Solved

Force https on Wordpress page

Posted on 2014-03-11
23
519 Views
Last Modified: 2014-03-12
Hi there.  I have a wordpress site but want to force a page to go over https.  I found a script that I placed inside my functions.php page but it breaks the page.  The script is:

$using_ssl = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' || $_SERVER['SERVER_PORT'] == 443;
add_action('wp', 'check_ssl');
function check_ssl()
{
// Page ID 153 must be https
if (is_page(153) && !$using_ssl)
{
header('HTTP/1.1 301 Moved Permanently');
header('Location: https://' . $_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']);
exit;
}
// All other pages must not be https
else if (!is_page(153) && $using_ssl)
{
header('Location: http://' . $_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']);
exit;
}
}

Open in new window


... page id is 153 on my site that I need over https.  Any ideas experts?
0
Comment
Question by:COwebmaster
  • 10
  • 9
  • 4
23 Comments
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 39922767
Can you output the contents of $using_ssl? I suspect that's your problem.
$using_ssl = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' || $_SERVER['SERVER_PORT'] == 443;
echo '<pre>';
print_r($using_ssl);
echo '</pre>';

Open in new window

HTH,
Dan
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 39923341
Those compound statements are always confusing.  I think I might want to deconstruct the SSL test online 1 into something like this.

$using_ssl = FALSE;
if ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ) $using_ssl = TRUE;
if ( $_SERVER['SERVER_PORT'] == 443 )                        $using_ssl = TRUE;

Open in new window

You might also want to put the variable definition inside the function, to encapsulate it, so it does not interfere with other code.
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 250 total points
ID: 39923359
I think I might try it like this.  If it's not page 153, don't mess with it.

add_action('wp', 'check_ssl');
function check_ssl()
{
    // ARE WE USING SSL?
    $using_ssl = FALSE;
    if ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ) $using_ssl = TRUE;
    if ( $_SERVER['SERVER_PORT'] == 443 )                        $using_ssl = TRUE;

    // Page ID 153 must be https
    if (is_page(153) && !$using_ssl)
    {
        header('HTTP/1.1 301 Moved Permanently');
        header('Location: https://' . $_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']);
        exit;
    }
    // All other pages MUST NOT BE INTERFERED WITH
}

Open in new window

0
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 39923373
Ray, what happens when you navigate away from the page with id 153? Won't Wordpress still use https?

I think that was the reason for the else clause (All other pages must not be https)

Dan
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 39923421
Good question, Dan.  I'm not sure what would happen; I guess it would depend on whether there are fully-qualified links or relative links.  And I'm not sure I would try to put just one page behind HTTPS, especially not in a design like WP.  The trend among web sites seems to go all HTTPS today.
0
 

Author Comment

by:COwebmaster
ID: 39923699
Ray, is that trend because of the changes in the search engines?
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 39923736
I can't really say about the search engines.  I know that spying, government and otherwise, is a great concern to web publishers and encrypted communications reduces the risk of accidental loss of data.  The HTTPS pages get different treatment from web browsers (shown with visual cues like pictures of locks, etc.) and this may reassure clients that the pages are safe(r) to use than HTTP pages.
0
 

Author Comment

by:COwebmaster
ID: 39924495
Ray, I just tried that and it did not force the page to go over https.

The reason I am doing that is because the page is collecting cc information and I want to force the user to use ssl on that page only.

Any other ideas?
0
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 39924512
Are you sure you've configured your server correctly for https? Certificate imported correctly and all?

Cause it fails 99% because $using_ssl = FALSE, which means your server does not support HTTPS.

Dan
0
 

Author Comment

by:COwebmaster
ID: 39924538
it's godaddy hosting the the cert is installed correctly.
0
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 39924552
Call me stubborn, but I still want to see the value of  $using_ssl.
Just print that variable's value before calling the redirect:
print_r($using_ssl);

Then, if the value printed is false, you know the problem is with the server.
If no value is printed, then you know that function is never called, so the problem is within WP.
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 

Author Comment

by:COwebmaster
ID: 39924561
where in the functions.php page do I call that and do I use that with Ray's code above?
0
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 39924575
You can use Ray's code and add, on line 8:
print_r($using_ssl);

After that you should get a blank page with TRUE OR FALSE at the top and a "Headers already sent" error below.
0
 

Author Comment

by:COwebmaster
ID: 39924598
okay, I see this:

1
Warning: Cannot modify header information - headers already sent by (output started at /home/account/public_html/wp-content/themes/sentinel/functions.php:595) in /home/account/public_html/wp-includes/pluggable.php on line 896
0
 

Author Comment

by:COwebmaster
ID: 39924605
Okay, I think I see it working now.
0
 

Author Comment

by:COwebmaster
ID: 39924611
although if I go to other pages over https, they do not automatically redirect to http

What should I adjust in Ray's code so that it does that?
0
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 39924620
OK, progress. $using_ssl is 1 (true) and Ray's function is called.
Delete the print_r from line 8.

Now insert the
print_r($using_ssl);
line after between lines 11 and 12.

Expected output: the same as before.
If you see an error, that means the code gets to the header part and we have to find the error there.

If you do not see an error, the problem is in the condition if (is_page(153) && !$using_ssl)
0
 
LVL 34

Assisted Solution

by:Dan Craciun
Dan Craciun earned 250 total points
ID: 39924627
If you want to redirect all other https to http, insert this before line 17 (the closing })

else if (!is_page(153) && $using_ssl)
{
header('Location: http://' . $_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']);
exit;
}

Open in new window

0
 

Author Comment

by:COwebmaster
ID: 39924632
Okay, I tried that but did not get any error and the page redirects to https which is good.
0
 

Author Comment

by:COwebmaster
ID: 39924637
Okay, I added that bit in and other pages now redirect to http :)
0
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 39924641
OK, great. Although I still don't know why the print_r does not kick in...
0
 

Author Closing Comment

by:COwebmaster
ID: 39924669
Thank you!!
0
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 39924684
Glad I could help!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Developer portfolios can be a bit of an enigma—how do you present yourself to employers without burying them in lines of code?  A modern portfolio is more than just work samples, it’s also a statement of how you work.
The purpose of this video is to demonstrate how to set up basic WordPress SEO. This will be demonstrated using a Windows 8 PC. The plugin used will be WordPress SEO by Yoast. Go to your WordPress login page. This will look like the following: myw…
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now