639 points
Community rank #81
troykd
ExpertSuper Volunteer
MemberLikes (0)
My Upgrade page http://mysite.com/pro-sites is now resolving as an https (secure) page. This appears to have happened since the latest update to Pro Sites. Consequently it's giving security warnings on non-secure images (like the ShareThis bar).
My subdomain sites are also being served https and warning about certificate errors. I don't have a subdomain SSL. I'd have to setup each subdomain with it's own IP and Cpanel.
I have an SSL cert. The issue, it seems, is now everything is https after login. It didn't use to be that way. It screws up the subdomains as well as they are not part of the primary SSL cert.
Turned off paypal pro in the settings and it went away (as expected).
This appears to have come up with the last update. For clarification, I have an SSL Certificate installed on the server/domain and have an active PP pro account.
8421 pointsCommunity rank #4Supreme DeityWPMU DEV StaffLifetime member
Lead Developer
(joined May 2009)
Likes (0)
This is how it works. You need a cert for the main site to use pro. Nothing has changed there. Perhaps you had it in sandbox mode which doesn't require SSL?
As far as what was fixed is the visit your site link after checking out was https which as you know throws an error if your cert is not wildcard. That was fixed in 3.0.7.
As far as insecure resources, your theme and sometimes plugins have to be modified to properly support ssl. Or an easier thing what we did on edublogs is assign a custom page template to that page. Then we could just hardcode all the assets to https.
Hi Aaron,
I have the cert installed and working.
Not in sandbox
Theme is Blogs MU
This wasn't a problem until a few days ago and it really is distracting for any visitors. I wouldn't want to use the site as a user with the warnings. I started to try to make it work by making the images on the checkout page all https, which helped a lot but then realized that ALL pages were getting served secure after login and it created just large number of security warnings.
Have you tested on a PP Pro site since last update?
8421 pointsCommunity rank #4Supreme DeityWPMU DEV StaffLifetime member
Lead Developer
(joined May 2009)
Likes (0)
Yes. Optimizing for SSL is something you have to do yourself. Pro sites can't handle it as it usually means theme edits. Usually it's not practical to make every theme page ssl ready, which is why I recommended the page template. You need to make sure all assets are loaded https, and additionally that all links off of that page are http, not https. Any links that pro sites creates off the page are http.
Usually that means hardcoding your header and footer as many plugins don't respect ssl when loading CSS and js. Also dynamic nav menus may use https links, so hardcoding fixes that. It generally a good idea to simplify checkout pages anyway, with a minimum of distractions and links away from the page.
Phil said this was an issue they identified a few days ago. It started a few days ago. This is something new which says it's not normal behavior. I would have seen this when I first started using PP pro not just now.
It's not just checkout pages. Once logged in, the admin areas are also tossing the errors and many pages that should not be secure.
Did you try PP Pro and the new pro sites update????
8421 pointsCommunity rank #4Supreme DeityWPMU DEV StaffLifetime member
Lead Developer
(joined May 2009)
Likes (0)
Took a look, and just as I said you need to make a page template for your checkout page. For users to get errors you have to be directing them to their subdomain with a https link. Make sure any links off that page, especially to their subdomain are http, not https.
Aaron, thanks for looking into that. I appreciate it.
Doing that is beyond my skill level at this time. I did find what appears to be a work around.
I installed the WordPress https plugin. Checked the new 'force ssl' box on the checkout page. It was still showing not completely not secure. I then deactivated the Slick Social Share Buttons plugin. Now it's showing secure in all browsers. The http links are staying http too.
Responses (18)
Member (joined July 2011) Likes (0)
Once I login to admin, everything is getting served securely (front and backend) including the Dashboard.
Sales & Support Pro (joined March 2010) Likes (0)
Hiya!
Are you using any SSL related plugins, or PayPal Pro for payments?
Thanks,
Phil
Member (joined July 2011) Likes (0)
My subdomain sites are also being served https and warning about certificate errors. I don't have a subdomain SSL. I'd have to setup each subdomain with it's own IP and Cpanel.
Help!
Member (joined July 2011) Likes (0)
Phil, I'm using PayPal Pro
Sales & Support Pro (joined March 2010) Likes (0)
As far as I remember, PayPal Pro requires SSL so that may well be the issue here. Let me check on that...
Member (joined July 2011) Likes (0)
I have an SSL cert. The issue, it seems, is now everything is https after login. It didn't use to be that way. It screws up the subdomains as well as they are not part of the primary SSL cert.
Member (joined July 2011) Likes (0)
Turned off paypal pro in the settings and it went away (as expected).
This appears to have come up with the last update. For clarification, I have an SSL Certificate installed on the server/domain and have an active PP pro account.
Sales & Support Pro (joined March 2010) Likes (0)
Ah - I believe this is an issue that we've actually identified in the last few days actually.
Keep an eye out for the next version of Pro Sites which should fix this.
Thanks
Member (joined July 2011) Likes (0)
Thanks Phil. Is there a thread on this I missed?
Lead Developer (joined May 2009) Likes (0)
This is how it works. You need a cert for the main site to use pro. Nothing has changed there. Perhaps you had it in sandbox mode which doesn't require SSL?
As far as what was fixed is the visit your site link after checking out was https which as you know throws an error if your cert is not wildcard. That was fixed in 3.0.7.
As far as insecure resources, your theme and sometimes plugins have to be modified to properly support ssl. Or an easier thing what we did on edublogs is assign a custom page template to that page. Then we could just hardcode all the assets to https.
Member (joined July 2011) Likes (0)
Hi Aaron,
I have the cert installed and working.
Not in sandbox
Theme is Blogs MU
This wasn't a problem until a few days ago and it really is distracting for any visitors. I wouldn't want to use the site as a user with the warnings. I started to try to make it work by making the images on the checkout page all https, which helped a lot but then realized that ALL pages were getting served secure after login and it created just large number of security warnings.
Have you tested on a PP Pro site since last update?
Thanks!
Lead Developer (joined May 2009) Likes (0)
Yes. Optimizing for SSL is something you have to do yourself. Pro sites can't handle it as it usually means theme edits. Usually it's not practical to make every theme page ssl ready, which is why I recommended the page template. You need to make sure all assets are loaded https, and additionally that all links off of that page are http, not https. Any links that pro sites creates off the page are http.
Usually that means hardcoding your header and footer as many plugins don't respect ssl when loading CSS and js. Also dynamic nav menus may use https links, so hardcoding fixes that. It generally a good idea to simplify checkout pages anyway, with a minimum of distractions and links away from the page.
Member (joined July 2011) Likes (0)
Phil said this was an issue they identified a few days ago. It started a few days ago. This is something new which says it's not normal behavior. I would have seen this when I first started using PP pro not just now.
It's not just checkout pages. Once logged in, the admin areas are also tossing the errors and many pages that should not be secure.
Did you try PP Pro and the new pro sites update????
Member (joined July 2011) Likes (0)
Is this a known issue that is getting fixed like stated above?
I'm not sure what I should do now. I'm tempted to roll back the Pro Sites update.
Lead Developer (joined May 2009) Likes (0)
Yes, and was fixed in 3.0.7, the https link issue I stated above.
Again, this is not an issue with the pro sites plugin. You have to follow my suggestions to optimize your theme.
And yes we are using it on edublogs.org with no problems.
If you need specific help with my suggestions you can provide a link to the page.
Member (joined July 2011) Likes (0)
Aaron, Email sent with link.
Thanks
Lead Developer (joined May 2009) Likes (0)
Took a look, and just as I said you need to make a page template for your checkout page. For users to get errors you have to be directing them to their subdomain with a https link. Make sure any links off that page, especially to their subdomain are http, not https.
Best practice though would be to present them with very few links on that page though that would take them off of it.
http://codex.wordpress.org/Pages#Creating_Your_Own_Page_Templates
Member (joined July 2011) Likes (0)
Aaron, thanks for looking into that. I appreciate it.
Doing that is beyond my skill level at this time. I did find what appears to be a work around.
I installed the WordPress https plugin. Checked the new 'force ssl' box on the checkout page. It was still showing not completely not secure. I then deactivated the Slick Social Share Buttons plugin. Now it's showing secure in all browsers. The http links are staying http too.
Become a member