- This topic has 9 replies, 2 voices, and was last updated 4 years ago by JJ.
- July 21, 2016 at 10:20 pm #12783JJGuest
Hi, I just got an SSL certificate and installed the plugin. I can see my site securely if I manually type in HTTPS… but I’d like for all visitors (and eventually Google) to use HTTPS. How do I make that happen – is there a way to force all traffic to be secure?
I have the premium version. The scan shows all green checkmarks, but Google searches still go to plain-old HTTP.
Also, I can’t access my WordPress dashboard using HTTPS – it goes to a “not found” error. So when I’m looking at plugins (with HTTP), I see the message “No SSL was detected. If you do have an ssl certificate, try to change your current url in the browser address bar to https.” Of course, if I add the “S” I get the not found error…
Thanks for any ideas!July 21, 2016 at 10:44 pm #12784
After you get the not found error, is ssl enabled?
Did you try to deactivate any caching or security plugins you might have?
Can you post your htaccess as well?July 21, 2016 at 11:07 pm #12785JJGuest
I may have just found something (thanks to your questions leading me down the path…).
In configuration I see
error No SSL detected.
warning HTTP Strict Transport Security was not set in your .htaccess. Enable HSTS
error The native WordPress function is_ssl() returned false
success Great! Your scan last completed without errors.
** Will enabling HSTS fix all this?
Now to the answer I was typing before I saw that:
Thanks – to the first question (is ssl enabled?) I think the answer is yes. I can visit my site securely if I type in HTTPS…
The security I have is iThemes Security (and Jetpack is installed, it could be doing something too…). I’m of course hesitant to disable security. Do I just disable for a few minutes or what?
I don’t know where my htaccess is (I have no clue what I’m doing….) but I’ll Google that and look some more.
Thanks again!July 21, 2016 at 11:25 pm #12786JJGuest
OK I just emailed the htaccess content (I think) to you through this site’s Contact page. You might find that in a spam folder – it seems to list a bunch of blacklisted sites and such.
Thanks again!July 22, 2016 at 6:52 am #12788
Hsts should only be activated if all is working well, so wait a bit with that.
Normally, when the admin is loaded over ssl, you get the option to enable it through the plugin. This configures your site for ssl. So it is not enabled currently.
I would try to disable Ithemes, and as much plugins as you can, then try again. If that helps, you can enable the plugin, then activate the plugins again one by one.July 22, 2016 at 6:59 am #12789
Just checking: as I understand it you only get the 404 on the admin pages right?July 22, 2016 at 3:38 pm #12805JJGuest
Thank you. That is correct – I only get 404 on the admin pages.
I did change the “default” admin login page for security. But everything else seems to still happen in “wp-admin”. For example, plugins are at http://DOMAINNAME.com/wp-admin/plugins.php.July 22, 2016 at 4:03 pm #12806JJGuest
OK I think it works – I disabled iThemes and your plugin instantly showed a button for something like “Enable SSL”. Re-enabled iThemes and everything seems to be working fine.
Now I’m in business – the admin pages are HTTPS, and a visit from a Google search is also HTTPS.
Thank you!July 22, 2016 at 4:08 pm #12807
I think you have a setting in iThemes that causes this. It might be a force ssl setting, or something like that. I also use iThemes on several sites, with the option to change the login url as well, without issues. So you can use iThemes without issue, if you can find the setting that causes this. Please post it if you find it!July 22, 2016 at 8:09 pm #12819JJGuest
I’d tell you if I knew, but I’m in over my head with this stuff already (I can’t do much more than check boxes and click buttons). Just happy it’s working now – thanks again!
- The topic ‘Just starting with SSL – how to make everything secure’ is closed to new replies.