Force SSL Plugin
by Trevor Turk
We’re rather pleased to announce our second plugin for the famed WordPress semantic publishing system. It’s called Force SSL, and it’s a handy little thing. For those will an SSL certificate, this plugin forces an HTTPS connection for security purposes.
Perhaps you’re interested in the PHP scripting technique that makes all of this possible? Maybe you don’t feel like taking a look at the source code, and you’d like a little help right quick?
Force SSL simply redirects requests made via regular old http to requests for trusty new https, and that’s about it. Here’s the PHP code that makes this possible, with some small changes to allow it to run from outside of WordPress:
if($_SERVER["HTTPS"] != "on") {
$newurl = "https://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
header("Location: $newurl");
exit();
}
One could, if one wanted, place this snippet in their header and find that a user wouldn’t be able to, say, remove the s from their browser address. That would mean that your content would only be available via an SSL connection – provided that you actually have an SSL certificate and whatnot.
[...] Force SSL è un plugin che effettua un redirect al protocollo HTTPS invece di usare connessioni HTTP. Idea interessante per coloro che necessitano di maggiore sicurezza e dispongono di un certificato SSL. [...]
Hello,
I was trying your plugin Force SSL with no luck. I like to have only one page inside wordpress secure for a checkout. The problem is IE as it gives me the message "Do you want to display the non secure items as well".
Is there any way to avoid that? When I look into it than I see that the image files for the header and footer loaded from http even the page is https.
Thomas
I would prefer that you keep support questions in the forum. I hate it when people try to support plugins in their blog comments, because you can't keep track of anything that way.
However, this problem is a very and common one! You should check your page more closely to make sure that there are no images being called up without "https".
In your case, I'm seeing a lot of images being called up with non-ssl Amazon.com stuff. I'd start by double-checking that, and then diving deeper into your source code. As far as I know, using non-ssl stuff like images (any maybe css? i'm not sure.) on your page is the only possible source of this problem.
Good luck, sir!
I suggest that the opening statement in the function be:
if(!isset($_SERVER["HTTPS"])||$_SERVER["HTTPS"]!="on")
instead of:
if($_SERVER["HTTPS"]!="on")
so as to not pull errors (in error reporting) if it's not set (in some configurations it won't set this if it's not in SSL mode).
I also suggest that you list your plugin within WordPress's Plugin site to maximize your exposure.
[...] Monitor ??????????????/??/?????????? 7. Force SSL HTTPS?????? 8. Admin SSL ???????????? [...]
[...] Download | Home Page [...]
thank you this worked as soon as I installed it. I was hesitant at first after reading all the comments, but it worked great.
[...] Descargar | Página del plugin. [...]
[...] Download | Página del Plugin [...]
Is there any set-up to do somewhere in the WPMU Admin to enable your "Force SSL" plugin?
[...] Download | Página del Plugin [...]
[...] Download | Página del Plugin [...]
[...] 2. Force SSL Bagi Anda yang memiliki hosting dengan dukungan SSL, mengapa tidak memanfaatkan fasilitas tersebut untuk mengamankan WordPress Anda? Plugin ini akan membantu Anda mempermudah proses pengalihan semua akses koneksi protokol HTTP ke protokol HTTPS. Plugin yang cukup simpel untuk fasilitas yang mumpuni. Rating: 4/5 [Download] | [Situs Pengembang] [...]
[...] Download | Home Page [...]
I think I might have stumbled across a potential solution – I've used the "force-ssl" plugin with "HTTPS for WordPress" plugin and it seems to avoid the Force SSL looping redirect issues. Not sure why…but will see how it goes
I installed the plugin and the web I have stopped working. Now it gives me connection error. How can I fix it? I uninstall the plugin?
[...] This makes users to use the SSL connection (secure connection) to connect to your site. This redirects the requests of regular old http to request for new trusty http. You can also download the plugin here. [...]
[...] Force SSL: Determina el uso de páginas cifradas para utilizar el blog. [...]
I've installed force SSL and now I get the error:
ssl_error_rx_record_too_long
I can't even delete the plugin through ftp to disable it.
Any ideas?
[...] Force SSL (Download, Directory): For those will an SSL certificate, this plugin forces an HTTPS connection for security purposes. Force SSL simply redirects requests made via regular old http to requests for trusty new https, the SSL connection (secure connection). [...]
ssl_error_rx_record_too_long
i have error dont entry web page help me