WordPress HTTPS (SSL)
Force SSL Exclusively not working on multisites (15 posts)

  1. jessor
    Posted 4 years ago #

    I'm using this extension to force logins via HTTPS, but want pages and posts to redirect from https to http to avoid duplicate content (Force SSL Exclusively Setting).

    This works on the main site, but not on additional sites.

    Current WordPress Multisite with Domain Mappings. Everything else seems to work fine.


  2. jessor
    Posted 4 years ago #

    This is still the case for version 3.1.1 of the plugin.

  3. Mike Ems
    Plugin Author

    Posted 4 years ago #

    So you have a multi-site network where each site has it's own Dashboard and you've gone to each site's Dashboard and enabled that option for each site and it's not working for just your sub-sites?

  4. jessor
    Posted 4 years ago #

    That's correct. This setting does not seem to have any effect on sub-sites.

  5. Mike Ems
    Plugin Author

    Posted 4 years ago #

    I certainly can't reproduce that. I've used the plugin on a few multisites. For example, here's a sub-site using this feature and working https://blog.wordpresshttps.com/sample-page/.

    Are you sure it's not browse caching or something like that? Could you try setting up a fresh WP install on the same server, installing the plugin, and seeing if the problem persists?

  6. jessor
    Posted 4 years ago #

    Mhhh, it's very tricky to debug.

    I'm quite sure it has something to do with how WP Multisite, Domain Mappings and HTTPS are playing together. Let me give you some more details on the setup:


    server {
        listen  80;
        listen  443 ssl;
        server_name blog.example.org team.example.org;
        ssl_certificate /etc/ssl/startssl/blog.example.org.crt;
        ssl_certificate_key /etc/ssl/startssl/blog.example.org.key;
        root /var/www/blog.example.org;
        index index.php;
        location / {
            root /var/www/blog.example.org;
            index index.php;
            try_files $uri/ $uri /index.php?q=$uri&amp&$args;
            port_in_redirect off;
        # php via fastcgi
        location ~ \.php$ {
            fastcgi_index   index.php;
            fastcgi_intercept_errors on;
            fastcgi_param   HTTPS on;
            include         "fastcgi_params";
            fastcgi_pass    unix:/var/run/php-fastcgi.sock;
        # wordpress permalink rewrite
        if (-f $request_filename) {
        # uploaded files -> wp-includes/ms-files.php
        rewrite /files/$ /index.php last;
        if ($uri !~ wp-content/plugins) {
            rewrite /files/(.+)$ /wp-includes/ms-files.php?file=$1 last;

    Relevant entries in wp-config.php:

    define('FORCE_SSL_ADMIN', true);
    define('FORCE_SSL_LOGIN', true);
    define('WPLANG', '');
    define('WP_DEBUG', false);
    define('WP_ALLOW_MULTISITE', true);
    define('MULTISITE', true);
    define('SUBDOMAIN_INSTALL', true);
    define('DOMAIN_CURRENT_SITE', 'blog.example.org');
    define('PATH_CURRENT_SITE', '/');
    define('SITE_ID_CURRENT_SITE', 1);
    define('BLOG_ID_CURRENT_SITE', 1);
    define('SUNRISE', true);

    WP HTTPS Config in blog.example.org: http://imgur.com/wV4CO
    WP HTTPS Config in team.blog.example.org: http://imgur.com/VImRw

    Activated in Domain Mapping Settings:

    [X] User domain mapping page, [X] Redirect administration pages to site's original domain (remote login disabled if this redirect is disabled)

    Primary Domain for the team.blog.example.org subsite is team.example.org

    So, with this setup, everything works fine. The subsite dashboard redirects to https://team.blog.example.org/wp-admin/ like it should, too. The only thing not working is this:

    curl -I -k "https://team.example.org/2012/07/01/test-foo/"
    HTTP/1.1 200 OK
    Date: Fri, 20 Jul 2012 08:27:45 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: keep-alive
    Vary: Accept-Encoding
    X-Pingback: https://team.example.org/xmlrpc.php
    Set-Cookie: redirect_count=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
    Link: <https://team.example.org/?p=2544>; rel=shortlink

    where it should redirect like on the parent blog.example.org.

    I hope this narrows it down a bit?

  7. Mike Ems
    Plugin Author

    Posted 4 years ago #

    Not really, that's just confusing.

    You mentioned blog.example.org and team.blog.example.org in all your screenshots, and then you make a cURL request to https://team.example.org/2012/07/01/test-foo.


  8. jessor
    Posted 4 years ago #

    That's the domain mapping working.

    Primary Domain for the team.blog.example.org subsite is team.example.org

  9. Mike Ems
    Plugin Author

    Posted 4 years ago #

    When you're using an SSL Host that doesn't match your Site URL, the code never verifies that you're hitting the site over HTTPS from that host. It assumes that if your SSL Host doesn't match your Site URL, there's probably only one URL you can hit that site securely with, so it doesn't bother verifying. If you're SSL Host doesn't match your Site URL and the page is HTTPS, you're good to go. No redirect.

    I'm guessing http://team.example.org/2012/07/01/test-foo/ works as intended?

    I could add in a check pretty easily, but to date there's never been a reason to.

  10. jessor
    Posted 4 years ago #

    Yeah, that sounds about right.

    I think our setup here is not that unreasonable so supporting this usecase should make sense. WP Multisite plus Domain Mapping is tricky enough like it is ;)


  11. pescadito01
    Posted 4 years ago #

    please, say to this newbie how to setup the plugin in multisite domain mapping:

    a) is recomended enable the plugin to all the network or

    b) is nedded to enable the plugin in each subsite??

    best regards, pescadito

  12. Mike Ems
    Plugin Author

    Posted 4 years ago #

    I've never really used the Domain Mapping plugin. In the current version, the plugin is not running its installation process for each subsite when you do a Network Activate. This will be fixed in the next release. It will be out within a week if you'd like to wait.

  13. jessor
    Posted 3 years ago #

    Mvied, I see you committed some changes to the plugin repository already. Are you running trunk (3.2) on a production site already? I'd like to upgrade ;)

  14. plugins_lexblog
    Posted 3 years ago #

    We are having the same issue. We're on Apache and we have the most current version of this plugin. It's still redirecting when we try and login via the admin between the domain and sub-domain and the login fails. So if a fix was leveraged, it's not working with the most recent version of Domain Mapping on 3.4.2.

  15. gufranchorghay
    Posted 3 years ago #

    In my secured (SSL) site (after using WordPress HTTPS SSL plugin)
    every page works fine but,

    In footer I had given:

    Designer: HTTP://www.designersite.com
    on click it goes to HTTPS://www.designersite.com


    Please help?

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • WordPress HTTPS (SSL)
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic