HTTPS / SSL: Securing a single page (e.g. orderform)

  • The Goal:
    Have wp-blog / website located on a normal URL (eg. https://www.mysite.de). BUT additionally have a subpage (maybe an orderform) that can be encrypted via ssl (eg. https://ssl-id.de/mysite.de/?page_id=16).

    The Problem:
    Worpress uses the value of a setting called “wordpress-adress” or “blog-adress” ( which is set during the install-routine or manually in the preferences ) to embed images or css into the site.
    This is leading to warnings when surfing to the encrypted orderpage due to elements not being load from the secure URL. So the user might get some warning like “everything you put in here can easily be monitored by 3rd parties”. This is not good, especially if you want them to put credit-card information in this form.

    The Solution:
    Ok. This one is a hack. You’ll need some PHP- Knowledge. But until wp finds a better way to handle single pages that need the safe data-transfer, this is how it worked for me:

    1. Find the “get_option()” function.
    In my case (version) it was located in a script called “functions.php” located in the “wp-includes” folder.

    2 Edit the return statement of get_option()
    I replaced the following code:

    return apply_filters( 'option_' . $setting, maybe_unserialize($value) );

    with

    // Arnski HTTPS Fix
	if(strpos($_SERVER['SCRIPT_URI'], "https")===FALSE) {
		return apply_filters( 'option_' . $setting, maybe_unserialize($value) );
	} else {
		return str_replace('https://www.', 'https://www.ssl-id.de/', apply_filters( 'option_' . $setting, maybe_unserialize($value) ));
	}
	//return apply_filters( 'option_' . $setting, maybe_unserialize($value) );
	// End Arnski HTTPS Fix

    Voilà! Now whenever customers come to the encrypted page – thus in the URL there is the “s” behind the “http” – every embedded element does get this prefix too.

    Note, in this case i was using a 3rd Party Certificate from a webhost called Strato, thats why it is neccessary to prepend the URL with “https://www.ssl-id.de/”.

    Have fun, kids.

    Arnski

Viewing 6 replies - 1 through 6 (of 6 total)

  • Yep, that’s one of the few ways to do it.

    Alternatively, you could dynamically set your WP_HOME and WP_SITEURL constants in wp-config.php.

    Jeremy’s method is a bit simpler IMO.

    Here’s the code I added to my wp-config.php file to get this done. (WordPress v2.3.2)

    // this block of code appends https: to the siteurl and home vars if we're on an https connection
if($_SERVER['HTTPS'])
{
	define('WP_SITEURL', 'https://www.mydomain.com');
	define('WP_HOME', 'https://www.mydomain.com');
}

    strangerstudios,

    I am in the same boat, I need a single page containing a form to be on a secure page, but not the rest of the site.

    how does the way you do it secure only the one page?

    I want to use WP 2.6… will this still work for me?

    Thanks

    Hi, I am also looking to have a v2.6 single page with ssl which will display the secure padlock symbol in browser window, can anyone help with this please?

    Many thanks…

    I’m with melvins and davgree… I can’t seem to figure out how to serve SSL from just a single page of the site. I’ve been trying and trying to get the right combination of mod_rewrite rules working in my .htaccess file, but none of them gets it just right. I believe it has to do with the WordPress rewrites already being done in the .htaccess. Can anyone help us?

    As usual, after 3 days of trying to find the answer, I found it minutes after I posted. Here’s my solution and it works… but I don’t know if there’s an easier way or if there are drawbacks to doing it this way, so any feedback would be appreciated. All I did was put this at the very top of my Page template (change the page name for your own page title of course):

    <?php
if ( is_page('make-a-donation') )
{
	if($_SERVER['SERVER_PORT'] != '443')
	{
		header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
	}
}
else
{
	if($_SERVER['SERVER_PORT'] == '443')
	{
		header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
	}
}
?>

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘HTTPS / SSL: Securing a single page (e.g. orderform)’ is closed to new replies.