Proper SSL setup

  • Hello,

    I just cannot find a good explanation regarding SSL setup and WordPress. I have the SSL working by simply purchasing it and setting up 301 redirects for the entire site within .htaccess:

    RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L,QSA]

    However it seems that all images are loading as insecure https:// and breaking the ‘secure’ SSL status.
    Does anyone have any fully detailed advice for a proper SSL WP implementation?

Viewing 8 replies - 1 through 8 (of 8 total)

  • Hi Ben,

    You’ll find that assets are using the site url in the database, which when you set it up might have been just https://. You can change this in wordpress general settings but it’s probably better to find/replace the values in the database.

    I found a fairly comprehensive article that might help if you have any more questions: https://managewp.com/wordpress-ssl-settings-and-how-to-resolve-mixed-content-warnings

    If you mean images in posts or pages, then yes. Those are all hard-coded to whatever domain (including the protocol) that they were added as. so if you started out developing https://www.example.com when you added everything, then switched to https://www.example.com later on, all of the image links won’t change automatically.

    The solution is to look at one of the search-and-replace plugins out that, or my own favourite script here.

    Thread Starter BenRacicot

    (@benracicot)

    Great advice guys, thank you. I’ve used the find and replace script and it worked wonders very easily. It seems that my problem now lies with native WP functions (and some theme functions) that automatically utilize an https:// protocol.

    Guess I need to track them down… Any advice on those things?

    Core WP functions shouldn’t give you any troubles whether http or https, and I can’t think why a theme would either.

    Do you have any specific examples?

    You’re best bet could be to open all the *.php files in your theme and search for https://

    Something I’ve run into the past is that a plugin was checking a server variable for whether it’s https or not, and my server configuration stored that value differently. Might be worth considering.

    Thread Starter BenRacicot

    (@benracicot)

    Hey Joel,

    After the search and replace I am taking your advice on hunthing for https:// hardcoded URLs.

    A good example is the logo. The console gives us:

    The page at 'https://www.mysite.com/' was loaded over HTTPS, but displayed insecure content from 'https://www.mysite.com/wp-content/uploads/2014/05/mysite-logo1.png': this content should also be loaded over HTTPS.

    The function used to output the logo is theme_logo(); hmmm

    Ah that’s the problem, the theme is providing it’s own functions that don’t support https. Really you should be loading a logo in a theme using <?php echo get_template_directory_uri(); > or a function that accesses the media library.

    I’d suggest browsing through the theme’s functions.php and look for any hard coded http links as that function is definitely using one.

    Thread Starter BenRacicot

    (@benracicot)

    Wow, so I found this:

    https://core.trac.www.ads-software.com/ticket/15928

    Apparently it is a serious issue with SSL and wp_attachment_is_image always returning http

    The problem is, that these functions used:
    get_site_url();
    content_url( ‘uploads’ );
    will not return https://, if the site is ssl-optional.

    Well this stinks! lol

    There looks like there are a couple work around code examples in that ticket that you could use. Good luck.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Proper SSL setup’ is closed to new replies.

Tags