Jump to content

Archived

This topic is now archived and is closed to further replies.

Advocate

Problem with SSL protected pages

Recommended Posts

Advocate    3
Advocate

Hello PageLines Experts,


I am having an issue getting SSL pages to display properly as secured pages.  I only want certain pages to be SSL protected; consequently, I am using the WordPress HTTPS plugin Version 3.3.0 (which is activated).  


I have updated versions of PageLines and WordPress.  


I am using the IBlogPro5 theme.


I have saved the permalinks.  


I have reviewed Simon's code here:  


http://www.pagelines.com/forum/topic/20593-https-issue/#entry120071


I have attempted to paste the code to functions.php file of IBlogPro5 file (I am assuming that is where he wants the code) and saved the file.  It didn't resolve the issue; so, I removed the code from the function.php file.  BTW:  I did not see a functions.php file for the WordPress HTTPS plugin.  Perhaps, it is buried somewhere.  


Chrome attempts to display the page but all Pagelines formatting is lost and there is no indicator that the page is secure.  Firefox, IE, and Safari will display the page(s) with correct formatting and with the https:// in the address bar but there is NO "lock" to indicate that the page is secure.  This suggests to me that the page is not secure.  


I do have an SSL certificate from my web host.  It is installed.  When I switch from the iBlogProg5 theme to the generic Twenty Twelve theme the SSL pages display just fine with the https:// AND WITH THE LOCK to indicate that the page is secure.  


Any thoughts?

 

Update:  I reread the above post by Simon:  http://www.pagelines.com/forum/topic/20593-https-issue/#entry120071 and added his code to the functions.php file of the pagelines customize plugin which is active and still I am having no luck.  

 

 

<?php
/**
 * PageLines Customize functions.php.
 *
 * @author Simon Prosser
 */
/*
// ---- ADDING NEW TEMPLATES ---- //
 
    Want another page template for drag and drop? Easy :)
    1. Add File called page.[page-id].php to this folder.
    2. Add Template Name: Your Page Name to that file ( see page.base.php for an example. )
    3. Thats it! We do the rest for you!
    
// ---- ADDING NEW SECTIONS ---- //
 
    Adding new sections is really easy in 2.0
    1. Copy your section.[sectionname].php file into the sections folder
    2. It will be auto loaded for you.
    3. You can now enable/disable the section in the extensions menu.
 
// FILTERS EXAMPLE ---------//
 
    // The following filter will add the font  Ubuntu into the font array $thefoundry.
    // This makes the font available to the framework and the user via the admin panel.
*/
add_filter ( 'pagelines_foundry', 'my_google_font' );
 
function my_google_font( $thefoundry ) {
    $myfont = array( 'Ubuntu' => array(
            'name' => 'Ubuntu',
            'family' => '"Ubuntu", arial, serif',
            'web_safe' => true,
            'google' => true,
            'monospace' => false
            )
        );
    return array_merge( $thefoundry, $myfont );
}
add_filter( 'pless_vars', 'make_ssl_vars' );
   add_action( 'pl_force_ssl', '__return_true' );
    
   function make_ssl_vars( $vars ) {
    
       $vars['plSectionsRoot'] = str_replace( 'http://', 'https://', $vars['plSectionsRoot'] );
           $vars['plRoot'] = str_replace( 'http://', 'https://', $vars['plRoot'] );
       return $vars;
   }
/*
// ====================================================
// = YOUR FUNCTIONS - Where you should add your code  =
// ====================================================
*/
  • Like 1

Share this post


Link to post
Share on other sites
Rob    547
Rob

Hi,

 

Chrome, as opposed to other browsers, has unique and special settings for dealing with SSL.

Here are some links that will explain what to do and how this works.

 

1.  Install SSL Root Certificate for Chrome.

2.  Advanced Security Settings - Chrome

3.  How are Chrome and Firefox validating ssl certificates


Former PageLines Moderator, Food Expert and Raconteur

Share this post


Link to post
Share on other sites
Advocate    3
Advocate

Hello One Smart,


Thank you for taking time to respond to my issue.  I have gone through your example and have the following thing to add:


Chrome and Firefox (as well as IE and Safari) all display the pages as SSL (https:// and with the lock) if I change the theme from iBlogPro5 to a generic WordPress theme (ie Twenty Twelve).  I don't have to go through any special browser setting changes in Chrome or Firefox to get the page to display correctly as long as I am using a basic theme.  Based on what I see in the forums, it looks like there may be some issue with how SSL is handling css, fonts, and/or Java (if Pagelines uses Java) in the PageLines Theme.  I have tried to read Simon's explanations, but I am unable to resolve the issue.  


My issue seems to track very closely to this one which has not been marked as resolved.  I even tried to send this user a private message to see if/how he/she resolved it.  


http://www.pagelines.com/forum/topic/20593-https-issue/

Share this post


Link to post
Share on other sites
Rob    547
Rob

Hi,

 

The majority of topics in our forum remain unresolved or open.  That one isn't too old, so the solution provided should work. If a client doesn't reply for some time, usually they've accepted the solution.


Former PageLines Moderator, Food Expert and Raconteur

Share this post


Link to post
Share on other sites
Advocate    3
Advocate

Hello One Smart,

 

Thanks again for replying.  I still have not heard back from the other poster.  However, my issue remains.  I am able to get correct SSL display (with the padlock) if I use the generic theme.  Once I switch to Pagelines, I no longer get the padlock.  I suspect there is some coding needed to resolve this. 

 

Perhaps, I can ask more generically, "How do most people secure their pages?"  The site is hosted with GoDaddy (one of the largest hosts).  The SSL is from them.  It is installed by them.  I would like to secure certain pages on the site using a Pagelines theme (again I can secure any page if I use the Twenty Twelve theme without an issue).

 

I am no Pagelines/design/CSS expert, but my minds eye is telling me that the some "insecure" elements are being passed when I implement the Pagelines theme.   I tried to follow Simon's work around (code).  I even included a copy and paste of the file (above).  Still, I am stumped.  

 

Do you all have a white paper on implementing SSL on certain pages?  I would think this would be a pretty standard request (for forms, wp-admin logins, etc...).  

Share this post


Link to post
Share on other sites
mackenzie    12
mackenzie

Have you heard back from the poster or from another staff member directly?


Mackenzie - PageLines Help Desk

The Centsible Family - Writer, Photographer and Coffee Addict

---------------------------------------------------

Kindly search this forum and read the documentation before posting. It will help you resolve many issues.

For CSS help be sure to check out W3Schools first and be sure to download FireBug for FireFox for troubleshooting.

Share this post


Link to post
Share on other sites
Simon    247
Simon

Please provide a URL for the site with the problem, your private support URL just redirects to godaddy.

Im assuming your site is https://www.mycomputervirus.com/sample-page/ from open tickets and now even posts on the wordpress forums.

If this is the site in question then the reason the css is not included on chrome is that the https:// css url is redirected by your server to http:// so the browser sees it as a 404.

 

Firefox is intelligent enough to ignore this server misconfiguration.

 

So in closing, you need to make sure that the css can be loaded as a https://

This is a server misconfiguration.

 

If the site is fully SSL then the framework will make all urls https:// 

Share this post


Link to post
Share on other sites
CNVI    1
CNVI

We've having a similar problem on a site we just updated to Pagelines 2.4 / iBlogPro 5.1.1.  

 

It's displaying correctly in Safari / Firefox, but the sidebar's and footer boxes are stacking below the content -- as if the page things it's displaying on a mobile browser.

 

W3C validated correctly, have tried disabling all plugins.

 

https://www.txtdirector.com

Share this post


Link to post
Share on other sites
catrina    103
catrina

@cnvi Please post your issue in a new topic so that we don't get solutions and responses mixed up. :)


Please read the docs before posting. Please do not private message me unless I ask you to.

Designer | Catrina Dulay

Founder | Catrina and Mouse

Share this post


Link to post
Share on other sites
Advocate    3
Advocate

Thank you Simon and MacKenzie for taking a look.  

 

Yes, the site in question is:  http://www.mycomputervirus.com

 

I would like to be able to make certain pages SSL (encrypted) - not the entire site.  

 

I have added another page.  The original Sample Page still keeps the SSL and I am unable to get that page to load correctly.  The new page that I have added (Another Sample Page) does not have SSL on it and loads correctly.  If I use another Framework/theme combination (ie Studio Press), the site works fine (meaning I am able to SSL protect individual pages).  The site also works fine if I use the Generic Twenty Twelve theme from WordPress.  

 

Simon, I am using GoDaddy as my webhost.  I am willing to accept you position that it is "server misconfiguration".  Though I have talked with them several times, I am more than willing to talk to them again.  When I call them, what exactly should I say (or ask of them) to resolve this?  "I need to be able to load css using https:// please configure the server accordingly."  Would that do it or is there something else I should be asking?  Again, the end result is:  I want to SSL protect certain pages (like I can in Twenty Twelve or Studio Press) not the entire site.  Though I would like to get this resolved using GoDaddy, it is for a client site, does your hosting services automatically allow what it is I am trying to do.  If so, I will push other clients your way b/c the time and effort I have spent trying to resolve this is more than I can stand to do again.  :)  

Share this post


Link to post
Share on other sites
Simon    247
Simon
PersonofInterest If you look at the source of your page.. I'll use screenshots here so you can see... http://screencast.com/t/1lLmSdx9

 

 

cnvi Yes your problem is identical, view the source of your page, click the css link and watch the browser be redirected to non-ssl.

Share this post


Link to post
Share on other sites
Advocate    3
Advocate

CNVI - if you need to contact me, please private message me.  Also, please share your webhost.  I have looked in the GoDaddy forums for CSS/SSL/WordPress issues and have not found much.  Unfortunately, I don't have much to share in the form of solutions, but I will gladly share ALL that I have done in hopes of saving you some time.  No stone has gone unturned.  Good luck.  

Share this post


Link to post
Share on other sites
Simon    247
Simon
cnvi is your site set to SSL in the wordpress main settings? If your whole site is supposed to be ssl you dont need a plugin, just change the site url to https:// and EVERY url will respect it automatically.

Share this post


Link to post
Share on other sites
Advocate    3
Advocate

Hello Simon,

 

As you have seen, I have also posted to the WordPress forum about the WordPress HTTPS plugin.  

 

That said, I have disabled that plugin (as I did with your tech support last night).  When I do that, I get a partially encrypted page, but the page does keep the formatting which is better than before.  

 

Also, when I double click on the css URL that you highlighted in your screen shot (above), the css now remains https://

 

My question now is:  How do I go about encrypting those elements that aren't presently encrypted?  

Share this post


Link to post
Share on other sites
Simon    247
Simon

I just looked and I see no change, if your going to disable something at least give us a chance to see it too.

 

Just add this to the customize plugin functions.php:

 

 

 

add_filter( 'pless_vars', 'make_ssl_vars' );
add_action( 'pl_force_ssl', '__return_true' );
    
function make_ssl_vars( $vars ) {
    $vars['plSectionsRoot'] = str_replace( 'http://', 'https://', $vars['plSectionsRoot'] );
    $vars['plRoot'] = str_replace( 'http://', 'https://', $vars['plRoot'] );
    return $vars;
}
 

Then click flush css, or click SAVE on any PageLines admin page. This will rebuild the css cached file.

Share this post


Link to post
Share on other sites
Advocate    3
Advocate

Hello Simon,

 

Thanks for all of your help.  When I said I disabled WordPress HTTPS, I did it then and I never re-enabled.  It is still disabled.  When I look at the Sample Page I do see a change like I saw last night when I disabled it temporarily.  Now (like last night), I have ALL formatting intact, but I have partial encryption.  I would like to have complete encryption of the page.  

 

I went into the PageLines console and randomly saved several things (in hopes of flushing the css).  I have also added the code that you suggest and now my customize pagelines functions.php file appears as follow (between the comment outs), but I still have partial encryption:  

 

 

*/
add_filter ( 'pagelines_foundry', 'my_google_font' );
 
function my_google_font( $thefoundry ) {
    $myfont = array( 'Ubuntu' => array(
            'name' => 'Ubuntu',
            'family' => '"Ubuntu", arial, serif',
            'web_safe' => true,
            'google' => true,
            'monospace' => false
            )
        );
    return array_merge( $thefoundry, $myfont );
}
add_filter( 'pless_vars', 'make_ssl_vars' );
add_action( 'pl_force_ssl', '__return_true' );
     
function make_ssl_vars( $vars ) {
    $vars['plSectionsRoot'] = str_replace( 'http://', 'https://', $vars['plSectionsRoot'] );
    $vars['plRoot'] = str_replace( 'http://', 'https://', $vars['plRoot'] );
    return $vars;
}
/*

Share this post


Link to post
Share on other sites
Simon    247
Simon

The css is all https:// now. If you view the source of your page and search for http:// you'll find the favicon and the logo, both these need to be changed to ssl if your going to use them.

Share this post


Link to post
Share on other sites
Advocate    3
Advocate

Hello Simon,

 

I think we (really you) may have done it.  I want to do a couple more tests this evening.  Assuming all goes well and I expect that it will, I will mark this thread as closed.  No matter what my testing tonight shows, thanks for your help today.  

Share this post


Link to post
Share on other sites
Advocate    3
Advocate

Hello Simon,

 

I have tested and retested and found that with your help I can I get the page to display securely.  For that, thanks.  However, every hyperlink after that becomes SSL encrypted (which I don't want).  For example, if you picked Menu 1 b (under 1 a) and went to the address bar and put in the https:// prefix, the page will secure without issue, but if you scroll over (or click on) any of the other menu items they too are now encrypted.  How can I have a specific page encrypted, but if I click on anyone other menu item, those other menu items display as unencrypted (like I would be able to do with WordPress HTTPS and another theme like the generic Twenty Twelve)?  

Share this post


Link to post
Share on other sites
Simon    247
Simon

Reason is simple, your letting WP create your menus automagically for the pages... 

 

 

If you create a menu, then assign it you can make the links whatever you want. http:// or https://

Share this post


Link to post
Share on other sites
Advocate    3
Advocate

Works perfectly.  You can mark this closed again for extra emphasis!

Share this post


Link to post
Share on other sites
linesonpages    0
linesonpages

I don't understand at all why Simon's solution does not work as a "complete" solution. Yes, it corrected some of the problems with the links to CSS, yet it leaves others broken, such as the include to:

 

http://www.mydomain.com/wp-content/themes/pagelines/sections/navbar/navbar.js?ver=3.5.1

 

Why on earth wouldn't it fix that?

 

Also it leaves this include non-ssl also:

 

http://code.jquery.com/jquery-1.9.1.min.js

 

Why would the solution correct many of the http links but not ALL of them?

 

Where would one go within pagelines to manually change the code structure on those links to remove all protocol reference, like they should have been done to start with?

 

Thanks.

Share this post


Link to post
Share on other sites
TourKick (Clifford P)    1
TourKick (Clifford P)
For others viewing this post, depending on your hosting and SSL setup, this may benefit you: http://www.pagelinestheme.com/pagelines-dms-ssl-https-wp-engine/

Share this post


Link to post
Share on other sites

  • Similar Content

    • SaschaM
      By SaschaM+
      hi
      i wanted to point out at this time, that i am very very very happy with platform 5. (before i used DMS and others) as some ppl talking here some things are not working, i can say the opposite working on my Web:
      1. UberMenu
      is running fine, without shortcodes or "tricks" necessary - it runs out of the box with no problems in a few clicks configured. also further ubermenu plugins 100%
      2. Shift Nav
      As a further extension of UberMenu - also runs fine out of the box with a few clicks. also combine with ubermenu no problem (Ubermenu for normal nav, shift nav for mobile)
      3. https / SSL

      I user commodo instant ssl and everything runs fine (10 minutes installation) - no mixed content errors nothing everything very smooth :-). Google SERPS have been updated to https URLS wihtin 1 day(!)
      4. MaxCDN
      I use MaxCDN for sitespeed as i implemented also video backgrounds. it runs perfect with wp supercache
      5. Nginx
      I also run nginx on my webspace, also with that there a no problems with platform 5. I also use nginx streaming for video files, works perfect.
      For all points there a no functions codes necessary or implement shortcodes - it runs out of the box and makes it easy for everybody, whos a little firm in technical matters. Some guys here in the forum make it really complicated :-)
      I am working with pagelines around 5 years now, and platform 5 / framework 5 is the best tool ever
      BUT i am missing to configure site headlines h1-hx as in DMS possible easy way. It was a great way to make seo sitestructure. now there are lots of empty headlines or headlines or jumped over. in seo this causes errors in sites structure. this should be reworked.
      if you have any questions on pl5 with 1.-5. just ask me here....
      regs, 
      Sascha Mühlen
       
       
       
    • social_biz
      By social_biz
      I am trying to get iBlogpro6 running under https. All is fine but I am getting a mixed content warning:
      Mixed Content: The page at 'https://s11r.co/' was loaded over HTTPS, but requested an insecure stylesheet 'http://s11r.co/content/uploads/pagelines/compiled-css-core-1464872768.css'. This request has been blocked; the content must be served over HTTPS. The compiled css file are delivered in http not https. I tried toi delete them several times but the error is still there.
      Do I need to fix something in the theme folder? What? Where?
    • danigurgel
      By danigurgel
      Hello,
      I have a connection issue with my Pagelines Platform 5 Installation:
       
      I have already tried inserting define( 'PL_SSL_NO_VERIFY', true ); into my wp-config.php file. Did not solve it.
      I am unable to solve it as explained in the "Readme first" posts, because the hosting service refuses to whitelist those domain/IPs listed. 
      I am able to manually download any files I might need to, though. It is only my wordpress installation that cannot connect to those servers, not my computer.
       
      So my question is pretty straightforward: Is there any way I can bypass adding the account and add any new plugins, extensions and updates manually? It would be my best choice, I guess.
      Thanks
    • zabby
      By zabby+
      Hello! Looking for some help with an SSL issue. Just moved this existing site over to DMS and the SSL pages are loading funky: https://www.fullmanfirm.com/update-payment-information/
      I've disabled a bunch of plugins and tested to see if the header was the issue with no luck. The forms plugin for these pages is using Gravity Forms.
      Any help would be very much appreciated.
    • dario
      By dario+
      Hi,
      I switched to SSL and am having issues with my custom fonts. I did search the forum and followed some old threads but none of them seemed to change things.
      Using whynopadlock.com on https://www.sightsize.com/, results in 39 insecure items.
      All take the form of:
      Insecure URL: http://www.sightsize.com/wp-content/themes/sightsize/fonts/HelveticaNeue.eot
      Found in: https://www.sightsize.com/wp-content/uploads/pagelines/compiled-css-core-1456973700.css
      All the custom fonts (CSS and LESS fallback) are coded like so: src: url('@{plChildRoot} . . .
      Any ideas on how I might solve this?
×