Make a WordPress site work on both HTTP & HTTPS

Since Google started including sites which server under HTTPS in their ranking, and CloudFlare came out with their Universal SSL service, I was thinking to add a native SSL support to my WP blog.

But it seems like WP dose not support working in HTTP&HTTPS at the same time. At first I created a new VirtualHost(Apache)/server(Nginx) config for my blog too work with SSL, but when I tried to access it with https the browser block the loading of the site and complain about mix content.

And so after some googling, I came out with this hack I wrote to have my WordPress blog to be accessible via HTTP & HTTPS.

Add HTTPS & HTTP links to the wp-config.php file

Add the following line to the wp-config.php file, it basically hard-coding the site name based on the connection type.

 Force SSL (optional)

If you like you can force SSL for the Admin pages and for login.

Problems

While enabling SSL on my blog, I start having problems with WP plugin called W3 Total Cache, so for now i had to disable it until I have the time to check out what exactly is the problem.

Resources

  • https://wordpress.org/support/topic/get-wordpress-running-on-both-https-http
  • https://make.wordpress.org/support/user-manual/web-publishing/https-for-wordpress/
  • https://managewp.com/wordpress-ssl-settings-and-how-to-resolve-mixed-content-warnings

 

Related Post

You may also like...

16 Responses

  1. Leo says:

    it seems to work fine for me on wp 4.1.1.

    I noticed simply changing

    to

    seems to make your snipped work without hard coding the site name. is there anything wrong with this approach?

    thank you.

    • Rabin says:

      Thank you, I’m aware of this option, and yes it dose make the code more generic. But the $_SERVER[‘HTTP_HOST’] variable is based on the request from the client, and so can be unexpected, this is why i hard coded the site name.

  2. Till says:

    Any news on the Cache plugin?

  3. Tamil says:

    it’s good thanks. and, to fixing the image src I will use plugin, allright? https://wordpress.org/plugins/force-https-littlebizzy/

    thanks for feedback.

  4. I am having trouble on my Blog here.
    Whenever users want to visit the blog with “http”, it won’t load (Error 403 message) but, when they use “https”, it will load without any problem.
    What should I do?

  5. rich andrews says:

    I made my move to https in 3 easy steps.

    1 – since i have a squid reverse proxy, I got cert for it and configure it to take https requests, translate to http and pass them to the webserver

    2 – I add a module to apache to add a header.
    Header add Content-Security-Policy “upgrade-insecure-requests;”
    by simply adding that header statement, all of my mixed content statements went away.

    The third step was to get a cert from letsencrypt.com for all of the sites I wanted to convert to https. That way one cert covers everything.

    • Rabin says:

      yes, using a reverse proxy will work as well. I have simile setup for another site, but using nginx as my ssl terminator and varnish as my reverse proxy.

  6. baptx says:

    I think we can directly use WordPress is_ssl() function instead of the custom isSecure() function.

  7. baptx says:

    I just noticed that WordPress support using HTTP and HTTPS at the same time without this trick. We just have to set the WordPress site URL with HTTP instead of HTTPS.
    Then we can add define('FORCE_SSL_ADMIN', true); in wp-config.php if we want to force logging in using HTTPS (should be placed before require_once(ABSPATH . 'wp-settings.php');).

    • Rabin says:

      I’m not sure, truth to be told, I haven’t check if WP solved this problem in the past 3 years. the main problem is that WP will use ABSOLUTE paths for the site and its internal url’s and media files. So at that time I had to use this trick, now days, I mostly force/redirect http->https, and not bother with this hack.

  8. I solved the problem with W3 total cache and cloud flare with this extended condition.

  9. volkan says:

    well, my all http traffic was redirected to https. actually i would like to use just https but after a while i recognized that some phones browsers having trouble to reach my site. (certificate error.) , so i had to use both http and https , i erased the redirect on virtual host and added this to wordpress config, working well , thank you.

    • Rabin says:

      you may want to try and use older crypto (e.g SSLv3/TLS1) to allow older browsers/devices/os to access your site over secure connection.

Leave a Reply

Your email address will not be published. Required fields are marked *