I facing an issue. I installed WordPress on a Ubuntu server.
Though both site_url and home_url are with https, WordPress keeps loading files via http. This blocks me when trying to login (login form action is http too) and also loads assets via http and I get Warnings in browser console. The server is configured by third party and it redirects to https.
I used:
define( 'WP_HOME', '' );
define( 'WP_SITEURL', '' );
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';
With these two I receive to many redirects on wp-admin.
The only thing that worked (at least to log in) was:
if($_SERVER['PHP_SELF']=="/index.php")
{
define('WP_HOME','');
define('WP_SITEURL','');
}
else
{
define('WP_HOME','');
define('WP_SITEURL','');
}
But this is not a solution, cause my site will load assets via http... I searched and tested solutions from here and other sites, but none of them seems to work.
I facing an issue. I installed WordPress on a Ubuntu server.
Though both site_url and home_url are with https, WordPress keeps loading files via http. This blocks me when trying to login (login form action is http too) and also loads assets via http and I get Warnings in browser console. The server is configured by third party and it redirects to https.
I used:
define( 'WP_HOME', 'https://sitename' );
define( 'WP_SITEURL', 'https://sitename' );
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';
With these two I receive to many redirects on wp-admin.
The only thing that worked (at least to log in) was:
if($_SERVER['PHP_SELF']=="/index.php")
{
define('WP_HOME','https://sitename');
define('WP_SITEURL','https://sitename');
}
else
{
define('WP_HOME','http://sitename');
define('WP_SITEURL','http://sitename');
}
But this is not a solution, cause my site will load assets via http... I searched and tested solutions from here and other sites, but none of them seems to work.
Share Improve this question edited Feb 16, 2020 at 18:19 fuxia♦ 107k39 gold badges255 silver badges459 bronze badges asked Feb 16, 2020 at 18:08 AkilAkil 111 bronze badge 2 |1 Answer
Reset to default 0@Tomc 's solution is a great start. Here it is formatted (you can't format things in a comment).
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
In addition, I'm not a fan of setting URLs in the configuration files. Best (IMHO) to set those two values in the wp-options table.
You might need to look at the entire database to ensure that all references to internal assets (especially media) is set to https . There are several plugins that allow you to search (and replace) items in the database - my go-to is the "Better Search and Replace" plugin.
You can use the Developer tools in your browser (usually F12) to see all requests, and find those that are not https.
Added
Here's a rewrite rule for forcing SSL, plus WordPress basic. Change domain name to match yours.
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
.htaccessfile? Could be worth adding this at the top:RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]– TomC Commented Feb 16, 2020 at 19:35