Solved

Force https on Wordpress page

Posted on 2014-03-11
23
511 Views
Last Modified: 2014-03-12
Hi there.  I have a wordpress site but want to force a page to go over https.  I found a script that I placed inside my functions.php page but it breaks the page.  The script is:

$using_ssl = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' || $_SERVER['SERVER_PORT'] == 443;
add_action('wp', 'check_ssl');
function check_ssl()
{
// Page ID 153 must be https
if (is_page(153) && !$using_ssl)
{
header('HTTP/1.1 301 Moved Permanently');
header('Location: https://' . $_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']);
exit;
}
// All other pages must not be https
else if (!is_page(153) && $using_ssl)
{
header('Location: http://' . $_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']);
exit;
}
}

Open in new window


... page id is 153 on my site that I need over https.  Any ideas experts?
0
Comment
Question by:COwebmaster
  • 10
  • 9
  • 4
23 Comments
 
LVL 34

Expert Comment

by:Dan Craciun
Comment Utility
Can you output the contents of $using_ssl? I suspect that's your problem.
$using_ssl = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' || $_SERVER['SERVER_PORT'] == 443;
echo '<pre>';
print_r($using_ssl);
echo '</pre>';

Open in new window

HTH,
Dan
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
Those compound statements are always confusing.  I think I might want to deconstruct the SSL test online 1 into something like this.

$using_ssl = FALSE;
if ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ) $using_ssl = TRUE;
if ( $_SERVER['SERVER_PORT'] == 443 )                        $using_ssl = TRUE;

Open in new window

You might also want to put the variable definition inside the function, to encapsulate it, so it does not interfere with other code.
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 250 total points
Comment Utility
I think I might try it like this.  If it's not page 153, don't mess with it.

add_action('wp', 'check_ssl');
function check_ssl()
{
    // ARE WE USING SSL?
    $using_ssl = FALSE;
    if ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ) $using_ssl = TRUE;
    if ( $_SERVER['SERVER_PORT'] == 443 )                        $using_ssl = TRUE;

    // Page ID 153 must be https
    if (is_page(153) && !$using_ssl)
    {
        header('HTTP/1.1 301 Moved Permanently');
        header('Location: https://' . $_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']);
        exit;
    }
    // All other pages MUST NOT BE INTERFERED WITH
}

Open in new window

0
 
LVL 34

Expert Comment

by:Dan Craciun
Comment Utility
Ray, what happens when you navigate away from the page with id 153? Won't Wordpress still use https?

I think that was the reason for the else clause (All other pages must not be https)

Dan
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
Good question, Dan.  I'm not sure what would happen; I guess it would depend on whether there are fully-qualified links or relative links.  And I'm not sure I would try to put just one page behind HTTPS, especially not in a design like WP.  The trend among web sites seems to go all HTTPS today.
0
 

Author Comment

by:COwebmaster
Comment Utility
Ray, is that trend because of the changes in the search engines?
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
I can't really say about the search engines.  I know that spying, government and otherwise, is a great concern to web publishers and encrypted communications reduces the risk of accidental loss of data.  The HTTPS pages get different treatment from web browsers (shown with visual cues like pictures of locks, etc.) and this may reassure clients that the pages are safe(r) to use than HTTP pages.
0
 

Author Comment

by:COwebmaster
Comment Utility
Ray, I just tried that and it did not force the page to go over https.

The reason I am doing that is because the page is collecting cc information and I want to force the user to use ssl on that page only.

Any other ideas?
0
 
LVL 34

Expert Comment

by:Dan Craciun
Comment Utility
Are you sure you've configured your server correctly for https? Certificate imported correctly and all?

Cause it fails 99% because $using_ssl = FALSE, which means your server does not support HTTPS.

Dan
0
 

Author Comment

by:COwebmaster
Comment Utility
it's godaddy hosting the the cert is installed correctly.
0
 
LVL 34

Expert Comment

by:Dan Craciun
Comment Utility
Call me stubborn, but I still want to see the value of  $using_ssl.
Just print that variable's value before calling the redirect:
print_r($using_ssl);

Then, if the value printed is false, you know the problem is with the server.
If no value is printed, then you know that function is never called, so the problem is within WP.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:COwebmaster
Comment Utility
where in the functions.php page do I call that and do I use that with Ray's code above?
0
 
LVL 34

Expert Comment

by:Dan Craciun
Comment Utility
You can use Ray's code and add, on line 8:
print_r($using_ssl);

After that you should get a blank page with TRUE OR FALSE at the top and a "Headers already sent" error below.
0
 

Author Comment

by:COwebmaster
Comment Utility
okay, I see this:

1
Warning: Cannot modify header information - headers already sent by (output started at /home/account/public_html/wp-content/themes/sentinel/functions.php:595) in /home/account/public_html/wp-includes/pluggable.php on line 896
0
 

Author Comment

by:COwebmaster
Comment Utility
Okay, I think I see it working now.
0
 

Author Comment

by:COwebmaster
Comment Utility
although if I go to other pages over https, they do not automatically redirect to http

What should I adjust in Ray's code so that it does that?
0
 
LVL 34

Expert Comment

by:Dan Craciun
Comment Utility
OK, progress. $using_ssl is 1 (true) and Ray's function is called.
Delete the print_r from line 8.

Now insert the
print_r($using_ssl);
line after between lines 11 and 12.

Expected output: the same as before.
If you see an error, that means the code gets to the header part and we have to find the error there.

If you do not see an error, the problem is in the condition if (is_page(153) && !$using_ssl)
0
 
LVL 34

Assisted Solution

by:Dan Craciun
Dan Craciun earned 250 total points
Comment Utility
If you want to redirect all other https to http, insert this before line 17 (the closing })

else if (!is_page(153) && $using_ssl)
{
header('Location: http://' . $_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']);
exit;
}

Open in new window

0
 

Author Comment

by:COwebmaster
Comment Utility
Okay, I tried that but did not get any error and the page redirects to https which is good.
0
 

Author Comment

by:COwebmaster
Comment Utility
Okay, I added that bit in and other pages now redirect to http :)
0
 
LVL 34

Expert Comment

by:Dan Craciun
Comment Utility
OK, great. Although I still don't know why the print_r does not kick in...
0
 

Author Closing Comment

by:COwebmaster
Comment Utility
Thank you!!
0
 
LVL 34

Expert Comment

by:Dan Craciun
Comment Utility
Glad I could help!
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Any business that wants to seriously grow needs to keep the needs and desires of an international audience of their websites in mind. Making a website friendly to international users isn’t prohibitively expensive and can provide an incredible return…
The purpose of this video is to demonstrate how to set up an RSS Feed on a WordPress Website. This will be demonstrated using a Windows 8 PC. Feedburner will be used for this demonstration. Go to your WordPress login page. This will look like the…
The viewer will learn how to count occurrences of each item in an array.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now