We’re rather pleased to announce our second plugin for the famed WordPress semantic publishing system. It’s called Force SSL, and it’s a handy little thing. For those will an SSL certificate, this plugin forces an HTTPS connection for security purposes.
Perhaps you’re interested in the PHP scripting technique that makes all of this possible? Maybe you don’t feel like taking a look at the source code, and you’d like a little help right quick?
Force SSL simply redirects requests made via regular old http to requests for trusty new https, and that’s about it. Here’s the PHP code that makes this possible, with some small changes to allow it to run from outside of WordPress:
if($_SERVER["HTTPS"] != "on") {
$newurl = "https://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
header("Location: $newurl");
exit();
}
One could, if one wanted, place this snippet in their header and find that a user wouldn’t be able to, say, remove the s from their browser address. That would mean that your content would only be available via an SSL connection – provided that you actually have an SSL certificate and whatnot.
Hello,
I was trying your plugin Force SSL with no luck. I like to have only one page inside wordpress secure for a checkout. The problem is IE as it gives me the message "Do you want to display the non secure items as well".
Is there any way to avoid that? When I look into it than I see that the image files for the header and footer loaded from http even the page is https.
Thomas
I would prefer that you keep support questions in the forum. I hate it when people try to support plugins in their blog comments, because you can't keep track of anything that way.
However, this problem is a very and common one! You should check your page more closely to make sure that there are no images being called up without "https".
In your case, I'm seeing a lot of images being called up with non-ssl Amazon.com stuff. I'd start by double-checking that, and then diving deeper into your source code. As far as I know, using non-ssl stuff like images (any maybe css? i'm not sure.) on your page is the only possible source of this problem.
Good luck, sir!
I suggest that the opening statement in the function be:
if(!isset($_SERVER["HTTPS"])||$_SERVER["HTTPS"]!="on")
instead of:
if($_SERVER["HTTPS"]!="on")
so as to not pull errors (in error reporting) if it's not set (in some configurations it won't set this if it's not in SSL mode).
I also suggest that you list your plugin within WordPress's Plugin site to maximize your exposure.
thank you this worked as soon as I installed it. I was hesitant at first after reading all the comments, but it worked great.
Is there any set-up to do somewhere in the WPMU Admin to enable your "Force SSL" plugin?
I think I might have stumbled across a potential solution – I've used the "force-ssl" plugin with "HTTPS for WordPress" plugin and it seems to avoid the Force SSL looping redirect issues. Not sure why…but will see how it goes
I installed the plugin and the web I have stopped working. Now it gives me connection error. How can I fix it? I uninstall the plugin?
I've installed force SSL and now I get the error:
ssl_error_rx_record_too_long
I can't even delete the plugin through ftp to disable it.
Any ideas?
ssl_error_rx_record_too_long
i have error dont entry web page help me