I have a website that I'm working on to pass from http to https. A month ago, I've went through all pages on the website and changed the links in the page's content using the Wordpress CMS back-end editor. When I typed https:// in the address, I could see on the console a lot of Mixed Content errors related to links on files that I don't access to, so I passed this all to the back-end guy in my company to deal with.
Today, someone pointed out that the website is still not secure and if you type https:// it will default to http://. I've tried doing this in Chrome, Firefox and Internet Explorer, and them all default back to http://. The person that pointed this problem said that, since we already have the certificate, this should be happening because some part of the website is still not secure.
How can I find where is this issue happening?
You will need to enable the secure site feature from your hosting first the "SLL", but since you mentioned it is already enabled. then you will need to use a plugin to enforce the secure website on all pages, you can try https://wordpress.org/plugins/really-simple-ssl/
Related
This is a peculiar one.
I work for an agency, and we develop WordPress and JAM Stack sites for our clients.
I have been contacted by the IT team for one of the clients (an NGO), and they flagged something that I have not seen before.
NOTE: I am going to be using example.org as the website, to protect the identity of the client.
Basically, we developed a WordPress site for them, which works great and all, but as it turn outs there is a page on the website which points to a totally different website
The example page is as follows
example.org/news/points-to-different-website/
The news page doesn't exist in anywhere on WordPress system, and neither does it exist as a custom post type.
And another thing, I noticed is when I removed the / at the end of the URL, it shows the custom 404 page developed for the website
example.org/news/points-to-different-website
But as soon as you add the /, it shows a totally different website.
I have checked all the Apache configuration files related to the site, and it is just the normal setup for any WordPress site.
So, I am wondering what could be causing this, and how can one prevent it?
That's a strange issue. Does example.org/news/points-to-different-website/ actually redirect to another full URL, i.e. differentwebsite.com, or is the different site actually at example.org/news/points-to-different-website/?
Try
emptying the trash for both pages and posts, as there could be a conflicting slug that is causing a redirect.
Reset permalinks.
Using PHPMyAdmin, search the database for the URL points-to-different-website and see if there is malware or some kind of a redirect, an iFrame, etc.
This can sometimes happen if the server hostname is not set up correctly.
What can happen is website on the server will show in place of a non-existent site or page from another website on the same server.
If you are using a reseller hosting/shared hosting, then the site could be from another account on the server, the site could also be from another server, for example:
There are 2 servers with the hostnames serverone.myserver.com and servertwo.myserver.com... A site on serverone might show in place of a site or page on servertwo.
I just migrated the my website from my old domain to new domain. Its migrated but when I am clicking on something like pages or category its redirecting me to the old site with this error:
The site can't provide a secure connection. shopskart.in sent an invalid response. ERR_SSL_PROTOCOL_ERROR
Screenshot of error message
I also did these changes in wp-conf and wp-options but still I am getting same issue. Someone said its because its forcing site to https due to SSL I had but now I don't have SSL and don't want one right now.
You probably copied the old SSL file to your new site, and it's still active. You should disable it. Also check if there's any setting (in backend or database) pointing to https in stead of http, since you won't be using a secure connection anymore (Why not? You should!). Check the htaccess file as well! If the problem still occurs try clearing your browsercache.
From where i can find the ssl file. Or code. Actually the website was created by my developer and now he refused to give the data when i asked him. So i migraded using wp plugins and dont know where he pasted the ssl certificate.
I have a really strange issue with the WordPress website with I'm working with
Under this research:
Best Barber Shop in Stillorgan
Our website appears with this link
https://mensgrooming.ie/contact-us/
The problem is that we don't use HTTPS but HTTP....
I tried to redirect in .htacces but is not working, how can I do?
The problem is probably not with your site, but with how Google sees your site. Most likely, there are one or more websites out there that link to your website using a url prefixed with https. You can verify this using google's webmaster tools: https://support.google.com/webmasters/answer/55281?hl=en
My first suggestion would be to just get an ssl cert for your site. But if you are committed to not using ssl, then you should find the sites that are linking to you using https and request that they use http instead. It won't change the links that Google uses right away, but eventually the https links to your site will sink in the ratings.
I've got this weird problem on one of my Wordpress sites and I hope you all could help out.
I have a this Wordpress site set-up and working correct. It has a SSL certificate so the URL is https://www.example.com.
Now if I add a link to one of my pages like this http://www.example_2.com it automatically changes the link to the https:// protocol. Which I find really strange because the link is literally <a href="http://www.example_2.com">.
Does anyone know why the link becomes https:// instead of the normal http:// protocol? Because my link is now giving an error when I click on the link and get send to the linked site.
I have googled this issue but it only give me results for how to configure your site for SSL (https://) and not for the issue I'm having...
Thanks in advance.
Your site probably is configured to immediately 302-redirect http requests to https.
What happens if you hit that site directly from your browser at http://www.example_2.com/ ? does it also bounce to https?
There is some chance your example_2.com site has enabled strict transport security. Read this. https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet
A lot of people are using links of the form
href="//www.example_2.com"
instead of
href="http://www.example_2.com"
these days to avoid this sort of confusion, and avoid mixed-content complaints. You might want to consider that. It's especially useful when you pull stuff from content delivery networks.
I've migrated my Wordpress blog to OpenShift recently. It works perfect until when you try to add a custom domain alias to your installation.
The OpenShift URL for my blog is blog-latifetunc.rhcloud.com
I added the following URL as alias: blog.latifetunc.com
(Sorry I couldn't attach images since I don't have enough reputation points. Instead I put links to images. This is my first question in StackOverflow.)
http://www.alpertunc.com/q1.png
I successfully added the CNAME record for my domain to point blog.latifetunc.com to blog-latifetunc.rhcloud.com in GoDaddy
http://www.alpertunc.com/q2.png
The problem pops up when I try to reach my blog with this alias. It says:
Safari can't verify the identity of the website "blog.latifetunc.com".
The certificate for this website is invalid. You might be connecting to a website that is pretending to be "blog.latifetunc.com", which could put your confidential information at risk. Would you like to connect to the website anyway?
(I can't even post more than two links without 10 reputation points :( So please put the above URL in front of below images as well.)
q3.png
If you click "Continue" it works fine but this alert is very scary for many users. I searched for hours for a solution with no luck. I considered buying a security certificate as well but then I thought this blog was working with an alias in its previous installation too. However we never had such an alert in browser while visiting either via the main domain or the alias.
The previous installation was on IIS and the binding were as following:
q4.png
Then when my brain was about to explode I found out that the alert is due to https. When I checked Settings from my Wordpress dashboard I realised that somehow OpenShift installs Wordpress on https and sets the permalinks to https.
q5.png
In fact whatever you type that points to *.rhcloud.com is converted to https. I know that because I added the CNAME for www.latifetunc.net to point to blog-latifetunc.rhcloud.com as well but didn't add the alias in OpenShift Applications. So www.latifetunc.net resolves to blog-latifetunc.rhcloud.com but since there is no alias defined (hence there is no vhost entry in Apache) it gives error. But even that error is in port 443!
q6.png
My main problem is to get rid of the certificate error while visiting my blog via my alias domain name. I really appreciate any help on that one.
My related question is that why on earth permalinks start with https on OpenShift Wordpress installation? If I can solve that, probably I'll solve my main problem as well.
Thanks a lot!
I checked blog.latifetunc.com on safari,chrome,firefox, and opera and I didn't get any warnings so you much have figured out a solution. However for others who may stumble across this I've provided some information:
By default OpenShift applications accept traffic on both http and https. So if you're wanting to have a custom domain but aren't worried about ssl than you can simply just use the http connection to your application (http://myapp.com). If you are wanting to apply a SSL certificate and you're on one of the plans that allow it (bronze or silver). The documentation to apply it, is in the SSL Section of the OpenShift Online User Guide.