Hi, I saw the the topic opened by Paul Bearne and titled “redirection loop with WPML”. It’s marked as resolved, but I still have that same problem.

My site is configured to work with HTTPS, and in wp_options table both ‘siteurl’ and ‘home’ options ad set to ‘https://www.mydomain.com’.

My site is multilanguage, using WPML plugin. Three languages are configured: https://www.mydomain.com/it/, https://www.mydomain.com/en/, https://www.mydomain.com/es/ and all is fine.

But when I activate your plugin, the browser start redirecting from https://www.mydomain.com/it/ to https://www.mydomain.com/it//it/ and then https://www.mydomain.com/it//it//it/ and so on. An infinite redirects chain.

By debugging your code I found that probably the problem is in lh-hsts.php on line 71:

if($this->current_domain == "https://". $this->domain || $this->current_domain == "https://". $this->domain){

because just before the first redirect above, the values of ‘current_domain’ and ‘domain’ are:

$this->current_domain: https://www.mydomain.com/it/
$this->domain: ‘www.mydomain.com’

so the two comparisons cannot be true.

Probably the WPML plugin change somehow the ‘home’ value returned by get_home_url() (line 47 of your code) so that the ‘if’ on line 71 always return false, so the ‘else’ branch is executed.
Here the redirect is built with $this->current_domain together with $this->uri, and uri is ‘/it/’ so the redirect url is: https://www.mydomain.com/it//it/

The same happens when the browser follows this redirect: $this->current_domain is the same as before, the ‘if’ is false, and a new redirect is built, but this time the $this->uri value is ‘/it//it/’, so the final redirect url is: https://www.mydomain.com/it//it//it/
And so on.

How to solve the problem?

• This topic was modified 3 years, 9 months ago by Carlo.
• This topic was modified 3 years, 9 months ago by Carlo.
• This topic was modified 3 years, 9 months ago by Carlo.

Hi,

I installed the plugin successfully. Now when I test my domain on
https://hstspreload.org/ it says my site still isn’t compliant. But https://gf.dev/hsts-test says it is so who should I believe?… And what to do next in order to actually enable HSTS?

Hi,

I installed the plugin, but after testing the website it is not HSTS eligible, why is that?

Thanks.

Hi i will like to ask if after installing this plugin is something else that i need to do, do i have to add any other code to my access file or something else i saw some codes but i don’t know if i must implement them after installing the plugin or if there is any setup that i need to configure… thanks!!

If your default web address (as specified in the WordPress settings) starts ‘https://www‘ then in order to be HSTS eligible, you need to preload example.com first before www.example.com and ensure that the http to https redirect happens before the non-www to www redirect.

Your plugin doesn’t do this.

It is in fact WordPress by default that is initiating the www redirect before the https redirect when the web address in the settings is set to https://www….

You’re only HSTS compliant when your website checks okay at https://hstspreload.org so that you can submit the form to browsers.

• This topic was modified 6 years ago by zigojacko.

Hi All

With WPML installed along with the LH HSTS when we tried to change the language we got into a 301 loop

domain.com/fr/fr/fr/fr/fr/fr/fr/fr/fr/fr/fr….

Paul

Hi Peter,
Thanks so much for creating this plugin. It is simple and does one job well. I did notice an issue though when using it on a site where WordPress core is in its own directory.

I am installing WordPress via Composer into a “wp” directory. I’ve defined WP_HOME to be my site URL and WP_SITEURL to have “/wp” appended to accommodate the relocated WordPress core location.

This plugin uses get_site_url(), which return the ‘siteurl’ value – in my case with the “/wp” appended causing a redirect loop on the frontend of the site.

Can you update the plugin to use get_home_url(), which returns the ‘home’ value instead?

This solved my issue. I was unable to find a GitHub repository for the plugin, otherwise, I would have made a pull request.

Cheers,
Andrew

The preload setting is calling a filter called ‘preload’ instead of ‘lh_hsts_preload’.

Just installed this plugin and it completely broke my website.

‘Too many redirects try clearing cookies’

Tried it again and the famous white screen of death…..

How can this be fixed?

Hey bud,

Not really sure how to use SVN so I don’t know if it’s possible to add a pull request here. Anyway, I’ve made some updates to your code so that it’s a bit more user friendly to read and use. Also added some documentation on how to update the variables.

https://github.com/asithade/lh-hsts