No More HTTP/HTTPS Drama with WP Force SSL

wp force ssl

Sometimes things come in waves. This week, I had to deal with two sites that had both http:// and https:// versions sitting side-by-side. In other words, typing in https://site.com reveals a working SSL certificate, but just typing in site.com takes you to http://site.com, which is still just sitting there, parallel to the identical SSL version, but without SSL protection of any kind.

This is really bad for lots of things:

  1. Security! If site visitors go to the insecure version of the site and then do the kinds of things SSL certificates exist to protect—like enter payment details or personal information—you’re putting them in a gigantic and potentially disastrous security hole.
  2. Analytics and SEO. You’ve got two sites that are potentially getting traffic, making it very hard to trust the analytics and organic search information you’re getting for the SSL site.
  3. Irritation. You can be logged into https://site.com and logged out of http://site.com and have no idea what’s going on.

I bring this last point up because it’s how I realized that this problem existed on one of the sites I had to fix it for:WPShout. For some, reason our URL forwarding breaks every month or two, and so for the last week or two it’s been perfectly possible to type in wpshout.com and end up at http://wpshout.com. Why were we showing as logged-out all the time, we wondered? Now we know.

Okay, so it’s a really irritating problem, but the fix is very simple: WP Force SSL. Install it, activate it, and you’ll never have to worry that people are seeing the insecure version of your site ever again. I finally did this for WPShout yesterday (no idea why I waited), and it worked immediately.

SSL’s not nearly as easy as it should be, unfortunately, but WP Force SSL really does help.


4 Responses

Comments

  • Rob says:

    Why use a plugin and not just an .htaccess snippet to force all traffic to the https site? As long as WP is configured correctly, it’s much easier and one less plugin to deal with.

    • Fred Meyer Fred Meyer says:

      Thanks, Rob! Well, one reason is that that requires that you know .htaccess syntax at least a bit, and does give you avenues for messing up.

      In WPShout’s particular case, I’m pretty sure our .htaccess file is getting periodically rewritten somehow, leading to the problem. Fixing it every two months when it crops up has been a huge headache. So the plugin really is a fix for us.

  • Hi Fred,

    Yes, plugins do come handy. But, I feel that…such tasks are better not handled by novice!

    Besides, a small snippet at the top of .htaccess file shud help force the https.

    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.domainname.com/$1 [R=301,L]

    PS: With or w/o www [Personal Choice]


    Raj

  • Sean says:

    Is there any advantage to WPForceSSL over something like Really-Simple-SLL which writes to .htaccess but also does a javascript redirect as a backup?

Add a Comment

Your email address will not be published. Required fields are marked *