(I’m using WordPress HTTPS
plugin to force Admin
mode to run under HTTPS
.
Its fine for Admin Panel.)
But still, once i’m under HTTPS
mode, every front pages are broken because of, it is saying some front-pages Asset Files
are coming as normal HTTP
(without ‘S’) which are then getting blocked to load onto page.
Than resulted in rendering the page looking messy.
So to be more clear again,
- When i call the site in
HTTPS / SSL
mode .. some asset files, like:http://www.my-another-site.com/something.js
http://www.my-another-site.com/something.css
http://www.my-another-site.com/something.jpg
- … etc
.. are BROKEN. (Because i’m in https
mode and those above files are coming as http
)
So how to make WordPress to FORCE LOAD those whatever files?
(I DON’T CARE WHETHER IT IS SECURE OR NOT. Just want the site under https://...
to be rendering properly.)
If assets are enqueued properly they are using the exact URL they are enqueued with. If the protocol in URL is hardcoded that causes mismatch issues you are seeing.
For proper protocol support enqueued URLs need to be either:
//example.com/stylesheet.css
If you the links are coming from third party code you’ll have to unregister and re-register resource accordingly or (worst case scenario if queue is not used) rewrite the code / have original developer do it.
Here’s what I did to set up SSL for one of the clients.
1: Put this into
wp-config.php
in order to enable SSL on the admin side.2: Make sure in
Settings -> General
the URL in both fields is preceeded byhttps://
3: Put this snippet (modified from this tutorial) into
functions.php
in order for all the internal non-HTTPS links to be redirected to their HTTPS equivalents.I would recommend editing the .htaccess file or creating one.
Example including the default WordPress code:
If you are using AWS Load Balancers with SSL Termination this is what I did:
Assuming you have your AWS ELB configured to do SSL termination and forwarding traffic to your WordPress Target Group:
On
wp-config.php
:Source: https://blog.lawrencemcdaniel.com/wordpress-aws-elb-ssl/
Redirecting HTTP to HTTPS at the server-level (e.g. Nginx server block, or
.htaccess
if you’re using Apache-like servers) is always a good starting point for this.Likewise, if you’re using a proxy such as Cloudflare, you can also force redirect all requests to HTTPS within their SSL settings page. If you need to rewrite uncommon situations, such as some old
http://cdn.example.com
assets that your web server can’t manipulate, then you can use the Page Rules feature of Cloudflare and redirect those requests with such a rule:But none of these solutions address the problem of hardcoded internal hyperlinks or static assets that might still be called over HTTP, with code like
<script src="http://example.com/foo.js">
Over time, your team will probably need to manually update such assets wherever they are loading from, whether it be in theme template files, posts and pages, etc. Search/replacing the database for the absolute URLs can also help a bit, but will still fail to fix hardcoded assets in template files, and might also miss serialized data strings in MySQL if you’re not paying attention.
In most cases, force rewriting such “stubborn” assets requires a combination of on-the-fly javascript and/or targeting the enqueuing of these assets by WordPress. But, because so many web designers don’t follow best practices, it means that sometimes e.g. javascript is the only truly effective solution.
This is what some free plugins do, actually, such as Force HTTPS (my team’s plugin, although it hasn’t been updated in a while) and several others.