SSL encrypt entire site

  • Resolved Mr.Fitz

    (@mrfitz)


    8 years, 6 months ago

    I have a WP ecommerce site with woocommerce shopping cart.Caregiver-aid.com . Originally my SSL cert covered only my checkout page.

    One day I had a problem and had to reinstall the certificate. I got tech help from my hosting provider. After explainning the above and commenting that I would like to cover the entire site with the ssl he obliged by adding this code to my htaccess file.

    RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.caregiver-aid.com/$1 [R,L]'

    It works,.. but not that well. All you have to do take the S out of https and the site renders and un-encrypted page and continues unencrypted with additional pages till you reach the check-out page.

    Not only that, if you search Google for a product and go to my site’s search results product page,there’s no encryption. Seems you have to enter at home page or no encryption.

    I don’t want to say that the tech support was bad, he did fix my original problem. But I think forcing SSL coverage using that code in the htaccess file is a poor fix for encrypting the entire site.

    So I’m looking for some advice here, whats the best way to cover every page of my site with the ssl cert?
    Please keep it in layman terms. I am a self-taught site owner.

    Thanks for your help,

    Greg

Viewing 2 replies - 1 through 2 (of 2 total)

  • 1) You need to talk to the host for an .htaccess rewrite rule that works; different server setups require slightly different rules. It is possible to force SSL in .htaccess.

    2) But, you need to change http to https in the WordPress Address (URL) and Site Address (URL) parameters under General > Settings. This will mostly “force” SSL on the site without #1, but doing both is better.

    And, #3, you also need to change all the URLs in the database to SSL and check theme files for non-https links. An .htaccess rule (#1) does not retroactively change URLs in the database and in the theme, and neither does #2. This is the tool to use for the database: https://interconnectit.com/products/search-and-replace-for-wordpress-databases/ For the theme, you need to look in theme files for non-https links.

    It’s a bit complicated to do; see my SO answer for the same issue: https://wordpress.stackexchange.com/questions/185257/images-causing-mixed-content-with-ssl/185259#185259

    Basically, use the developer tools in Firefox (or Firebug) or Chrome or Safari or IE to see what’s loading insecurely on your site. I see insecure images (which the interconnect script will fix) and also fonts loading (probably in the themes functions.php file) that are not loading over https.

    Make a database backup before you make any changes to the database.

    If you can’t do the work yourself, consider looking for a reputable person on https://jobs.wordpress.net/ or https://directory.codepoet.com or https://upwork.com (FYI, it’s not a good idea to respond to work offers from random forum users who have read about your issues.)

    Thread Starter Mr.Fitz

    (@mrfitz)

    Thank you Mark, that’s a great help.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘SSL encrypt entire site’ is closed to new replies.