I can enter to my site by typing, for example: http://home.com or and it works good, but if I go to https://home.com/example , syles and links (no imgs) refers to http, also the ssl certificate doesn't aprove.
P.S. I use header.php tamplate for home and other pages
p.s.s. Also i change addresses in admin-panel and DB
Sorry for my English!
If you do not use Cloudflare you can use the plugin: WP Force SSL, so that you redirect all the files (CSS, JS, etc) to https.
What I would do is put the site behind Cloudflare and make a page rule to always use HTTPS by default, that should take care of it by enforcing SSL.
Related
I have recently moved my WordPress website from HTTP to HTTPS.
But when i load my webpage with HTTPS the stylesheets doesn't load due to mixed contents . what are the changes i need to do to get it work.
I am using AWS Certificate manager with ELB .
I followed this tutorial and now my admin panel is not loading as well with an error of ERR_TOO_MANY_REDIRECTS
Please Assist
Make sure all of your CSS links are called with HTTPS. Check your console, it will tell you which url are problematic.
Make sure all of the links in your .css files are in HTTPS too, or relative path (background-image urls, fonts urls etc.)
Try to use this Wordpress plugin, it will fix all of yours links.
I have a reverse proxy server F5 standing in front of Apache web server which hosts my application - http://example.net/documents/.
F5 which is my organization reverse proxy server is out of my reach as it is managed by admins and they recently implemented HTTPS for my site which changed my site from HTTP to HTTPS.
All worked good except that my entire site content also got changed to HTTPS including any absolute HTTP external url references which were part of site content also got changed to HTTPS. So, my biggest concern now is to preserve original protocol of my site content(specifically, the external link references like jquery etc. under my site content).
I am confused as to how I can address this as reverse proxy server is not in my reach. Is there anything that can be done on Apache web-server to preserve original protocol of any absolute urls by bypassing reverse proxy server's HTTPS implementation? I am not an expert on this. Please help!
First: You of course should always use https for everything. If you site is accessible through https (through the F5) and you reference js files through http:// many browsers will throw warning about mixed and insecure content. Especially jquery and all other JavaScript modules should perfectly be available through https, so i dont really see an issue here?
Second, no, you wont be able to bypass the content rewrite of the F5 Loadbalancer; You could of course hack something that dynamically concats the urls through javascript or something like that, but that is hacky und subject to fail.
Maybe i could help you better if you give an actual example on where you got a problem with https?
I'm trying to change the URL for my site, by going to settings in wp-admin and changing both site url and wp url.
All seems well after I save changes, I'm able to navigate around my blog using the new url. However when I try accessing wp-admin I'm getting a redirect loop. I can still access the wp-admin login page with the old url admin site. In order to access my admin page again I have to login to my DB and reset both urls.
I've also tried to add this code with my urls to my wp-config file
define('WP_HOME','http://www.sample.com');
define('WP_SITEURL','http://www.sample.com');
Other information about my setup:
Openshift is hosting wordpress with the quick start app and proper alias have been added to my app.
Cloudflare is managing my DNS
I wouldn't think either of these factors would be the issue because the site wouldn't work at all if one of these were misconfigured, but at this point I'm drawing a blank. Was thinking maybe it might have something to do with wordpress forcing SSL for wp-admin?
Found It!
I love how when you gather all the information to ask a proper question it seems to line you up for the solution.
I'm also using http://wwwizer.com/naked-domain-redirect to redirect naked domain request to www using an A record in my DNS. All I had to do was turn off cloudflare's protection to this DNS entry.
I'm trying to set up a Wordpress Multisite network on Google App Engine. I have the install up and running, and am mapping custom domains for each site with the help of this plugin. I'm using Wordpress 4.0.
The domain mapping works, in that when I navigate to the custom domain it pulls up the corresponding site, but when I try to access any admin pages from the custom domain, I get an SSL error. I gather that this is due to Google's not allowing custom domains to access GAE apps via SSL, and so I've been trying to fix this by redirecting all requests of the form mycustomdomain.com/wp-admin/(.+) to myapp.appspot.com/wp-admin/\1.
My rationale for trying this is that myapp.appspot.com/subsite/wp-admin/ works just fine, but mycustomdomain/wp-admin does not, despite the two pointing to the same location.
Unfortunately, I haven't been able to figure out how to do this redirection properly. I've tried adding redirect rules to the .htaccess file with no success. I've also tried messing with app.yaml handlers, but this, too, yielded no results.
Also worth noting is that I attempted to force all requests to go through http (as a hackish, temporary workaround) via this plugin to no avail.
I'm new to working with servers, and any help would be much appreciated. I'm not even sure that redirection is the right solution, so I welcome any other suggestions. I can supply pertinent code if needed. Thanks.
EDIT: I could go through Google's custom domain registration process via Google Apps and get an SSL certificate that way, but my app will eventually be used by a large number of independent sites that I don't control, so that solution won't work.
I have been trying to achieve something similar on a regular server and not on GAE, so I'm not sure this will apply to you...
Isn't the 4th option of the Domain Mapping what you're looking for? In the WP network administration, go to Settings > Domain Mapping, then you can tick/untick the 4th option :
4. Redirect administration pages to site's original domain (remote login disabled if this redirect is disabled)
This will allow you to use a custom domain to access a site and its wp-admin interface, allowing SSL certificates to validate since the domain stays the same.
I have this web site for a customer and that their site is not resolving for https now i have set-up exactly same as other site does ssl require dedicated ip address could that be the reason this is not securing it says some elements are not securing
https://www.englishandproud.org/donate/
you should include all external files using https.
The following are being fetched using a non secured url:
http://www.britainfirst.org/wp-content/uploads/it-file-cache/builder-core/script.js
http://www.britainfirst.org/wp-content/plugins/wp-slimstat/wp-slimstat-js.php?sw=1280&sh=1024&cd=24&aa=0&id=227df&ty=0&sid=170f91a4d79c0eb180ebde832415db7d&bid=0&pl=java|flash|mediaplayer|
http://www.britainfirst.org/wp-content/uploads/it-file-cache/builder-core/javascript-footer.js
The following three files are being loaded over standard HTTP. They look to be part of one of the plugins you're using for your site.
http://www.britainfirst.org/wp-content/plugins/wp-slimstat/wp-slimstat-js.php?sw=1152&sh=864&cd=24&aa=0&id=227de&ty=0&sid=91f95638b19dadc52127c4d4d9f59ca0&bid=0&pl=java|acrobat|flash|mediaplayer|silverlight|
http://www.britainfirst.org/wp-content/uploads/it-file-cache/builder-core/javascript-footer.js
http://www.britainfirst.org/wp-content/uploads/it-file-cache/builder-core/script.js
The following two elements on your page are accessed with http:// and not https://:
http://englishandproud.org/favicon.ico
http://englishandproud.org/wp-content/themes/BuilderChild-Default/images/favicon.ico
Please update those links or remove the reference to the protocol altogether like:
//englishandproud.org/wp-content/themes/BuilderChild-Default/images/favicon.ico which will work for both secure and non-secure connections.