An admin input field on a website I'm working on has https://url.co.uk in it, but is outputted on the frontend as just http://url.co.uk. Any Ideas as to why this is happening?
I think the links in the database/wp-config are still in http.
You can do 3 things:
Force https through .htaccess : https://help.dreamhost.com/hc/en-us/articles/215747758-Force-your-site-to-load-securely-with-an-htaccess-file
get a plugin to force https: https://wordpress.org/plugins/wp-force-ssl/
Replace the http links to https in the DB and force https (step 1): https://github.com/interconnectit/Search-Replace-DB Use this to get it done
If this isn't the case, try to clear your cache
Please use the bellow code at your wp-config.php to avoid http/https issue :
if (isset($_SERVER["HTTP_X_FORWARDED_PROTO"] ) && "https" == $_SERVER["HTTP_X_FORWARDED_PROTO"] ) {
$_SERVER["HTTPS"] = "on";
}
Related
I am a beginner in PHP & i am in process of converting all my http links to https.
Following is my code footer.php
function css_generator() {
/* #footer_background_image */
.td-footer-wrapper::before {
background-image: url('#footer_background_image');
}
$td_css_compiler->load_setting('footer_background_image');
Where can i apply preg_replace function to replace http link with https?. The value of footer_background_image is always getting generated as http
Thanks
You're looking at this from the wrong way. Wordpress has built-in support for HTTPS for the backend, wich can be enabled in wp-config.php, and for the front-end, wich can be used by changing the URL in your admin->reading page.
If you have a bunch of hardcoded links rather than soft, Wordpress generated links, you can choose to use .htaccess to force the user to change to HTTPS.
Do note that HTTPS data can not be cached and this will may make your site slower for visitors. Depending on the type of site this can be a big deal.
I have a simple code in place for my php file to redirect to https if it's not present and I keep getting a too many redirects issue.
if(strtolower($_SERVER['HTTPS']) != 'on') {
redirect('https://domain.com/register.php');
}
Is there something I can do to fix the issue?
Thank you.
From PHP manual, $_SERVER['HTTPS'] is Set to a non-empty value if the script was queried through the HTTPS protocol. That isn't necessarily on. You may then end up in an infinite loop of redirects.
To avoid this, use the empty() function:
if ((!isset($_SERVER['HTTPS'])) || (empty($_SERVER['HTTPS']))
{
redirect('https://domain.com/register.php');
}
Note: Note that when using ISAPI with IIS, the value will be off if the request was not made through the HTTPS protocol.
if(!isset($_SERVER['HTTPS'])){
//redirect
}
We use varnish as our load balancer (among other things) but we get some strange behavior at the moment.
We have a script that gets called with some parameters, and depending on what parmas you pass, you get redirected to a different location using a 301 redirect (this it done with a php script and the header() function)
The problem is that the first time a URL is begin called the 301 redirect happens, but then the next time that same URL is called, you get a status of 200 OK, no redirect happens and just a white page is displayed.
I've added a session_start() to the top of the php script to try and stop varnish from caching the page, but nothing helped so far.
I've done some research regarding this issue, and saw that several people experience the same problem, but I wasn't able to find a solution yet.
How would I get varnish the stop caching the page?
Any help in the right direction will be appreciated.
Could you not exclude that url from the varnish cache?
Add something like the following to your default.vcl (or whatever your varnish config file is called).
sub vcl_recv {
if(req.url ~"^/thatpagethatredirects") {
return (pass);
}
}
This should stop varnish caching that url.
You could try finding the url that varnish is redirecting to and adding a query string with a randomly generated number to it.
Example:
<?php
$random_number = rand(10000, 99999999);
// This is what the redirect code MIGHT look like, but I doubt it.
header("Location: http://www.example.com/index.php?cache=$random_number");
?>
If you can find where the page is actually doing the redirecting and you add a random number query string, it should fix things. I have used this method of making sure images are not cached in the past and it always worked for me perfectly.
Oh, and if you can't find the redirect code that varnish is using itself. You could try adding this to the page that varnish loads after the 301 redirect:
<?php
$random_number = rand(10000, 99999999);
header("Location: NAME_OF_THIS_SCRIPT.php?cache=$random_number");
?>
Pretty much the same idea, just involves less hunting around. I'm not sure if this will break the load balancing function of varnish though.
This is rather awkward and is supposed to work correctly by default. Can you tell us what version of Varnish you are using and if you created a custom vcl file?
The bug was probably introduced in vcl_fetch. This should check for cacheability with checks like:
sub vcl_fetch {
...
if (req.status >= 300 ) {
return pass;
}
if ( ! obj.cacheable ) {
return pass;
}
..
}
I have a website that was written assuming http:// is one and only protocol forever. Now i bought a SSL certificate but when i visit site calling it with https:// i get info in browsers that part of site is insecure. As i found i have some JS, CSS and images and files that i refer to using http:// in the HTML of the site.
So what is best practice to enable full https? Should i change my website in every place when i refer to image, CSS or JS, check if site was loaded with http or https and load the resource with according protocol? It seems like a lot of work for me and bit error prone. Is there any other way, easier to make the whole site fully secure?
Rather than linking to your css, js, and images with http://yoursite.com/css/file.css just use relative paths such as /images/image.jpg and /css/file.css this way it will work with both http and https, also if you change domains or copy your content to another domain, you shouldn't have to change all those links either.
Use relative paths. If you are pointing to something that is on the same site as yours, then you should not be using http://
If for some reason you still need to have http:// then just switch them all to https://. An http:// will never complain because it is pointing to https:// stuff, but an https:// page will complain if it is pointing to non-https stuff.
If you are pointing to content outside of your control, on another site for example, then you need to hope that you can get at that content via https instead. If you can't, then you're hosed and you either need to live with the error, get the content from somewhere else, or proxy the content through your own https connection.
To complement #drew010 's answer, you could use other domains and still refer to the current protocol with //, something like:
<img src="/pics/home.png" />
<img src="//my-cdn.com/pics/info.png" />
The latter example will point to https://.. from https://your-site.com and http://... from http://your-site.com.
the best practice would be either using relative path rather than absolute but sometimes absolute is a better option so you can do the following :
as I can imagine you have a file called config.php or common.php (a file that stores your common used vars and you include it in every page), so put this code there :
function selfURL() {
$s = empty($_SERVER["HTTPS"]) ? ''
: ($_SERVER["HTTPS"] == "on") ? "s" : "";
$protocol = strleft(strtolower($_SERVER["SERVER_PROTOCOL"]), "/").$s;
$port = ($_SERVER["SERVER_PORT"] == "80") ? "" : (":".$_SERVER["SERVER_PORT"]);
return $protocol."://".$_SERVER['SERVER_NAME'].$port.$_SERVER['REQUEST_URI'];
}
function strleft($s1, $s2) {
return substr($s1, 0, strpos($s1, $s2));
}
and then you can assign a var called $http to get the value of the function like :
$http = selfURL();
and then whenever you want to include anything like images, css, etc do something like :
<img src="<?=$http?>images/sample.png" />
this method is reliable as it works in any situation.
so i want to do an external permanant redirect (301) from http://www.creya.com to http://creya.com.
i am not using apache but rather, abyss web server and i can't figure out the url rewrite rules. but i believe i could also do this at the app level with php.
i think wordpress does do this. i set http://creya.com/blog as your blog url and try to hit http://www.creya.com/blog; it redirects to http://creya.com/blog. i want to do the same thing.
any ideas how i can make this hijacking happen?
thanks in advance.
This should do it-
if($_SERVER['SERVER_NAME']!='creya.com')
{
Header("HTTP/1.1 301 Moved Permanently");
Header("Location: http://creya.com".$_SERVER['REQUEST_URI']);
}
try
if(substr($_SERVER['SERVER_NAME'],0,4) == 'www.')
header("Location: http://". substr($_SERVER['SERVER_NAME'], 4)
Long time since I coded php, so can't remember how to get the full path, read a bit here (http://php.net/manual/en/reserved.variables.server.php) and change the last $_SERVER['SERVER_NAME']