Last week, I transitioned my website to SSL by using a plugin called Really Simple SSL.
It all went smoothly, however, I noticed that ever since activating the plugin and going SSL, my site lost 1/3 of its traffic, which was coming from external Tumblr links on my Tumblr blog that pointed at the http version of my website.
When I click on those Tumblr links now, I get a blank page that says:
{"error":"Redirect failed"}
Here's an example of such Tumblr link would be.
(Not including my actual website's domain here cause it is an adult site).
http://t.umblr.com/redirect?z=http%3A%2F%2Fexample.com%2F&t=YmY1YWYwZTI0MmU3YmQzNzEyYmJjN2MzYjY0NjJlZDk5ZTFlN2RmMCxPTGo3TU5iOQ%3D%3D
It occured to me that those hundreds of old links all point to the http version of my site, but for some reason, they're not getting correctly redirected to https as they should be doing.
The http to https redirect definitely works every other time, but for some reason, with old Tumblr URLs it doesn't.
Any clues on what could be the cause of this?
I already tried to tweak the settings of my site, like, for example:
Adding this to my wp.config.php file:
define('FORCE_SSL_ADMIN', true);
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';
Editing .htaccess manually with these lines:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
But alas, neither seems to have worked.
Is there a way I could fix this?
Again, the HTTP to HTTPS redirects work for literally everything, except those Tumblr URLs, which are, very unfortunately, a huge source of traffic for my site.
Related
Recently I have included an SSL certificate for HTTPS redirection for my lightweight e-commerce site. The site is built with an OSCommerce platform and what I need help with is fixing these kinds of errors (on console) appearing throughout the pages: Mixed Content: The page at 'https://voberhaat.com/' was loaded over HTTPS, but requested an insecure stylesheet 'http://voberhaat.com/oc-content/themes/bender/js/jquery-ui/jquery-ui-1.10.2.custom.min.css'. This request has been blocked; the content must be served over HTTPS.
The layout and design of the site are broken after the HTTPS redirection and I am trying to find the files where I can rewrite the HTTPS for the relevant contents it is asking for. In my server if I navigate to the corresponding paths and files, I can't figure out the URL, they don't simply exist there.
Someone could help me out regarding this?
Have you tried forcing https for your entire site via an .htaccess file?
Try creating an .htaccess file in your main directory and add this code:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
First: edit your includes/configure.php
set
define('HTTP_SERVER', 'https://<yoursite>');
define('HTTPS_SERVER', 'https://<yoursite>');
define('ENABLE_SSL', true);
Second:
Check header.php, footer.php, breadcrumbs.php for "http:" links
I've coded a website myself (html, css, a bit of jquery/javascript and php, with a database connection). It's in essence just a simple portfolio with text, a carousel of photos/designs/videos and some pdf files. So, no users are involved except a simple login for myself to upload additional photos or designs. These photos, designs and videos are saved in a simple database.
Whenever I go to my website in e.g. a safari browser, safari let's me know that the website is 'not safe' because I don't have a SSL certificate or .htaccess file. (So, my website is http://example.com and not https://example.com). However, it works perfectly regardless of the 'not safe' notification in the browser bar.
I've contacted the hosting company and they told me to create a .htaccess file and place it in the public_html folder.
This is the content of that file:
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
SetEnvIf X-Forwarded-Proto "https" HTTPS=on
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
However, when I add this to my public_html folder, my website simply doesn't work. When I go to example.com it correctly redirects to https://example.com, but I get this notification:
Not Found
The requested URL was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to
use an ErrorDocument to handle the request.
When I delete the .htaccess file, it works again (but is unsafe according to my browser).
The hosting company responded with: "we are not website builders so we can't help you with this", so I'm at a loss on how to fix this. Hence this post.
How do I fix this, without a cms to depend on?
The error is not on the code, it depend on apache configuration, if you have access to the server ssh, look this tool : https://certbot.eff.org/. if you're not, the hosting compagny have to resolve you're problem.
Currently I have my ssl forced on a pages where it is needed and it works great.
Problem is on all other pages user can click in address bar and add "https" causing some pages to load with error about mixed content etc.
Same happens if someone visits page with https link.
How can I use either worpress functions.php or htaccess file to force specific page URL to always use non-ssl version of website?
Edit:
I just don't see how suggested duplicate is a duplicate. There is no example of any htaccess code and post author seems to mention he managed to create some solution but without code this does not help me.
What I need is what would seem simple redirect like
https://domain.com/page1 -> http://domain.com/page1
Shouldn't something like that be possible with either htaccess or just wordpress functions.php?
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} ^/someurl
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]
above seemed to work for me.
Redirects from https to http just for /someurl
I currently have a site where users can login and do various things. The site uses SSL(HTTPS).
Is there a way to use .php or .htaccess to unsecure a specific link and any link connected (ie. (https://domain.com/unsecure, https://domain.com/unsecure/randominfinit)) unsecure?
But also would this work with a user being logged in to their account and be able to navigate out of /unsecure or /unsecure/randominfinit and still be logged in and not throw errors or browser errors or reduce security?
I have been looking everywhere for a solution for this and have not been able yet to find a solution.
The reason why I need to do this is because I am using iframe to load .swf content on my secure site that is hosted on another domain/server. If you have a better idea to deliver content using iframe with non-SSL content, please tell me - I am all ears.
As long as you have a valid cert you can go between http and https. This will check if the directory is unsecure and https then redirect to non https.
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/unsecure [NC]
RewriteCond %{HTTPS} ^on
RewriteRule ^(.*) http://example.com/$1 [R=301,L]
Let me know how that works for you.
my website has a log in by open id feature. When a user logs in for the first time using his/ her openid they are redirected to a create account page. I noticed just recently that one user when logged in using her google account created an account for the first time. However when she tried to log in again using the same google account - she was faced with creating a new account again. I checked the db and saw that although she used the same google account - the open ID urls which were retrieved are different?
EDIT===================
Thanks Kobi for the information - the issue is that I need to set up my website so it always opens with www prepended to it i.e. http://www.mysite.com and NOT http://mysite.com
Owing to this subtle difference google OpenID recognises the two urls as different urls!!! Help please
I realised its an htaccess thing however I googled a bit and found these htaccess commands:
RewriteCond %{HTTP_HOST} ^site.com [NC]
RewriteRule (.*) http://www.site.com/$1 [L,R=301]
However the problem is that when I use this in my htaccess it does forward and ensure the link reads as www.site.com however it messed up all the javascript links - actually I'm using url rewriting here as well... my whole htaccessfile is somewhat like this:
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .* index.php
RewriteRule !\.(js|ico|gif|jpg|png|css)$ index.php
AddType text/css .css
inclusion of the two lines messes up the url rewriting :( what do I do here
======================
Uh never mind I figured it out :) I was putting the two rewrite url lines at the end thus somehow overriding the other rewrite rules - putting them in the beginning fixed it :) thanks anyway
Google gives different URLs for different domains.
It is possible your user used a different URL each time to log in? Even www on the start of the url can change the code Google returns.