Make a WordPress site work on both HTTP & HTTPS

13 Responses

  1. Leo says:

    it seems to work fine for me on wp 4.1.1.

    I noticed simply changing


    seems to make your snipped work without hard coding the site name. is there anything wrong with this approach?

    thank you.

    • Rabin says:

      Thank you, I’m aware of this option, and yes it dose make the code more generic. But the $_SERVER[‘HTTP_HOST’] variable is based on the request from the client, and so can be unexpected, this is why i hard coded the site name.

  2. Till says:

    Any news on the Cache plugin?

  3. Tamil says:

    it’s good thanks. and, to fixing the image src I will use plugin, allright?

    thanks for feedback.

  4. I am having trouble on my Blog here.
    Whenever users want to visit the blog with “http”, it won’t load (Error 403 message) but, when they use “https”, it will load without any problem.
    What should I do?

  5. rich andrews says:

    I made my move to https in 3 easy steps.

    1 – since i have a squid reverse proxy, I got cert for it and configure it to take https requests, translate to http and pass them to the webserver

    2 – I add a module to apache to add a header.
    Header add Content-Security-Policy “upgrade-insecure-requests;”
    by simply adding that header statement, all of my mixed content statements went away.

    The third step was to get a cert from for all of the sites I wanted to convert to https. That way one cert covers everything.

    • Rabin says:

      yes, using a reverse proxy will work as well. I have simile setup for another site, but using nginx as my ssl terminator and varnish as my reverse proxy.

  6. baptx says:

    I think we can directly use WordPress is_ssl() function instead of the custom isSecure() function.

  7. baptx says:

    I just noticed that WordPress support using HTTP and HTTPS at the same time without this trick. We just have to set the WordPress site URL with HTTP instead of HTTPS.
    Then we can add define('FORCE_SSL_ADMIN', true); in wp-config.php if we want to force logging in using HTTPS (should be placed before require_once(ABSPATH . 'wp-settings.php');).

    • Rabin says:

      I’m not sure, truth to be told, I haven’t check if WP solved this problem in the past 3 years. the main problem is that WP will use ABSOLUTE paths for the site and its internal url’s and media files. So at that time I had to use this trick, now days, I mostly force/redirect http->https, and not bother with this hack.

Leave a Reply

Your email address will not be published. Required fields are marked *