Force SSL Plugin

November 3rd, 2005 by Trevor

We're rather pleased to announce our second plugin for the famed Wordpress semantic publishing system. It's called Force SSL, and it's a handy little thing. For those will an SSL certificate, this plugin forces an HTTPS connection for security purposes.

Click here for the plugin »

Perhaps you're interested in the PHP scripting technique that makes all of this possible? Maybe you don't feel like taking a look at the source code, and you'd like a little help right quick?

Force SSL simply redirects requests made via regular old http to requests for trusty new https, and that's about it. Here's the PHP code that makes this possible, with some small changes to allow it to run from outside of Wordpress:

if($_SERVER["HTTPS"] != "on") {
	$newurl = "https://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
	header("Location: $newurl");
	exit();
}

One could, if one wanted, place this snippet in their header and find that a user wouldn't be able to, say, remove the s from their browser address. That would mean that your content would only be available via an SSL connection - provided that you actually have an SSL certificate and whatnot.

Comments

Posting code? Please use Pastie.

Have a question? Please visit the Forum.

3 Comments

  1. [...] Force SSL è un plugin che effettua un redirect al protocollo HTTPS invece di usare connessioni HTTP. Idea interessante per coloro che necessitano di maggiore sicurezza e dispongono di un certificato SSL. [...]

    Pingback by WordPress Italy » Blog Archive » Plugin WordPress: Force SSL on November 5, 2005

  2. Hello,

    I was trying your plugin Force SSL with no luck. I like to have only one page inside wordpress secure for a checkout. The problem is IE as it gives me the message “Do you want to display the non secure items as well”.

    Is there any way to avoid that? When I look into it than I see that the image files for the header and footer loaded from http even the page is https.

    Thomas

    Comment by Thomas on October 26, 2006

  3. I would prefer that you keep support questions in the forum. I hate it when people try to support plugins in their blog comments, because you can’t keep track of anything that way.

    However, this problem is a very and common one! You should check your page more closely to make sure that there are no images being called up without “https”.

    In your case, I’m seeing a lot of images being called up with non-ssl Amazon.com stuff. I’d start by double-checking that, and then diving deeper into your source code. As far as I know, using non-ssl stuff like images (any maybe css? i’m not sure.) on your page is the only possible source of this problem.

    Good luck, sir!

    Comment by Trevor on October 26, 2006

Forum

El Dorado

Looking for Work?

LifeSnapz is Hiring