|
Jonathan
|
June 26, 2015 at 4:30 pm
I couldn’t get this plugin you recommend to work (my fault I’m sure – leaving port option blank?) – it would let me log in and view pages but would log me out when wanting to see wp-admin page. I just need SSL on the Checkout etc pages. Is there anything the plugin does I couldn’t do with 301 redirects in a .htaccess page? Using EE4 and Stripe add-on.
Thanks
|
|
Lorenzo Orlando Caum
|
June 29, 2015 at 11:20 am
Hi Jonathan, are you referring to the WP HTTPS plugin? We have a tutorial for getting it setup here:
https://eventespresso.com/wiki/espresso-sslhttps/#setting-up
—
Lorenzo
|
|
Jonathan
|
July 10, 2015 at 2:48 pm
That plugin is “Compatible up to: 3.5.2” and there’s a note on the Dashboard when you install it along the lines of “This plugin mostly still works”. I managed to muck it up.
What improvements can you suggest for the following? (It works but remains on https, whereas I’d prefer it to return to http after purchase.)
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} transactions [OR]
RewriteCond %{REQUEST_URI} registration-checkout [OR]
RewriteCond %{REQUEST_URI} thank-you
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
|
|
Josh
|
July 10, 2015 at 3:10 pm
I generally advise not editing the .htaccess access rules. Returning to http is also not advised because if they return to pay later, they’ll potentially be inputting their payment info on an insecure page. However, if you do not use an onsite payment method, you could change the settings so the Thank You page isn’t secured and set the Force SSL exclusively option to true.
Doing so will likely throw warnings if they’re returning from PayPal though, so please be aware of that.
|
|
Jonathan
|
July 10, 2015 at 3:14 pm
Thanks. Why do you advise against editing the .htaccess file? What plugin would you recommend as an alternative to the out-of-date one?
|
|
Josh
|
July 10, 2015 at 3:53 pm
Why do you advise against editing the .htaccess file?
It’s outside the scope of support.
What plugin would you recommend as an alternative to the out-of-date one?
WordPress https still works better than the other https plugins out there, so no recommendations other than that one. We’ve tried to recommend other ones and found that caused more breakage since they try to throw in the kitchen sink of features instead of simply providing a reliable way to secure posts.
|
