Disabling SSL for one page only

The problem: services that don’t support SSL

The best way to go is to get your entire site on SSL. But sometimes, there are services that are not really up to date: they don’t provide an SSL certificate on their service.

Especially iFrames cause this problem. Browsers won’t load a http iframe on a https site. But even if that were possible, like with images, this wouldn’t be a good idea: mixed content errors, insecure page warnings, and so on would flash in front of the user’s eyes, scaring them away. That is why Really Simple SSL changes all these resources to https, forcing them all to load securely.

The result is: when the iFrame is loaded over http, the browser blocks it. When the iFrame is loaded over https, the browser won’t load it because there’s no SSL certificate.

How to solve this?

In most cases, I would try contacting the service provider to try and get them to start providing a service that supports SSL. Simply adding an SSL certificate resolves it in most cases. If that is not possible, you can try disabling SSL for one page.

Solution with a plugin

To do this, I’ve developed a plugin that handles this for you. You’ll have to deactivate the free plugin and then install Really Simple SSL per page. This will give you the option to enable SSL per page explicitly, or, when you use the “exclude pages” option, to set all pages to SSL, except the pages you have selected.

Manual solution

You can also do this manually:

Step 1:

• Activate Really Simple SSL in safe mode
• Activate .htaccess redirect in settings/SSL
• Enable “Stop editing the .htaccess file”

Step 2:

Open an FTP client like FileZilla, and go to the root of your website. Look for the .htaccess file. You may have to enable the “Show hidden files” option.

Open this file (make a backup first), and look for the

# BEGIN rlrssslReallySimpleSSL  comment

Some rows below this comment, you will see something like:
RewriteCond %{HTTPS} !=on [NC]

Right after this entry, insert the following:
RewriteCond %{REQUEST_URI} !/your-page

The end result should be something like:

# BEGIN rlrssslReallySimpleSSL rsssl_version[2.3.8]
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
#this line may be different on other servers
RewriteCond %{REQUEST_URI} !/your-page #add your excluded page here
RewriteCond %{HTTP_HOST} ^domain.com [OR]
RewriteCond %{HTTP_HOST} ^www.domain.com
RewriteRule ^(.*)$ https://%{HTTP_HOST}%/$1 [R=301,L]
</IfModule>
# END rlrssslReallySimpleSSL

This means that the redirect will be used, but this page will be excluded.