WordPress SSL htaccess code – Rewrite SSL, RewriteCond Server Port

Home Forums BulletProof Security Pro WordPress SSL htaccess code – Rewrite SSL, RewriteCond Server Port

This topic contains 107 replies, has 18 voices, and was last updated by  AITpro Admin 6 months, 4 weeks ago.

Viewing 15 posts - 16 through 30 (of 108 total)
  • Author
    Posts
  • #7290

    Andre
    Participant

    Wow, thanks. This works like a charm on the site where I had the problems with.

    Great work (some research was needd, though, so might have been easy for you, but for me never, anything I tried before made my site unavailble)
    Thanks Mister.

    #7291

    AITpro Admin
    Keymaster

    Yep, I was curious about SSL in general since I do not use it on any sites, but wanted to know what works and what does not with SSL. It was interesting setting up the XAMPP testing environment. Always fun to figure out something new.

    WP Thread:  http://wordpress.org/support/topic/wordpress-https-entry-of-url-with-and-without-www-doesnt-lead-to-https#post-4359112

    Environment: XAMPP
    WordPress General Settings:
    WordPress Address (URL) https://demo.local
    Site Address (URL) https://demo.local
    Self created OpenSSL SSL Certificate using XAMPP /apache/makecert.bat file.
    No changes were needed in the XAMPP httpd-ssl.conf file.
    No changes were needed in the XAMPP httpd.conf file, but this module needs to be loaded (uncommented): LoadModule ssl_module modules/mod_ssl.so
    Note: extension=php_openssl.dll in the PHP server’s php.ini file must be uncommented or ssl will crash Apache.
    vhost configuration in XAMPP httpd-vhosts.conf file:

    <VirtualHost demo.local:443>
        ServerAdmin postmaster@localhost
        DocumentRoot "C:/xampp/htdocs/demo"
        ServerName demo.local:443
        ServerAlias demo.local
        <Directory "C:/xampp/htdocs/demo">
       	Options Indexes FollowSymLinks Includes ExecCGI
        	AllowOverride All
            Require all granted
        </Directory>
        SSLEngine on
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile "conf/ssl.crt/server.crt"
        SSLCertificateKeyFile "conf/ssl.key/server.key"
        <FilesMatch "\.(cgi|shtml|phtml|pl|asp|php)$">
           SSLOptions +StdEnvVars
        </FilesMatch>
         <Directory "C:/xampp/cgi-bin">
           SSLOptions +StdEnvVars
       </Directory>
    </VirtualHost>

    WordPress Rewrite Loop Start .htaccess code.

    # WP REWRITE LOOP START
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]

    WordPress Rewrite Loop start with https rewrite code incorporated.

    # WP REWRITE LOOP START
    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTPS} !=on
    RewriteCond %{SERVER_PORT} ^80
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
    RewriteRule ^index\.php$ - [L]
    #11768

    Roberto Gomez
    Participant

    [Topic has been merged into this relevant Topic]
    I need put this code, to force SSL but the Bullet Pro modify the .hacess how I can Include this code in the hacess File Editor ?

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://goldchartsrus.net//$1 [R,L]
    
    </IfModule>
    #11771

    AITpro Admin
    Keymaster

    @ Roberto Gomez – Your post has been merged into this relevant Forum Topic. The link below goes to a post above with the answer.
    http://forum.ait-pro.com/forums/topic/wordpress-ssl-htaccess-code-rewrite-ssl-rewritecond-server_port/#post-7233

    #11928

    Roberto Gomez
    Participant

    Perfect works perfect

    #11931

    AITpro Admin
    Keymaster

    Great!  Thanks for confirming that it works.

    #12807

    AITpro Admin
    Keymaster

    Post Manually Moved to this relevant topic

    I am new to wordpress, I have multi sites setup and a ssl cert (private) on the server. I have installed plugins in order to make my site 100% ssl but it will not take affect, I think this is because I have installed free bulletproof. Can I get help with some additional code in full (as newbie) for force my entire site into https. This if the only think thats holding me back from going pro as I am finding Bulletproof 100% +.

    #18431

    Jose
    Participant

    [Topic has been merged into this relevant Topic]

    Hi,

    After updating to BP 9.7 I have found a problem. My site works with a SSL certificate that I use for admin pages and some other posts. BP is installed on https address. After 9.7 update if you watch any page at http mode, the theme is not shown. At the configuration page WordPress url is http and root url is http too and I’m using WordPress Https plugin

    What can I do? Thanks

    #18434

    AITpro Admin
    Keymaster

    Nothing changed in BPS Pro 9.7 that is related to HTTP/HTTPS/SSL.  Check that the WordPress https plugin is setup correctly.  Check things like your htaccess code.  Do the BPS Pro troubleshooting steps below to confirm, eliminate or isolate the source of the problem.  Check your Security Log for any clues.  Post any relevant clues after doing the troubleshooting steps and checking your Security Log.  Also please explain your entire setup with exact specific technical details.

    http://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting

    #18445

    Jose
    Participant

    These are the steps I made.
    -Delete wordpress https plugin. Insert the codes above this topic instead of the existing ones. Then I checked the non-secured pages and nothing had changed. The theme design was only displayed at https urls.
    – I returned the primary codes at the respective boxes and tried two different plugins to force https all site but it didn’t worked either.
    – Then, I re-installed wp https plugin and went via ftp to the plugins folder because I remembered that these two days before I changed some permissions. Among these changes I had set 700 permissions to the plugin folder wp-minify-fix, which I’m thinking that lately is not working well, and now set the permissions into 701, together with google custom search plugin (700 to 701, too) . Probably is not a good idea to maintain this minify plugin because it has not been updated for a long time. Immediately after this action, everything worked fine.

    By the way, deleting and installing plugins I check the cURL Scan and the result shows these two plugin firewall whitelist rules:

    /wp-minify-fix/cache/4cxx93f4fexxx34a66062c7ecxxxxx.js, /google-custom-search/js/gsc.js

    but my saved list is this one

    /google-custom-search/js/(.*).js, /cookie-law-info/js/(.*).js, /wp-minify-fix/cache/(.*).js

    I think it’s rightly whitelisted so I don’t know why the two references appear (in black letters).

    #18446

    AITpro Admin
    Keymaster

    Well done on figuring out what the issue/problem was!

    I generally use 705 folder permissions on my sites and in some special cases 700 folder permissions.  I have never tried 701 folder permissions before, but will look into that.

    The cURL Scan results will show the literal plugin script path.  It is recommended that you always choose to use RegEx code (.*) so that in cases where a plugin script name or version number changes with each new plugin update then the Plugin Firewall whitelist rule will still whitelist that plugin script even if the exact literal name has changed.

    The next version of BPS Pro will focus on increased Plugin Firewall automation.  The goal is to have a check that automatically detects when a new plugin script needs to be added to the Plugin Firewall whitelist text area and display a message such as this example message:  “Plugin Firewall whitelist rule:  X needs to copied and pasted to the Plugin Firewall Whitelist Text area…”.  This will eliminate the clunky step of having to manually rescan for new plugin scripts when a plugin is installed.  We are not 100% sure what should happen with the New Plugin installed Dismiss Notice when a new plugin is installed.  ie whether to keep as extra insurance or change the displayed message or just get rid of it altogether.

     

    #18447

    Jose
    Participant

    As every plugin has different funtions, it’s difficult to prefix a standard value of permissions, but execution ones for the world are sometimes neccesary because some plugins use this way of external support for scripts or css.

    About the checking that automatically detects when a new plugin script needs to be added to the Plugin Firewall whitelist, an option could be “When resolved, dismiss here”. Anyway, that’s a good idea.

    #18448

    AITpro Admin
    Keymaster

    That is a very good idea since it would cover all the bases.  Thanks for that. 🙂

    #21273

    jenni101
    Participant

    Hi,

    Just to clarify the above (as I’m a newbie to SSL sites) – if i have a new w/p install with a SSl cert (and BPS pro installed) should I add the code you’ve mentioned here earlier into my .htaccess file or is it not needed?:

    # WP REWRITE LOOP START
    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTPS} !=on
    RewriteCond %{SERVER_PORT} ^80
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
    RewriteRule ^index\.php$ - [L]

    I’ve also found a suggested edit for the wp-config.php is this necessary too?:

    Edit your wp-config.php file and add

    define('FORCE_SSL_ADMIN', true);

    Cheers.

    #21274

    AITpro Admin
    Keymaster

    Yes, that is correct.  No, I don’t believe you need the additional Constant in your wp-config.php file.

Viewing 15 posts - 16 through 30 (of 108 total)

You must be logged in to reply to this topic.