WordPress SSL htaccess code – Rewrite SSL, RewriteCond Server Port

Home Forums BulletProof Security Pro WordPress SSL htaccess code – Rewrite SSL, RewriteCond Server Port

This topic contains 107 replies, has 18 voices, and was last updated by  AITpro Admin 6 months, 4 weeks ago.

Viewing 15 posts - 76 through 90 (of 108 total)
  • Author
    Posts
  • #30589

    AITpro Admin
    Keymaster

    @ Jose – So did you try the htaccess code I posted above?

    #30590

    Jose
    Participant

    Sorry for the delay. It seems it’s working fine this new code you posted above. The delay is caused because I cannot see the images that I upload in the text editor now. They appear correctly in the post preview and in the public web that followers see, but I made something wrong, perhaps. All the post writen before these changes (I deleted HTTPS plugin today before contact you) show the images properly in the editor, but the new ones not. If I write a post, I cannot see the images I load (only a square and the name of the image). I’ve tried with different browsers.

    Otherwise, the image library is not showing images too. (Old and new). Only a few ones.

    I don’t believe the problem in this case the htaccess code. I think it’s working fine since I installed. ¡Queries OK!

    #30591

    Jose
    Participant

    There’s another problem I’ve detected now. I cannot end session. It appears a message that says that the page is nor redirecting properly. Also urls https don’t redirect to http. So I have to return to the old code.

    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    #30592

    AITpro Admin
    Keymaster

    Yep, thought something like that might happen.  https and http URL’s do not like each other when you are doing internal rewriting. Also if you have mixed https and http URL’s in the Source Code of a page then you will see infinite redirect looping errors and various other errors.  It is fine to do a direct link from http to https or vice versa, but when you do rewriting from the same site that is using both https and http then you would have additional custom stuff to get things working smoothly.  That is why it is just simpler to make the entire site SSL/HTTPS.  😉

    #30593

    Jose
    Participant

    So, you recommend that in this case it would be better all SSL. As incremental system, I guess that in case of migration I’d have to keep https or copy and paste all my posts texts (more than a thousand written by me) one by one.
    Would you try this verve ssl plugin I posted before, or will be better the .htaccess code directly?

    #30594

    AITpro Admin
    Keymaster

    Your posts are content that is stored in your database so they have nothing to do with your URL Scheme (http or https).  Well here is the thing.  If I needed to do what you are trying to do then I would figure out everything that I needed to do.  Since I have never done that before then I do not know everything that is needed to do this.  To keep things simple you can just make your entire site SSL or if you just want to have your wp-admin area SSL then you will have to figure out everything that is needed.  Nope, I would not use a plugin and would instead do everything with htaccess code and any custom PHP code that is needed.

    #30595

    Jose
    Participant

    Ok, thanks for the support, again. I’m going to figure it out. I’m sure the best is keeping things simple so I’ll do it with htaccess code, and very probably all website https will be the best solution.

    #30596

    Jose
    Participant

    However, I’m gonna research possible ways to add code for keeping all website http except wp-admin, using (define…) at wp.config.php, and if I found something effective I’ll post it at this forum.

    #31806

    carsafety
    Participant

    [Topic has been merged into this relevant Topic]
    Hello,

    I recently changed my wordpress to https using the popular Really Simple SSL plugin.

    Everything seems to have worked OK, except a couple issues with BPS Pro.

    First, BPS settings no longer show in the admin dashboard.  I see the BPS Pro options on the left column, the status bar and the alert warnings, but none of the settings appear below that.  All of my other plugins seem to be working OK.

    I have deactivated and re-activated BPS Pro but that didn’t help.  Any ideas?

    Once I have BPS working again, I have some followup questions about entering the https rewrite code into the htaccess editor.  I’ve read  your faq and the one from really simple ssl and the suggested code varies a little and I want to make sure I don’t mess it up and get stuck with a loop or something.

    #31808

    AITpro Admin
    Keymaster

    @ carsafety – You don’t need to install another plugin to change or Rewrite your website from http to https.  Click this link for the steps to change your website from http to https:  https://forum.ait-pro.com/forums/topic/wordpress-ssl-htaccess-code-rewrite-ssl-rewritecond-server_port/#post-7233

    Important Note:  If you have BPS Pro installed then you will need to request a new BPS Pro Activation Key for your website after you have changed your WordPress General Settings.  The BPS Pro Activation page is located under the BPS Pro > Setup Menu > Activation Submenu.

    #31809

    carsafety
    Participant

    Thank you, it appears the validation issue was causing the problem.

    Really Simple SSL adds some additional things to resolve mixed content warnings.  For some reason, if I just do your steps, I have some pages that load as insecure, apparently due to http://carseatblog.com image resources from my wp-contents/uploads folder.

    I’m at a loss how to correct these, as I thought internal links would be corrected and/or redirected automatically with the WordPress settings and htaccess redirects.

    #31810

    carsafety
    Participant

    Update, I think part of the issue is that the redirect works as expected on the homepage but not necessarily on posts or other pages.

    For example, http://www.carseatblog.com goes to https://carseatblog.com as expected on the home page and posts/pages.
    But http://carseatblog.com does not redirect to https://carseatblog.com on posts or pages, only on the homepage.
    For example, this does not redirect to https:
    http://carseatblog.com/safest-recommended-car-seats/
    This is the snippet I put into the custom code wp rewrite loop start section:

    # WP REWRITE LOOP START
    # Rewrite|Redirect http to https|SSL & www to non-www
    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTPS} !=on
    RewriteCond %{SERVER_PORT} ^80
    RewriteCond %{HTTP_HOST} ^www\.carseatblog\.com$ [NC]
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
    RewriteRule ^index\.php$ - [L]

    And this is the snippet suggested by Really Simple SSL and my hosting service:

    RewriteEngine on
    RewriteCond %{HTTPS} !=on [NC]
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    #31811

    AITpro Admin
    Keymaster

    When I use this URL: http://carseatblog.com/safest-recommended-car-seats/ WP Rocket cache sends me to this URL: https://carseatblog.com/wp-content/cache/wp-rocket/carseatblog.com/safest-recommended-car-seats//index.html. I assume you need to delete/clear all of your WP Rocket Cache and create new cache files.

    When I check this page using Google Chrome Developers Tools: https://carseatblog.com/compare/infant-carseats/ I see this mixed content error. What is strange is the URL for the image file appears to be hotlinked from the site shown in the error.

    VM3301:1 Mixed Content: The page at 'https://carseatblog.com/compare/infant-carseats/' was loaded over HTTPS, but requested an insecure image 'http://shop.clekinc.com/products/foonf?utm_source=car-seat.org&utm_medium=banners&utm_term=foonf&utm_campaign=car-seat.org+campaign'. This content should also be served over HTTPS.
    #31812

    AITpro Admin
    Keymaster

    I just checked this site:  https://shop.clekinc.com/ and it is using https.  So just change the URL from http to https to fix the mixed content error.

    #31813

    carsafety
    Participant

    I cleared wp-rocket cache and still had the same issue with http://carseatblog.com/postsorpages not redirecting to https://carseatblog.com/postsorpages .  All the other redirects seem to work as expected for homepage, posts and pages.

    On a whim, I replaced the redirect snipped with the one my hosting provider and really simple ssl suggested (at the bottom of my previous post).  This seems to be working as expected.  Is it possible there was a typo in your www to non-www snippet?

Viewing 15 posts - 76 through 90 (of 108 total)

You must be logged in to reply to this topic.