just one not to be redirected. That’s my issue.

    Plugin Support Alexander C.

    (@alexanderfoxc)

    Hi.

    The idea of the plugin is to make your site secure. Having links to non-HTTPS images makes the page insecure, which makes the whole plugin kinda useless.

    We have plans to add domains exclusion list for “Force HTTPS” option. E.g. you would be able to add “example.com” domain (where your images are) into this list and plugin won’t be replacing those links to HTTPS. This seems like something that can be used in your situation. But I cannot currently provide any ETA on this though.

    For your scenario, I would recommend to use WP CLI to replace all your inner site links to HTTPS. Google something like “wp cli http to https”. Then just don’t enable “Force HTTPS” option in the plugin and this should do it.

    But in general, I’d recommend to make all your images to use HTTPS. All modern browsers are already marking mixed content pages as insecure, and, over time, those marks will be more noticeable to the users. I understand the images are not hosted on your site, which is another problem BTW. Other sites may disappear without warning and this will break your website. So this needs to be addressed in complex.

    geoffm

    (@geoffm)

    No, I agree about the links to non-secure sites, you are absolutely right, of course. It’s just that we simply don’t have any choice at the moment. I don’t own the web cam external site, and can’t force them to make it secure though I will suggest it to them.

    Yes, the domains exclusion list would certainly solve my particular problem.

    I’ll check out the WP CLI one.

    Thanks for the fast responses, much appreciated.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Not forcing external URLs to use https’ is closed to new replies.