Force SSL Plugin

Posted by Trevor in Wordpress on November 03, 2005
5 Comments

We're rather pleased to announce our second plugin for the famed Wordpress semantic publishing system. It's called Force SSL, and it's a handy little thing. For those will an SSL certificate, this plugin forces an HTTPS connection for security purposes.

Click here for the plugin »

Perhaps you're interested in the PHP scripting technique that makes all of this possible? Maybe you don't feel like taking a look at the source code, and you'd like a little help right quick?

Force SSL simply redirects requests made via regular old http to requests for trusty new https, and that's about it. Here's the PHP code that makes this possible, with some small changes to allow it to run from outside of Wordpress:

if($_SERVER["HTTPS"] != "on") {
	$newurl = "https://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
	header("Location: $newurl");
	exit();
}

One could, if one wanted, place this snippet in their header and find that a user wouldn't be able to, say, remove the s from their browser address. That would mean that your content would only be available via an SSL connection - provided that you actually have an SSL certificate and whatnot.

5 Comments

 WordPress Italy » Blog Archive » Plugin WordPress: Force SSL

[...] Force SSL è un plugin che effettua un redirect al protocollo HTTPS invece di usare connessioni HTTP. Idea interessante per coloro che necessitano di maggiore sicurezza e dispongono di un certificato SSL. [...]

November 5, 2005
 Thomas

Hello,

I was trying your plugin Force SSL with no luck. I like to have only one page inside wordpress secure for a checkout. The problem is IE as it gives me the message “Do you want to display the non secure items as well”.

Is there any way to avoid that? When I look into it than I see that the image files for the header and footer loaded from http even the page is https.

Thomas

October 26, 2006
 Trevor

I would prefer that you keep support questions in the forum. I hate it when people try to support plugins in their blog comments, because you can’t keep track of anything that way.

However, this problem is a very and common one! You should check your page more closely to make sure that there are no images being called up without “https”.

In your case, I’m seeing a lot of images being called up with non-ssl Amazon.com stuff. I’d start by double-checking that, and then diving deeper into your source code. As far as I know, using non-ssl stuff like images (any maybe css? i’m not sure.) on your page is the only possible source of this problem.

Good luck, sir!

October 26, 2006
 Scott Kingsley Clark

I suggest that the opening statement in the function be:

if(!isset($_SERVER["HTTPS"])||$_SERVER["HTTPS"]!=”on”)

instead of:

if($_SERVER["HTTPS"]!=”on”)

so as to not pull errors (in error reporting) if it’s not set (in some configurations it won’t set this if it’s not in SSL mode).

January 7, 2009
 Scott Kingsley Clark

I also suggest that you list your plugin within WordPress’s Plugin site to maximize your exposure.

January 7, 2009

Leave a comment

WP_Big_City