Last active
September 3, 2023 00:05
-
-
Save webaware/4688802 to your computer and use it in GitHub Desktop.
For WordPress, force the protocol scheme to be HTTPS when is_ssl() doesn't work, e.g. on a load-balanced server where _SERVER['HTTPS'] and _SERVER['SERVER_PORT'] don't indicate that SSL is being used. NB: may not be needed now, see SSL Insecure Content Fixer and HTTP Detection: https://ssl.webaware.net.au/https-detection/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| Plugin Name: Force SSL URL Scheme | |
| Plugin URI: https://gist.github.com/webaware/4688802 | |
| Description: Force the protocol scheme to be HTTPS when is_ssl() doesn't work | |
| Version: 1.0.0 | |
| Author: WebAware | |
| Author URI: http://webaware.com.au/ | |
| @ref: http://wordpress.org/support/topic/ssl-insecure-needs-35-compatibility | |
| */ | |
| /* | |
| copyright (c) 2013 WebAware Pty Ltd (email : support@webaware.com.au) | |
| This program is free software; you can redistribute it and/or modify | |
| it under the terms of the GNU General Public License, version 2, as | |
| published by the Free Software Foundation. | |
| This program is distributed in the hope that it will be useful, | |
| but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| GNU General Public License for more details. | |
| You should have received a copy of the GNU General Public License | |
| along with this program; if not, write to the Free Software | |
| Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA | |
| */ | |
| // if site is set to run on SSL, then force-enable SSL detection! | |
| if (stripos(get_option('siteurl'), 'https://') === 0) { | |
| $_SERVER['HTTPS'] = 'on'; | |
| // add JavaScript detection of page protocol, and pray! | |
| add_action('wp_print_scripts', 'force_ssl_url_scheme_script'); | |
| } | |
| function force_ssl_url_scheme_script() { | |
| ?> | |
| <script> | |
| if (document.location.protocol != "https:") { | |
| document.location = document.URL.replace(/^http:/i, "https:"); | |
| } | |
| </script> | |
| <?php | |
| } |
Thanks.
Wow. Added this as a plugin since I was all out of ideas. Have a critical gov site that refused to connect to the WP backend, 'Too many redirects'. Site worked okay, but no admin access.
Created this , restart apache, and holy sausage. It worked. Thank you
I didn't realize I had left my site behind a proxy wall at cloudflare. Found a little better fix in the wp-config file at the top:
define('FORCE_SSL_ADMIN', false);
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks. I ended up adding this as a mu-pluging (adding the script to:
wp-content/mu-plugins/index.php)