Wordpress and SSL links
Can someone PLEASE explain how I can update the links shown in the attached file from http:// to https:// using WP-Admin
I have tried everything to find these linsk and edit them
I am not so hot on Wordpress
I used the whynopadlock site to show the insecure links
The ssl cert is valid
Can I have a clear step by step please
trprojects_http.PNG
I have tried everything to find these linsk and edit them
I am not so hot on Wordpress
I used the whynopadlock site to show the insecure links
The ssl cert is valid
Can I have a clear step by step please
trprojects_http.PNG
If you attempt to do this via the WordPress admin panel, then a problems occurs, you + all visitors may be locked out of the site completely.
The "rock solid" way to do this is using ssh + wp-cli... where "rock solid" means the fix will be correct, work first time, work in all cases.
1) ssh into your machine.
2) cd to your WordPress root directory.
3) Run something similar to this...
4) Now edit your Apache config to use
Note: Only use 302s for this. If you use 301s + make a mistake, visitors will see in infinite redirect loop for you site... forever... well, until they manually clear their browser cache...
5) As you can see, trying to do this from the command line will completely destroy access if anything goes wrong.
The "rock solid" way to do this is using ssh + wp-cli... where "rock solid" means the fix will be correct, work first time, work in all cases.
1) ssh into your machine.
2) cd to your WordPress root directory.
3) Run something similar to this...
wp-cli-phar search-replace --report-changed-only "http://site.com" "https://site.com" --precise --recurse-objects --all-tables
wp-cli-phar search-replace --report-changed-only "http://www.site.com" "https://site.com" --precise --recurse-objects --all-tables
wp-cli-phar search-replace --report-changed-only "https://www.site.com" "https://site.com" --precise --recurse-objects --all-tables4) Now edit your Apache config to use
https://site.com Note: Only use 302s for this. If you use 301s + make a mistake, visitors will see in infinite redirect loop for you site... forever... well, until they manually clear their browser cache...
http://site.com -> 302 -> https://site.com
http://wwwsite.com -> 302 -> https://site.com
https://wwwsite.com -> 302 -> https://site.com5) As you can see, trying to do this from the command line will completely destroy access if anything goes wrong.
ASKER
Chris
Yes - I agree
I have already seen the plugin you mention but the problem is I don't have the ability to install plugins via the wp-admin and the plugins folder does not even show up
I have inherited this site so it may be that I am not a full admin
I suppose I can install the plugin manually up ftp upload
Will try this
David - will also look into the ssh protocol
Will get back to you all
Yes - I agree
I have already seen the plugin you mention but the problem is I don't have the ability to install plugins via the wp-admin and the plugins folder does not even show up
I have inherited this site so it may be that I am not a full admin
I suppose I can install the plugin manually up ftp upload
Will try this
David - will also look into the ssh protocol
Will get back to you all
ASKER
Just carried out searches in the relevant table (wp_posts) for some of the links mentioned in the "whynopadlock" site
None of them exist in the table
None of them exist in the table
Do you have a live link to your site. May be able to gain a better insight if we can look at the site.
ASKER
wp_config.php file:
define('DB_NAME', 'xxx');
/** MySQL database username */
define('DB_USER', 'xxx');
/** MySQL database password */
define('DB_PASSWORD', 'xxx');
These details are not in the wp_users table (is that because they are specific for the mysql connection?)
There is an "admin" user but I don't have the password
I could change it but I don't want to break the database connection as it is not my site - the previous admin just dumped it on my lap
I am supposed to have the responsibility for it
Would it be ok to change the admin password?
I can then give you access
I think the current user access is not full admin access
define('DB_NAME', 'xxx');
/** MySQL database username */
define('DB_USER', 'xxx');
/** MySQL database password */
define('DB_PASSWORD', 'xxx');
These details are not in the wp_users table (is that because they are specific for the mysql connection?)
There is an "admin" user but I don't have the password
I could change it but I don't want to break the database connection as it is not my site - the previous admin just dumped it on my lap
I am supposed to have the responsibility for it
Would it be ok to change the admin password?
I can then give you access
I think the current user access is not full admin access
Hey Bill,
The settings you've shown from wp_config.php are the DB connection details - so they allow your application to connect to the database. This is entirely different to Users and their passwords
If the previous admin dumped it on you, then I would suggest that changing the password is not just OK - it's essential !!
Do you have access to your database via phpMyAdmin. If you do, then you can login to that, and open up the users table called wp_users by default but the prefix wp_ could be different.
Find the admin user (assuming you know their username or email address). Edit the user, find the password entry (user_pass), select MD5 in the functions dropdown and type a new password. Save the record and you should be good to go.
The settings you've shown from wp_config.php are the DB connection details - so they allow your application to connect to the database. This is entirely different to Users and their passwords
If the previous admin dumped it on you, then I would suggest that changing the password is not just OK - it's essential !!
Do you have access to your database via phpMyAdmin. If you do, then you can login to that, and open up the users table called wp_users by default but the prefix wp_ could be different.
Find the admin user (assuming you know their username or email address). Edit the user, find the password entry (user_pass), select MD5 in the functions dropdown and type a new password. Save the record and you should be good to go.
ASKER
Will do
Thanks for editing the post - I was about to do that
Thanks for editing the post - I was about to do that
ASKER
Wow
That made all the difference
The previous logon was not an admin (as I suspected)
Now I have logged in as Admin with a new PW I have full admin rights and I can see all the plugin folders, tools etc
Awesome
Site details:
Happy for you to look around and suggest some things I can do:
https://tr-projectsgroup.com/wp-admin
UN: xxx
PW: xxx
You will see the SSL cert is correct but some links are not https://.......................
That made all the difference
The previous logon was not an admin (as I suspected)
Now I have logged in as Admin with a new PW I have full admin rights and I can see all the plugin folders, tools etc
Awesome
Site details:
Happy for you to look around and suggest some things I can do:
https://tr-projectsgroup.com/wp-admin
UN: xxx
PW: xxx
You will see the SSL cert is correct but some links are not https://.......................
I'll have a look around.
Edited your comment again - I wouldn't go posting username and password on these questions. If you need to let an Expert know some login details, use the Messaging system - keeps your sites nice and safe :)
Edited your comment again - I wouldn't go posting username and password on these questions. If you need to let an Expert know some login details, use the Messaging system - keeps your sites nice and safe :)
Hmmm. Had a quick look around - can't see anything obvious but the site looks to be built with a few quirky plugins, and some pretty ropey page-builders.
I think your best bet would be to install the URL replacer plugins and run that through your site to see how much that fixes. If you load up your site, press F12 on your keyboard and examing the Console tab in the WebDev tools, you'll start to see all the warnings and errors on your site. A lot of those errors are indicating non-secure assets, but some are also pointing to the elements that are being loaded from an entirely different domain (http://www.trpmc.co.uk) so you might need to do a URL replacement on those as well.
I think your best bet would be to install the URL replacer plugins and run that through your site to see how much that fixes. If you load up your site, press F12 on your keyboard and examing the Console tab in the WebDev tools, you'll start to see all the warnings and errors on your site. A lot of those errors are indicating non-secure assets, but some are also pointing to the elements that are being loaded from an entirely different domain (http://www.trpmc.co.uk) so you might need to do a URL replacement on those as well.
@Chris you win a slot for all time best EE quote, "site looks to be built with a few quirky plugins, and some pretty ropey page-builders".
ASKER
Tried this with the plugin: Better Search Replace
Search for:
http://www.trpmc.co.uk/wp-content/uploads/2019/02/tr-projects-logo.png
Replace with:
https://www.trpmc.co.uk/wp-content/uploads/2019/02/tr-projects-logo.png
What I don't get is this line returned from the website check:
An image with an insecure url of "http://www.trpmc.co.uk/wp-content/uploads/2019/02/tr-projects-logo.png" was loaded on line: 119 of https://tr-projectsgroup.com/
Also:
Search for:
http://tr-projectsgroup.comwp-content/uploads/2019/02/tr-projects-logo.png
Replace with:
https://tr-projectsgroup.comwp-content/uploads/2019/02/tr-projects-logo.png
and this line returned from the website check:
An image with an insecure url of "http://tr-projectsgroup.comwp-content/uploads/2019/02/tr-projects-logo.png" was loaded on line: 119 of https://tr-projectsgroup.com/
(in the above - there is a missing /)
One thing:
There is a redirect from the www.trpmc.co.uk to tr-projectsgroup.com
Same problem
I agree with all - wordpress can be a real pain!!
Search for:
http://www.trpmc.co.uk/wp-content/uploads/2019/02/tr-projects-logo.png
Replace with:
https://www.trpmc.co.uk/wp-content/uploads/2019/02/tr-projects-logo.png
What I don't get is this line returned from the website check:
An image with an insecure url of "http://www.trpmc.co.uk/wp-content/uploads/2019/02/tr-projects-logo.png" was loaded on line: 119 of https://tr-projectsgroup.com/
Also:
Search for:
http://tr-projectsgroup.comwp-content/uploads/2019/02/tr-projects-logo.png
Replace with:
https://tr-projectsgroup.comwp-content/uploads/2019/02/tr-projects-logo.png
and this line returned from the website check:
An image with an insecure url of "http://tr-projectsgroup.comwp-content/uploads/2019/02/tr-projects-logo.png" was loaded on line: 119 of https://tr-projectsgroup.com/
(in the above - there is a missing /)
One thing:
There is a redirect from the www.trpmc.co.uk to tr-projectsgroup.com
Same problem
I agree with all - wordpress can be a real pain!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Strikes me that I need to remove the redirect, then go to the trpmc.co.uk site and log in with wp-admin and locate the correct images, then upload them to the projectsgroup site
ASKER
Getting there - now only 2 errors
ASKER
Now no errors
Site is showing a full padlock after I set the correct image paths to the current site media files
I am SO grateful for the help - thanks a million
Site is showing a full padlock after I set the correct image paths to the current site media files
I am SO grateful for the help - thanks a million
ASKER
Final comment - I thought I knew how to submit responses securely - Chris, how did you edit the responses to make them secure (not public)?
Hey Bill,
Nice one. Glad you got it sorted.
Not sure what you mean by secure responses!
Nice one. Glad you got it sorted.
Not sure what you mean by secure responses!
ASKER
This comment:
"Edited your comment again - I wouldn't go posting username and password on these questions. If you need to let an Expert know some login details, use the Messaging system - keeps your sites nice and safe :) "
"Edited your comment again - I wouldn't go posting username and password on these questions. If you need to let an Expert know some login details, use the Messaging system - keeps your sites nice and safe :) "
Ah right. As a Topic Advisor, I have elevated rights, so I just edited your comment to remove the login credentials. If you want to send an Expert and Private Message, click on there username in a comment and from their profile, click the Message button.
ASKER
Once again - thanks for all the help
I'm guessing these warnings are images that you've loaded into content (pages and posts) so they get hard-coded into the DB. It's always bugged me that WordPress drops an image into a post with a fully qualified URL, rather than a relative one - makes moving hosts or changing domains a right pain. Seems a pretty bad way of doing things !!
Probably the easiest way to change this is with a a plugin (sigh!). Technically, you could do it manually (by running a SQL Query), but you'd need to do each table one at a time, and you may miss some.
Have a look at this one - https://wordpress.org/plug
Make a backup of your DB before doing this, and once finished, just uninstall and delete the plugin.