Is there another way besides forcing front-end SSL?

tompalmer · January 23, 2016, 12:05pm

Hi,

I had SSL forced on admin/login and transaction pages only, and that worked well, except BB developed issues. You suggested forcing SSL on front end also, which solved the problem with BB.

But making all pages and content secure is proving to be a time-consuming, whack-a-mole project. The plugins that do this don’t work completely, and create issues of their own.

I was set to launch, hosting portfolios on multisite before this came up.Thinking I may have to remove the Beaver but really don’t want to. And lots of content built on it.

Do you have any suggestions?

Thanks,
Tom

bencarlo · January 25, 2016, 6:28am

Hey Tom,

Did you set the WP and Site Addresses under Settings > General to use https? Doing so should automatically change all instances of http to https on your site. Is this not the case for you?

Also, I use the function below to force https all pages on the frontend. Just wondering if you’ve tried this method?

function force_https_all() {
  if ( !is_ssl() ) {
    wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], 301 );
    exit();
  }
}
add_action ( 'template_redirect', 'force_https_all', 1 );

Ben

tompalmer · January 26, 2016, 11:52am

Hi Ben,

Thank for the response. I don’t see that option in Settting > General on Multisite. Anyway, forcing both front/back end SSL is not the problem. The Domain Mapping plugin does this.

The problem is securing all content. Otherwise, the browsers give out those Danger! warnings. And a problem develops with blog comments with https and no green padlock. ‘Get a ERROR: please type a comment’ message.

Danny · January 26, 2016, 12:59pm

Hi William,

Have you seen this article - https://webdevstudios.com/2015/02/11/how-to-set-up-https-on-wordpress/

It may assist you. Let us know if it doesn’t.

Thanks,
Danny

tompalmer · January 26, 2016, 2:45pm

Hi Danny,

Yes, did see it. It’s about forcing SSL mostly, not securing content.

Am I the only one with this issue? What do other people do, go with a non-SSL admin/login? I posted this to Beaver Builders and no help…

Thanks,
Tom

Danny · January 26, 2016, 2:47pm

Hi William,

Is there any way you can provide a link to the site(s) so we can see the issue, please? Also, what plugins are you referring to?

Thanks,
Danny

tompalmer · January 27, 2016, 11:30am

Hi Danny,

Turns out my theme had some unique code in comments.php that was causing the SSL issue. (Wasn’t a problem on other themes.) Solved it by disabling comments.Now all front end is SSL with no issues.

Sorry, this issue wasn’t well-expressed…I confused them on Beaver Builders as well!

Danny · January 27, 2016, 12:51pm

Hi William,

Happy to hear your issue has been resolved and thanks for informing us. We appreciate it.

Thanks,
Danny