WordPress.org

Forums

WordPress HTTPS (SSL)
HTTPS when logged in HTTP when not (6 posts)

  1. Ian Anderson Gray
    Member
    Posted 2 years ago #

    I have "Force SSL Administration" switched on which works really well to force SSL for the WP dashboard.

    However I want to force SSL when logged in (pages, posts and admin) and to redirect to HTTP when not logged in (except for pages marked as SSL). I don't really want two versions of the site (SSL and non-SSL) to be available. Just SSL for logged in and non-SSL if you're not logged in.

    I'm finding that if someone logs in on HTTP they get redirect to HTTPS and they're not logged in anymore. I don't know whether there could be some incompatibility with the "Theme My Login" plugin? I am redirecting subscriber users to a "members page" on the website once they log in- they never see the WP dashboard.

    Thanks.

    http://wordpress.org/extend/plugins/wordpress-https/

  2. Mike Ems
    Member
    Plugin Author

    Posted 2 years ago #

    What are your Site URL and SSL Host? What other settings do you have enabled?

  3. Ian Anderson Gray
    Member
    Posted 2 years ago #

    I'd rather not list the URL at the moment as the site hasn't gone live yet.

    It's difficult to know what settings you might need for this. I've built a custom theme built on the Roots theme.

    Could you tell me what is supposed to happen with WordPress HTTPS? It looks like it doesn't do what I want to do out of the box.

    For the time being I've created my own work around by adding the following to my functions.php file:

    $https_URL = "https://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
     $http_URL  = "http://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
    
    if((strpos($_SERVER["REQUEST_URI"],"/login/") !== FALSE OR strpos($_SERVER["REQUEST_URI"],"/contact/") !== FALSE) && $_SERVER["HTTPS"] != "on") {
            header("Location: $https_URL",TRUE,301);
            exit();
    }
    
     // This forces logged in users to use HTTPS
    if (is_user_logged_in() && $_SERVER["HTTPS"] != "on"){
            $newurl = "https://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
            header("Location: $https_URL");
            exit();
    }
    
     // Forces not logged in users to use HTTPS (except for certain pages)
    if (!is_user_logged_in() && $_SERVER["HTTPS"] == "on" && strpos($_SERVER["REQUEST_URI"],"/login/") === FALSE && strpos($_SERVER["REQUEST_URI"],"/contact/") === FALSE){
            header("Location: $http_URL",TRUE,301);
            exit();
    }

    It's a bit of a hack, but it works. I'd far rather use the WordPress HTTPS plugin.

    Thanks!

  4. Mike Ems
    Member
    Plugin Author

    Posted 2 years ago #

    Force SSL Exclusively does exactly what it describes. Anything not forced to be HTTPS will be redirected to HTTP.

    If your SSL Host does not match your Site URL, it will not be possible to log into both HTTPS and HTTP at the same time. That's why I asked.

  5. Ian Anderson Gray
    Member
    Posted 2 years ago #

    I'm not sure how the plugin implements redirection- do you rewrite links from http:// to https:// and vice versa? If so, I am wondering whether it is the Roots Theme that is causing the issues. Roots makes all links site relative. This might mean that the HTTPS plugin won't work.

  6. Mike Ems
    Member
    Plugin Author

    Posted 2 years ago #

    Impossible to say without looking at it myself, really. It could be anything.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • WordPress HTTPS (SSL)
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic