We Keep Coding

Mixed content error on my website after redirecting to HTTPS

Recently I have included an SSL certificate for HTTPS redirection for my lightweight e-commerce site. The site is built with an OSCommerce platform and what I need help with is fixing these kinds of errors (on console) appearing throughout the pages: Mixed Content: The page at 'https://voberhaat.com/' was loaded over HTTPS, but requested an insecure stylesheet 'http://voberhaat.com/oc-content/themes/bender/js/jquery-ui/jquery-ui-1.10.2.custom.min.css'. This request has been blocked; the content must be served over HTTPS.
The layout and design of the site are broken after the HTTPS redirection and I am trying to find the files where I can rewrite the HTTPS for the relevant contents it is asking for. In my server if I navigate to the corresponding paths and files, I can't figure out the URL, they don't simply exist there.
Someone could help me out regarding this?

Have you tried forcing https for your entire site via an .htaccess file?
Try creating an .htaccess file in your main directory and add this code:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

First: edit your includes/configure.php
set
define('HTTP_SERVER', 'https://<yoursite>');
define('HTTPS_SERVER', 'https://<yoursite>');
define('ENABLE_SSL', true);
Second:
Check header.php, footer.php, breadcrumbs.php for "http:" links

How to force WordPress to use HTTP, --not-- HTTPS after being configured to run as HTTPS on other server

How do I definitively and totally stop WordPress from rewriting all URLs from HTTP to HTTPS?
I need to set it up on a testing server and run there without an SSL certificate on an internal-only server so I can test PHP 7.2 which is breaking my live WP site with my plugin mix.
I have got a copy of the site on a different server but I simply cannot get it to STOP using HTTPS on every single link – it currently fails to load as it keeps requesting HTTPS but there is no certificate or set up loaded on the testing server to use HTTPS and apache isn't even listening on port 443 on that testing server.
Already changed the WP_HOME and WP_SITEURL in wp-config.php to refer to HTTP, and used the test server’s IP instead of the site domain name. Also put in
define(‘FORCE_SSL_ADMIN’, false);
define(‘FORCE_SSL’,false);
Dumped the DB to disc, truncated the live tables, then text-replaced all https://domainname.com occurrences with http://192.168.0.1 (for example) in the dumpfile, and reloaded every table’s data back into it to get rid of ALL references to “https” in any URLs in the DB.
Put this in my .htaccess (which DOES get parsed, as I can crash the testing server’s httpd by putting crud into it):
.
.
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
.
.
So:
The .htaccess deliberately rewrites any requests to port 443 or HTTPS to HTTP.
There is an index.htm and index.html that specify 192.168.0.1/index.php in the /var/www/html folder via meta refresh tags.
The wp-config specifies for WP_HOME and WP_SITEURL “http://192.168.0.1” and FORCE_SSL_* are set to “false”.
But still, referencing in a browser
http://192.168.0.1 or http://192.168.0.1/index.php
always results in
https://192.168.0.1
being rewritten in the browser address bar and then the browser just stops and reports the page as unreachable. Have cleared cache and can insert arbitrary “die(…” commands and see them render if I CTRL F5, so the browser cache is not a factor.
All I want to do is test if PHP 7.2 will break my site – on a testing server without HTTPS.
What is there besides .htaccess, wp-config.php and the associated MySQL database that still forces WP to HTTPS instead of HTTP when directly referencing in a web browser the testing server’s 192.168.0.1 IP?
I just need WP to -actually- use
http://192.168.0.1
and stick with that instead of each time making it https://192.168.0.1
Expected result is to not see URL rewriting in WordPress from http:// to https:// in the browser address bar on the testing server.
Stefan

Ok found the solution (at least partially) to this.
Had a plugin called "Really Simple SSL" loaded. Manually disabled this, and now the site is at least partially loading. Still have severe errors and mangled URLs that don't work, but at least it is not each time jumping into HTTPS.
Thanks for the replies!
Stefan

What are the steps i need to take while changing from http to https my Wordpress site

I need to change my whole site working on https instead http.I have changed http part of WordPress Address (URL) and Site Address (URL) to https from Settings->General but the whole site is down. What steps i need to perform to convert wordpress site from http to https. I have CentOS release 6.3 (Final) installed.

To make a website HTTPS, firstly get an SSL certificate for the domain, install it on the server and change the website permalinks from http to https.
Admin Setting:
Go to the admin dashboard.
Point you mouse over Settings and click General.
Where it says WordPress Address (URL) and Site Address (URL) replace the http:// part with https:// for both of them.
Click Save Changes
To easily enable (and enforce) WordPress administration over SSL, the constant FORCE_SSL_ADMIN should be set to true in your site's wp-config.php file to force all logins and all admin sessions to happen over SSL.
define('FORCE_SSL_ADMIN', true);
To setup a 301 permanent redirect, FTP/SFTP to your server and add the code below at the top of WordPress' .htaccess file.
RewriteEngine on
RewriteCond %{HTTP_HOST} ^yoursite.com [NC,OR]
RewriteCond %{HTTP_HOST} ^www.yoursite.com [NC]
RewriteRule ^(.*)$ https://www.yoursite.com/$1 [L,R=301,NC]
Change every instance of yoursite.com to your WordPress URL.
To inform Google about the change in URL, re-add your WordPress site to Google webmaster tool (but this time with https://).
Hope it will help.

What Techie Code said is correct...
Also Don't mention HTTP or HTTPS in your image path. Just keep it like //yoursite.com/img/image.jpg so it will keep track of http or https automatically. This is called as Protocol Relative URL's.
Check here The Protocol-relative URL http://www.paulirish.com/2010/the-protocol-relative-url/

All page across domain require HTTPS

I just bought SSL for my domain and the host installed it and now all pages are requiring "HTTPS". Is there a way to fix this globally and only display the https pages when I call for them?
Example:
example.com - wont work
https://example.com - works
I know I have to link to the pages I want secure with https, none of the pages are working though and host wont help.

it’s important to avoid this by
ensuring that every image, CSS and Javscript file on a secure
page is accessed using HTTPS. For content on the same domain it’s quite straightforward – you just need to use relative URLs. A relative URL contains the ‘offset’ URL that
needs to be applied to the page’s absolute URL in order to
find a resource.
A problem arises though, if you attempt to access a
resource from a different domain because you can’t use the
simple path-relative URL to access the resource. This often
happens when you attempt to use a third party service such
as Google Analytics or a third party Ajax library CDN.
Google Analytics solves the problem with its external
javascript file by recommending the use of this code to
dynamically switch protocols:
var gast = (("https:" == document.location.protocol) ?
"https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gast +
"google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));

Redirect from http to https
This bit will help you tremendously when you’ve not updated every single link in your site yet. You can just add a straight server level redirect from http to https.
In Apache you’d do something like this:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

You can force https acces with htaccess. Try the following:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
Please replace www.yourdomain.com with that of yours'
Note: Please do remeber to get your mod_rewrite ON for the server

How do I use PHP with SSL

My server provides SSL connections via https, although the certificate costs extra...
Is there anything that needs to be changed in the PHP code to utilize this protocol?
My site has:
ajax forms via POST
regular forms and pages using POST and GET parameters
Session variables

You should be good to go. PHP does not impact the use of SSL or not.
Things you should check are:
Are all URLS in you application relative (no http://)
Are assets (CSS/JS/IMG) used in your site (both from internal and external sources) also as relative paths or prefixed with https://
Having an asset without https:// in a SSL powered site, the browsers will warn you visitors that something ain't right.

you can use the server .htaccess file to redirect all your links. So when the standard page is opened via say a link the server redirects to the https version...
# Permanent reirect ALL old pages to HTTPS:
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Other than any hard-coded URLs, no, your code shouldn't know about the difference, nor care.

I'd have to say the same as mvbrakel, but as far as session cookies/cookies you will want to turn on HTTPS only if you are using https on ALL your pages.
Also adding HTTP only to cookies, js scripts won't be able to check value and such.

The code does not need to be changed, other than to change all links from http:// to https:// (seriously, don't forget that, else you aren't using SSL...)