WordPress HTTPS (SSL) – WordPress plugin Free download

Click to Download

WordPress HTTPS (SSL)

Description

WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites. WordPress HTTPS is well-known for being the “heavy-hitter” of SSL plugins. The latest release focuses on speed and performance.

Read the Installation Guide. If after setting up the plugin you are experiencing issues, please check the FAQ. If you are still unable to resolve your issue, start a support topic and someone from the community may be able to assist you. If you need immediate assistance, I am available for hire. Unfortunately, I do not have time to support the plugin for free.

If your SSL needs are simple, there are many fantastic, light-weight alternatives to WordPress HTTPS such as:
Really Simple SSL (great for securing the entire site)
SSL Insecure Content Fixer (great at fixing most insecure content errors)

Contribute Code at https://github.com/Mvied/wordpress-https

Issue Tracker at https://github.com/mvied/wordpress-https/issues

Contribute Translations at https://translate.wordpress.org/projects/wp-plugins/wordpress-https

Screenshots

WordPress HTTPS Settings screen
Force SSL checkbox added to add/edit posts screen

Installation

Upload the wordpress-https folder to the /wp-content/plugins/ directory.
Activate the plugin through the ‘Plugins’ menu in WordPress.
Navigate to the HTTPS settings page in the admin sidebar in the dashboard.
If you are using a non-default SSL Host for your HTTPS connection (e.g., a subdomain or shared SSL host) enter the entire secure URL into SSL Host. If your installation is located in a folder, you can choose to include it in the URL or not. If you set this to a domain that is not currently serving your WordPress installation over HTTPS and enable Force SSL Admin, you will lock yourself out of your dashboard. Follow instructions in the FAQ to reset the plugin.
If you would like connections to your admin panel to be secure, enable Force SSL Admin. If you are using a non-default SSL Host, do not use WordPress’ built-in FORCE_SSL_ADMIN or FORCE_SSL_LOGIN.
If you are looking to secure only your admin panel and/or posts and pages you specify, enable Force SSL Exclusively. This will ensure that any content not specified to be secure is always served over HTTP.
You can individually secure post and pages when editing them by updating the settings located in the HTTPS box on the right sidebar.
You can use simple text match or regular expressions to specify URL’s that should be secure using URL Filters in the WordPress HTTPS settings. Each filter should be on one line.

FAQ

Installation Instructions

Upload the wordpress-https folder to the /wp-content/plugins/ directory.
Activate the plugin through the ‘Plugins’ menu in WordPress.
Navigate to the HTTPS settings page in the admin sidebar in the dashboard.
If you are using a non-default SSL Host for your HTTPS connection (e.g., a subdomain or shared SSL host) enter the entire secure URL into SSL Host. If your installation is located in a folder, you can choose to include it in the URL or not. If you set this to a domain that is not currently serving your WordPress installation over HTTPS and enable Force SSL Admin, you will lock yourself out of your dashboard. Follow instructions in the FAQ to reset the plugin.
If you would like connections to your admin panel to be secure, enable Force SSL Admin. If you are using a non-default SSL Host, do not use WordPress’ built-in FORCE_SSL_ADMIN or FORCE_SSL_LOGIN.
If you are looking to secure only your admin panel and/or posts and pages you specify, enable Force SSL Exclusively. This will ensure that any content not specified to be secure is always served over HTTP.
You can individually secure post and pages when editing them by updating the settings located in the HTTPS box on the right sidebar.
You can use simple text match or regular expressions to specify URL’s that should be secure using URL Filters in the WordPress HTTPS settings. Each filter should be on one line.

How do I fix partially encrypted/mixed content errors?

To identify what is causing your page(s) to be insecure, please follow the instructions below.

Click to Download Google Chrome.
Open the page you’re having trouble with in Google Chrome.
Open the Developer Tools. How to access the Developer Tools.
Click on the Console tab.

For each item that is making your page partially encrypted, you should see an entry in the console similar to “The page at https://www.example.com/ displayed insecure content from http://www.example.com/.” Note that the URL that is loading insecure content is HTTP and not HTTPS.

Once you have identified the insecure elements, you need to figure out what theme or plugin is causing these elements to be loaded. Although WordPress HTTPS does its best to fix all insecure content, there are a few cases that are impossible to fix. Here are some typical examples.

The element is external (not hosted on your server) and is not available over HTTPS. These elements will have to be removed from the page by disabling or modifying the theme or plugin that is adding the element.
The element is internal (hosted on your server) but does not get changed to HTTPS. This is often due to a background image in CSS or an image or file path in JavaScript being hard-coded to HTTP inside of a CSS file. The plugin can not fix these. The image paths must be changed to relative links. For example `http://www.example.com/wp-content/themes/mytheme/images/background.jpg` to simply `/wp-content/themes/mytheme/images/background.jpg`. Ensure you copy the entire path, including the prepended slash (very important).

I can’t get into my admin panel. How do I fix it?

Since it is possible to lock yourself out of the dasboard, WordPress HTTPS comes with a way to reset the plugin’s settings. The plugin makes no permanent changes to WordPress, so this will restore all settings to their defaults. Follow directions under “How do I reset the plugin’s settings?”

How do I reset the plugin’s settings?

Go to /wp-content/plugins/wordpress-https/wordpress-https.php and uncomment (remove the two forward slashes before) the line below, or go to your wp-config.php file and add this line. Hit any page on your site, and then remove it or comment it out again.
define(‘WPHTTPS_RESET’, true);

The settings won’t save!

Did you reset the plugin following the steps above and forget to comment the line back out or remove it from wp-config.php?

How do I make my whole website secure?

To make your entire website secure, you simply need to change your site url to use HTTPS instead of HTTP. Please read how to change the site url.
Alternatively, you can use URL Filters in the WordPress HTTPS Settings to secure your entire site by putting just ‘/’ as a filter. This will cause any URL with a forward slash to be secure (all of them).

How do I make only certain pages secure?

The plugin adds a meta box to the add/edit post screen entitled HTTPS. In that meta box, a checkbox for ‘Secure Post’ has been added to make this process easy. See Screenshots if you’re having a hard time finding it.
Alternatively, you can use URL Filters to secure post and pages by their permalink.

I’m using Force SSL Administration and all of the links to the front-end of my site are HTTPS. Why?

For many users this behavior is desirable. If you would like links the the front-end of your site to be HTTP, enable Force SSL Exclusively and do not secure your front-end pages.

I’m getting 404 errors on all of my pages. Why?

If you’re using a public/shared SSL, try disabling your custom permalink structure. Some public/shared SSL’s have issues with WordPress’ permalinks because of the way they are configured. If you continue to recieve 404 errors, there may be no way to use WordPress with that particular public/shared SSL.

I’m receiving a blank page with no error. What gives?

This is most commonly due to PHP’s memory limit being too low. Check your Apache error logs just to be sure. Talk to your hosting provider about increading PHP’s memory limit.

Is there a hook or filter to force pages to be secure?

Yes! Here is an example of how to use the ‘force_ssl’ filter to force a page to be secure.
function custom_force_ssl( $force_ssl, $post_id = 0, $url = ” ) {
if ( $post_id == 5 ) {
$force_ssl = true;
}
return $force_ssl;
}

add_filter('force_ssl' , 'custom_force_ssl', 10, 3);

You can also use this filter to filter pages based on their URL. Let’s say you have an E-commerce site and all of your E-commerce URL’s contain ‘store’.
function store_force_ssl( $force_ssl, $post_id = 0, $url = ” ) {
if ( strpos($url, ‘store’) !== false ) {
$force_ssl = true;
}
return $force_ssl;
}

add_filter('force_ssl', 'store_force_ssl', 10, 3);

Reviews

Leave a Reply

Your email address will not be published. Required fields are marked *