I have a WordPress theme I’m attempting to put on an SSL-only website. There is no non-SSL version of the site.
The WordPress theme uses various functions like bloginfo('pingback_url')
, bloginfo('template_directory')
, get_template_directory_uri()
, etc… All the typical functions for a theme.
All of these functions generate http
links, not https
, so therefore none of them load, since a non-SSL version of the site does not exist.
How do I force WordPress to use https
for EVERYTHING?
try installing this WordPress plugin. http://wordpress.org/extend/plugins/wordpress-https/installation/ but do read the installation instructions as it has some extra things to do after activating the plugin.
If your website is on a load-balancing service that handles SSL, then your server might not be getting anything in the server variable
$_SERVER['HTTPS']
, and$_SERVER['SERVER_PORT']
might be 80 when it should be 443 (see this Stack Overflow answer for details).If this is the case, and you can’t get your host to change that, then you might need to fudge it and tell PHP that it’s SSL anyway. Set your home and site URLs to use https, so that all URLs generated by WordPress come out as https URLs. Then drop this code into a plugin (here’s a ready-made one, drop it into your plugins folder and activate it):
NB: this can backfire on you, because you probably have code (in plugins or your own code) that checks to see if the page was loaded via SSL, and redirects if it wasn’t. Your server won’t be able to test this now! As such, you should also add some JavaScript to your page so that there’s some level of assurance that your secure pages will be loaded via SSL (this is also done by the ready-made plugin):
NB: this isn’t foolproof! However, it should catch most situations, an exception being someone who disables JavaScript and then edits the URL to force it back to http. If they do that, they maybe deserve to have their credit card credentials sold to Elbonia.