Geek Answers Handbook

Change all occurrences of "http" to "https" on the wordpress page

I am implementing SSL on some Wordpress sites. I am currently receiving mixed content warnings on secure pages - my custom theme includes many links and src attributes that appear on all pages. Links are displayed in the header, footer, navigation (automatically generated by the wordpress function) and sidebar (partially from the plugin). Although I could theoretically write custom headers and footers for secure pages, it would be impossible to use the plugin and navigation on the secure page.

What I'm trying to do all day is to write a javascript or jQuery function that changes all occurrences of "http" to "https" to pages that are served over SSL.

This problem clearly showed me the limits of my coding ability. It is problematic that the final document served consists of several php files, some of which I have little control (I would have to modify the plugins (A), which are (A) quite complex and (B) that I would like to update in the future ) Also, regular expressions are still a mystery to me.

I donโ€™t know if this is possible, and whether it is possible to start the change using $ (document) .ready or window.onload anyway, since the browser will give a warning about mixed content earlier than this.

Thanks Johannes

+4
source share
7 answers

I think you should use the plugin as "WordPress HTTPS" . There are too many extreme cases that you should be aware of (for example, third-party plugins that you donโ€™t have), and using a well-stabilized add-on like this would be an interesting approach.

WordPress HTTPS is designed to be an all-in-one solution for using SSL WordPress Sites. Free support provided!

+5
source

Have you looked at the attribute of the relative agnostic protocol url?

eg. if you have the following

<img src="//myimage.png" />

He will use any protocol on which the page is currently located. Additional information: http://paulirish.com/2010/the-protocol-relative-url/

+11
source

I agree with other posters that suggest that there are better ways to do what you need. With that said, it sounds like you're tied, so let me suggest a crack. (BTW, hat tip and +1 vote on protocol relative URL, I did not know about that!)

In any case, I assume that you are in the <a> tags, but this should be easily extrapolated to others:

 if (document.location.protocol === 'https:') { $('a').each(function() { var href = $(this).attr('href'); if (href.indexOf('http:') > -1) { href = href.replace('http:', 'https:'); $(this).attr('href', href); } }); }

With this help, I would advise you to see if there is a safer / more practical way to do what you are trying to do. I also mentioned that this approach will most likely only work for links; changing CSS and script links after page loading will certainly have unpleasant consequences and will not give you the desired result.

Note the ":" in the document document.location.protocol === 'https:' ".

+6
source

I think you should do it server side by setting a cookie or something like this instead of using JavaScript to handle such a potentially dangerous security hole.

+4
source

if you only want to make sure that there is no mixed content when making an HTTPS request, try adding a simple code snippet to the "function.php" file of the current topic.

 function _bd_force_https() { if ( empty( $_SERVER['HTTPS'] ) ) return; ob_start(); } add_action( 'template_redirect', '_bd_force_https', 1 ); function _bd_output_https_page() { if ( empty( $_SERVER['HTTPS'] ) ) return; echo str_ireplace( 'http://', 'https://', ob_get_clean() ); } add_action( 'wp_footer', '_bd_output_https_page', 99 );

PROS:

  • very meager, easy to add
  • does not use javascript / jquery

MINUSES:

  • not a plugin, so it will be broken when the theme changes.
  • cannot intercept HTTP requests made by javascripts from the client side
+3
source

If this exact problem today, wordpress-https did not work for me at all, I made my entire site hang in my browser after I tried to save the settings. I found a much simpler plugin that did a great trick: http://wordpress.org/extend/plugins/ssl-insecure-content-fixer/

As a side note, if you use a reverse proxy such as nginx like me, you will need to follow the recommendations here: http://blog.netflowdevelopments.com/2013/04/10/fixing-this-page-includes-script -from-unauthenticated-sources-problem-with-ssl-wordpress-install-on-apachenginx-server /

essentially saying this:

if (stripos (get_option ('siteurl'), 'https: //') === 0) {$ _SERVER ['HTTPS'] = 'on'; }

at the end of your wp-config.php file

+2
source

After all the other migration steps, if you still get mixed content:

 sudo apt-get install php5-cli curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar pushd /var/www/path/ php /path/to/wp-cli.phar search-replace 'http://example.com' 'https://example.com' --skip-columns=guid --dry-run

if ok

 php /path/to/wp-cli.phar search-replace 'http://example.com' 'https://example.com' --skip-columns=guid

from: https://helgeklein.com/blog/2015/01/switching-wordpress-site-http-https/

+1
source

More articles:


All Articles