I have a site with this plugin installed. It seems to be doing ok, but it is also changing outbound links to https which is inappropriate in some cases.
]]>does not do anything
]]>After the most recent release only the main site can be used, attempting to access any sub-sites (subdirectory install) results in a loop to the reauthentication page.
]]>Was hoping this would do the trick for me but it doesn’t seem so.
I activated the plug-in, added the meta data and loaded my page. Good news is that it forced as SSL connection for the page, but not for the assets being loaded, so I’m still getting the semi-secure page behavior.
[EDIT: I found that the problem was related to a couple of things. First, a javascript being loaded by a plug-in. Second, the fact that I was logged in as admin. Fixed the js, logged out of admin and now am good to go ?? ]
]]>I installed and network-activated the latest WPSSL (WordPress with SSL), then as a quick test, hand-edited /wp-login.php and added in the right place
<meta http-equiv="force_ssl" content="true" />
Then I hit the login page and it’s not secured. Did I do something wrong? I did a “View Source” on the page and the meta tag is in place.
]]>When I set force_ssl to true the page gets into a redirect loop. I’ve tried disabling plugins but it seems that his happens even with all plugins disabled.
The page in question can be seen here (https://granadatheater.com/shop-2/cart/). Of course the force_ssl no set on the page at this time b/c it doesn’t work.
]]>I am building a new site which includes client financial information on some of the pages. Obviously, these pages need to use SSL so I was looking for a solution that allowed me to force HTTPS on only these pages and not the entire site. The WPSSL plugin worked pretty well but I ran into some issues with plugin components which enqueued scripts and style sheet links during the plugin init phase of WP startup. After doing some code analysis I discovered the problem stemmed from global constants which WP 3+ creates very early in the startup process.
The specific constants that where causing problems where:
These constants are defined within the function wp_plugin_directory_constants located in the wp-includes/default-constants.php file. These constants are used during initialization by several plugins that I am using. The plugins used the constants when enqueuing scripts for javascript and css files. Since my basic site (and the associated siteurl) use standard HTTP the scripts where enqueued using this base URL even when they appear on pages that are being FORCED_SSL by the WPSSL plugin. This caused mixed content security errors on all of my secure pages.
I looked for a solution that would allow me to hook into the constant definition process or would allow me to consistently update the links before they were inserted into the secure headers. I couldn’t find anything that seemed to work in all scenarios. In the end I had to hack the wp-includes/default-constants.php file as follows. Not the best solution but one that seems to correct the issue.
ORIGINAL CODE
-- snip --
function wp_plugin_directory_constants( ) {
if ( !defined('WP_CONTENT_URL') )
define( 'WP_CONTENT_URL', get_option('siteurl').'/wp-content');
-- snip --HACKED CODE
-- snip --
function wp_plugin_directory_constants( ) {
$siteurl = get_option('siteurl');
if($_SERVER['SERVER_PORT'] == '443') {
$siteurl = preg_replace('/http:\/\//', 'https://', $siteurl);
}
if ( !defined('WP_CONTENT_URL') )
define( 'WP_CONTENT_URL', $siteurl . '/wp-content');
-- snip --I am posting this in the event that someone else runs into the same issues and in the hopes that someone might know a “non-hack” way of resolving my problem.
]]>Let me try this again.. ??
Wanted say this is an awesome plugin!!! I have a client who has a Zen Cart site with WordPress for Zen Cart sideboxes enabled.. I was setting up her SSL certificate for the Zen Cart store only to discover that the SSL was spitting back all kinds of insecure content messages because of the WordPress for Zen Cart sideboxes.
I figured no biggie.. Just like I had to enable SSL on the Zen Cart side, I thought I could just update the WordPress blog to use SSL as well.. Imagine my surprise to discover only today that by default WordPress has no options for SSL as part of it native code.
So as a last resort, I was looking into adding code to disable the WordPress sideboxes during the checkout process as a workaround. It worked, but I wasn’t happy with this solution.. Then I decided to do a quick search for SSL plugins and found this little gem.. It works like a charm and no more insecure content messages!!! Thanks for this!!!
]]>Wanted say this is an awesome plugin!!! I have a client who has a Zen Cart site with WordPress for Zen Cart sideboxes enabled.. I was setting up her SSL certificate for the Zen Cart store only to discover that the SSL was spitting back all kinds of insecure content messages because of the WordPress for Zen Cart sideboxes.
I figured no biggie.. Just like I had to enable SSL on the Zen Cart side, I thought I could just update the WordPress blog to use SSL as well.. Imagine my surprise to discover only today that by default WordPress has no options for SSL as part of it native code.
So as a last resort, I was looking into adding code to disable the WordPress sideboxes during the checkout process as a workaround. It worked, but I wasn’t happy with this solution.. Then I decided to do a quick search for SSL plugins and found this little gem.. It works like a charm and no more insecure content messages!!! Thanks for this!!!
]]>Wanted say this is an awesome plugin!!! I have a client who has a Zen Cart site with WordPress for Zen Cart sideboxes enabled.. I was setting up her SSL certificate for the Zen Cart store only to discover that the SSL was spitting back all kinds of insecure content messages because of the WordPress for Zen Cart sideboxes.
I figured no biggie.. Just like I had to enable SSL on the Zen Cart side, I thought I could just update the WordPress blog to use SSL as well.. Imagine my surprise to discover only today that by default WordPress has no options for SSL as part of it native code.
So as a last resort, I was looking into adding code to disable the WordPress sideboxes during the checkout process as a workaround. It worked, but I wasn’t happy with this solution.. Then I decided to do a quick search for SSL plugins and found this little gem.. It works like a charm and no more insecure content messages!!! Thanks for this!!!
]]>