We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Wordpress and SSL links

doctorbill
doctorbill asked
on
High Priority
47 Views
Last Modified: 2020-06-05
Can someone PLEASE explain how I can update the links shown in the attached file from http:// to https:// using WP-Admin
I have tried everything to find these linsk and edit them
I am not so hot on Wordpress

I used the whynopadlock site to show the insecure links
The ssl cert is valid

Can I have a clear step by step please
trprojects_http.PNG
Comment
Watch Question

CERTIFIED EXPERT
Most Valuable Expert 2018
Distinguished Expert 2019

Commented:
Hi Bill,

I'm guessing these warnings are images that you've loaded into content (pages and posts) so they get hard-coded into the DB. It's always bugged me that WordPress drops an image into a post with a fully qualified URL, rather than a relative one - makes moving hosts or changing domains a right pain. Seems a pretty bad way of doing things !!

Probably the easiest way to change this is with a a plugin (sigh!). Technically, you could do it manually (by running a SQL Query), but you'd need to do each table one at a time, and you may miss some.

Have a look at this one - https://wordpress.org/plugins/better-search-replace/

Make a backup of your DB before doing this, and once finished, just uninstall and delete the plugin.
David FavorFractional CTO
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
If you attempt to do this via the WordPress admin panel, then a problems occurs, you + all visitors may be locked out of the site completely.

The "rock solid" way to do this is using ssh + wp-cli... where "rock solid" means the fix will be correct, work first time, work in all cases.

1) ssh into your machine.

2) cd to your WordPress root directory.

3) Run something similar to this...

wp-cli-phar search-replace --report-changed-only "http://site.com" "https://site.com" --precise --recurse-objects --all-tables
wp-cli-phar search-replace --report-changed-only "http://www.site.com" "https://site.com" --precise --recurse-objects --all-tables
wp-cli-phar search-replace --report-changed-only "https://www.site.com" "https://site.com" --precise --recurse-objects --all-tables

Open in new window


4) Now edit your Apache config to use
https://site.com 

Open in new window

as your terminal site.

Note: Only use 302s for this. If you use 301s + make a mistake, visitors will see in infinite redirect loop for you site... forever... well, until they manually clear their browser cache...

http://site.com -> 302 -> https://site.com
http://wwwsite.com -> 302 -> https://site.com
https://wwwsite.com -> 302 -> https://site.com

Open in new window


5) As you can see, trying to do this from the command line will completely destroy access if anything goes wrong.

Author

Commented:
Chris
Yes - I agree
I have already seen the plugin you mention but the problem is I don't have the ability to install plugins via the wp-admin and the plugins folder does not even show up
I have inherited this site so it may be that I am not a full admin
I suppose I can install the plugin manually up ftp upload
Will try this

David - will also look into the ssh protocol

Will get back to you all 

Author

Commented:
Just carried out searches in the relevant table (wp_posts) for some of the links mentioned in the "whynopadlock" site
None of them exist in the table
CERTIFIED EXPERT
Most Valuable Expert 2018
Distinguished Expert 2019

Commented:
Do you have a live link to your site. May be able to gain a better insight if we can look at the site.

Author

Commented:
wp_config.php file:
define('DB_NAME', 'xxx');

/** MySQL database username */
define('DB_USER', 'xxx');

/** MySQL database password */
define('DB_PASSWORD', 'xxx');

These details are not in the wp_users table (is that because they are specific for the mysql connection?)
There is an "admin" user but I don't have the password
I could change it but I don't want to break the database connection as it is not my site - the previous admin just dumped it on my lap
I am supposed to have the responsibility for it
Would it be ok to change the admin password?
I can then give you access
I think the current user access is not full admin access


CERTIFIED EXPERT
Most Valuable Expert 2018
Distinguished Expert 2019

Commented:
Hey Bill,

The settings you've shown from wp_config.php are the DB connection details - so they allow your application to connect to the database. This is entirely different to Users and their passwords

If the previous admin dumped it on you, then I would suggest that changing the password is not just OK - it's essential !!

Do you have access to your database via phpMyAdmin. If you do, then you can login to that, and open up the users table called wp_users by default but the prefix wp_ could be different.

Find the admin user (assuming you know their username or email address). Edit the user, find the password entry (user_pass), select MD5 in the functions dropdown and type a new password. Save the record and you should be good to go.

Author

Commented:
Will do
Thanks for editing the post - I was about to do that

Author

Commented:
Wow
That made all the difference
The previous logon was not an admin (as I suspected)
Now I have logged in as Admin with a new PW I have full admin rights and I can see all the plugin folders, tools etc
Awesome

Site details:
Happy for you to look around and suggest some things I can do:
https://tr-projectsgroup.com/wp-admin 
UN: xxx
PW: xxx

You will see the SSL cert is correct but some links are not https://.......................

CERTIFIED EXPERT
Most Valuable Expert 2018
Distinguished Expert 2019

Commented:
I'll have a look around.

Edited your comment again - I wouldn't go posting username and password on these questions. If you need to let an Expert know some login details, use the Messaging system - keeps your sites nice and safe :)
CERTIFIED EXPERT
Most Valuable Expert 2018
Distinguished Expert 2019

Commented:
Hmmm. Had a quick look around - can't see anything obvious but the site looks to be built with a few quirky plugins, and some pretty ropey page-builders.

I think your best bet would be to install the URL replacer plugins and run that through your site to see how much that fixes. If you load up your site, press F12 on your keyboard and examing the Console tab in the WebDev tools, you'll start to see all the warnings and errors on your site. A lot of those errors are indicating non-secure assets, but some are also pointing to the elements that are being loaded from an entirely different domain (http://www.trpmc.co.uk) so you might need to do a URL replacement on those as well.
David FavorFractional CTO
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
@Chris you win a slot for all time best EE quote, "site looks to be built with a few quirky plugins, and some pretty ropey page-builders".

Author

Commented:
Tried this with the plugin: Better Search Replace
Search for:
http://www.trpmc.co.uk/wp-content/uploads/2019/02/tr-projects-logo.png
Replace with:
https://www.trpmc.co.uk/wp-content/uploads/2019/02/tr-projects-logo.png
What I don't get is this line returned from the website check:
An image with an insecure url of "http://www.trpmc.co.uk/wp-content/uploads/2019/02/tr-projects-logo.png" was loaded on line: 119 of https://tr-projectsgroup.com/

Also:
Search for:
http://tr-projectsgroup.comwp-content/uploads/2019/02/tr-projects-logo.png
Replace with:
https://tr-projectsgroup.comwp-content/uploads/2019/02/tr-projects-logo.png
and this line returned from the website check:
An image with an insecure url of "http://tr-projectsgroup.comwp-content/uploads/2019/02/tr-projects-logo.png" was loaded on line: 119 of https://tr-projectsgroup.com/
(in the above - there is a missing /)

One thing:
There is a redirect from the www. trpmc.co.uk to tr-projectsgroup.com

Same problem
I agree with all - wordpress can be a real pain!!
CERTIFIED EXPERT
Most Valuable Expert 2018
Distinguished Expert 2019
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview

Author

Commented:
Strikes me that I need to remove the redirect, then go to the trpmc.co.uk site and log in with wp-admin and locate the correct images, then upload them to the projectsgroup site

Author

Commented:
Getting there - now only 2 errors

Author

Commented:
Now no errors
Site is showing a full padlock after I set the correct image paths to the current site media files
I am SO grateful for the help - thanks a million

Author

Commented:
Final comment - I thought I knew how to submit responses securely - Chris, how did you edit the responses to make them secure (not public)?
CERTIFIED EXPERT
Most Valuable Expert 2018
Distinguished Expert 2019

Commented:
Hey Bill,

Nice one. Glad you got it sorted.

Not sure what you mean by secure responses!

Author

Commented:
This comment:
"Edited your comment again - I wouldn't go posting username and password on these questions. If you need to let an Expert know some login details, use the Messaging system - keeps your sites nice and safe :) "

CERTIFIED EXPERT
Most Valuable Expert 2018
Distinguished Expert 2019

Commented:
Ah right. As a Topic Advisor, I have elevated rights, so I just edited your comment to remove the login credentials. If you want to send an Expert and Private Message, click on there username in a comment and from their profile, click the Message button.

Author

Commented:
Once again - thanks for all the help
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.