Able to access both HTTP & HTTPS

  • Resolved Sean

    (@sean-h)


    5 years, 10 months ago

    The problem has since been solved courtesy of live chat support, but I wanted to dig a bit deeper in order to know just how this could happen in the first place and what to look out for in the future.

    The main reason you want either http or https, and not both is this causes duplicate content, something Google doesn’t like, and we have been wondering why some of our rankings have dropped a little over the last few weeks.

    Even though the toggle in the SG Optimizer plugin was set to force HTTPS, I was still able to access (the front of) my site via HTTP. I checked the .htaccess file and the force rule was and still is there, as set by the plugin. Weird thing is this problem was not site wide, I could only access the home page via https no matter what, but when I removed the s from the url of any post or pages I was directed to http, and was no longer logged into WordPress as I have configured WP to only serve the dashboard over https.

    As it turns out, the toggle in Let’s Encrypt settings in cPanel was off, for some reason. I know I didn’t turn it off, but what I did do was add a wildcard, so I could also access a staging copy securely. This I did a few weeks ago, and my theory is that this is what might have caused the LE setting in cPanel to switch off.

    I also recently switched to php 7.3, and moved the domain to another registrar, but I can’t imagine how those things might have had anything to do with it.

    Any ideas?

    Many thanks.

    • This topic was modified 5 years, 10 months ago by Sean. Reason: Added more info
Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Hristo Pandjarov

    (@hristo-sg)

    SiteGround Representative

    I believe that this is caused by another pluing adding lines or manual entries in the .htaccess file.

    The .htaccess file gives instructions to the Apache server directly. It does not care about which plugin has generated those lines or whether you even have an SSL or not. This said, unless something is breaking / overwritting the rules we add to it, there’s no way you can load your site through HTTP.

    If you manage to show me the URL so I can recreate the problem, I will be able to tell you exactly what’s wrong but I assure you that we use the best way to force HTTPS and that rule is forcing hundreds of thousands of sites via HTTPS without issues. There must be some other rule preventing it from working.

    Thread Starter Sean

    (@sean-h)

    I have to run off to my day job, but in short: (sorry if I repeat myself, I’m in a hurry)

    I was able to load my site over HTTP today, with SG Optimizer force HTTPS toggle in the ON position. What was apparently allowing the loading from HTTP, according to SG live chat, was the toggle in the Let’s Encrypt section in cPanel was OFF. Why it was off is anybodies guess.

    Here is an http link to my home page: https://www.thetravellingchilli.com

    Can you load it or any other page on the site over HTTP?

    Will come back later with more info, such as what is in my htaccess file. At least the site seems fine from my end right now.

    Plugin Author Hristo Pandjarov

    (@hristo-sg)

    SiteGround Representative

    The custom rule you had to force WWW was breaking the HTTPS force rule. I combined both and now everything works just fine, you should NOT be able to access your site without WWW and HTTPS. I’ve checked it out and everything seems to be working fine but give it another look!

    Thread Starter Sean

    (@sean-h)

    Thanks Hristo,

    It seems to be working now.

    I have another interesting issue, but I’l open another ticket, as it is unrelated.

    I guess we can close this ticket.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Able to access both HTTP & HTTPS’ is closed to new replies.