Reputation: 138
Force SSL on WordPress archives
I'm using the WordPress HTTPS (SSL) plugin to run my website over https, and have updated my 'WordPress Address' and 'Site Address' fields under the 'settings' menu to reflect that.
All pages and posts run over a secure connection, but archives (which I make substantial use of due to custom post types) don't. Other more traditional archive types such as tag archives act similarly.
As these are sort of pseudo pages (and don't have a physical location to tweak settings in the WP admin), is there any way of forcing these to run over SSL? Is there a trick I've missed editing .htaccess?
Many thanks in advance
Upvotes: 0
Views: 139
Answers (1)
Reputation: 17561
You don't really need to use that plugin. And, there are several other things that should be checked to fix the archives and Custom Post Types lack of SSL.
Deactivate the plugin, clear your caches, and then change http to https in the two URL settings in WordPress Dashboard>>Settings>>General and save.
And then force SSL and www for non-SSL incoming traffic by putting these rewrite rules above the WordPress rewrite block in .htaccess:
RewriteEngine on
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
That will take care of all WordPress URLs, and should take care of the Custom Post Types, too.
But check your CPT functions in functions.php or other theme files for absolute http URLs and remove the http: and leaving the //, i.e.
//fonts.googleapis.com/css?family=OpenSans
and not like
http://fonts.googleapis.com/css?family=OpenSans
Check your theme's style sheets for absolute URLs that are httpthe same way, and header links, too, i.e.:
<link href='//fonts.googleapis.com/css?family=OpenSans' rel='stylesheet' type='text/css'>
And, it's a good idea to search all your post/page content to change all http links to https for images and internal links. Changing the WordPress site URL settings to https is not enough, as that does not retroactively change all links in post/page content. Use a plugin called Search RegEx to find/replace links in post/page content. Or, use an SQL find/replace utility called interconnectit.com WordPress Serialized PHP Search Replace Tool to scan the whole database.
Lastly, use the developer tools in Firefox (or Firebug) or Chrome or Safari or IE to check for insecure element errors that are caused by images, scripts, etc., that are not loading over SSL.
Upvotes: 1
Related Questions
- How to correctly force SSL on WordPress via wp-config.php?
- Wordpress: Force HTTPS using .htaccess
- Make wordpress load assets over https before installation
- WordPress Enforce https through .htaccess
- Use SSL in wordpress site
- How to force specific pages in wordpress to be non SSL (http)
- How to: Getting SSL to work on Wordpress without 404 error
- Wordpress (on Rackspace Server) force the entire site over SSL except one page
- .htaccess issue to force SSL
- SSL in a wordpress website