Authorize.net payment gateway and Network Solutions hosting & SSLg

Here is the site I am working on: http://thegreatnessinyou.net.

This site is hosted with Network Solutions who is also the provider of the SSL for the domain. The only payment gateway used for this site is authorize.net. Once you get to the shipping page of the checkout process, the shipping page never loads the https version of the shipping page. I thought I could solve the problem by changing the url for the whole site to https. I intended to do this anyway and any url that I manually placed in the site (including the theme's css file) already uses https. Apparently changing the url of Wordpress to https doesnt work with Network Solutions.

Network Solutions tells me that I need to find out how to change the Wordpress url to https when there is a SSL by Proxy. I have no clue how to do that.

My goal is to get the shopping cart to work completely. It doesnt matter to me if the whole site is viewed under https or just the specific pages in the checkout process that require https.

  • aecnu

    Greetings felecial,

    Sorry to see that you are having issues with your WordPress installation, Market Press, and Authorize.net

    The first thing that caught my eye was SSL by proxy which means something else is rendering the SSL and may indeed be the root of the issue.

    So I went and visited the site and it seems to be very slow and I have "stolen" many Network Solutions hosting customers because of this issue alone.

    I can help with forcing SSL but just the same this may not cure the SSL by Proxy and definitely will not cure there speed issue.

    On a side note what is their hosting control panel?

    To force SSL on an entire site one would want to employ an htaccess code as shown below which is indeed outside of the WordPress realm but old school techniques often work great or they would never have made old school status.

    Add the following to your htaccess file right before Begin WordPress

    RewriteEngine on
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

    Please advise if this indeed does the job for us.

    Cheers, Joe

  • felecial

    Thank you acenu for responding so fast! I added the code to the htaccess file and now the site goes to a 500 internal server error page. I removed the code and re-uploaded the htaccess file and currently the 500 error page continues to show. What have I done wrong? I'm sure there's a simple solution to get the site back.

    Moving right along...

    Here is a copy-n-paste of the info Network Solutions provides about SSL Redirects:
    Network Solutions® uses a proxy SSL this does not allow the use of server-side variables to detect HTTPS (secure). All server-side coding will always detect HTTP (non-secure), and for programs that attempt to redirect non-secure connections (http://) to a secure connection (https://) will result in an infinite loop and server error after 30 seconds.

    You can use a client-side program (like javascript) to detect if it's secure and redirect if it's not. You can use the below coding to create a redirect. Just modify the code so that it redirects to the correct secure domain and add it into the HTML of any sensitive pages you may have.

    <script language="javascript">
    if (document.location.protocol != "https:")
    {
    document.location.href = "https://subdomain.yourdomain.com" + document.location.pathname;
    };
    </script>

    Before starting a topic here, I've tried the following:

    I have tried adding that javascript to the theme header and it does make each page come up as https - but it didnt fix the checkout process.

    I saw a "fix" for the same type of problems related to woocommerce and tried adding that javascript plus changing "force_ssl" (in the authorize.net file) to "false". That didnt work either.

  • aecnu

    Greetings felecial,

    Thank you for your feedback which reveals even more issues with the Network Solutions proxy SSL system and WordPress.

    Virtually everything to do with WordPress core and plugins are using variables in the URL's to include the coding I submitted to you:

    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

    In which I have placed in bold the variables above.

    I do not know what to recommend and see no way to get around their system.

    I would suggest changing hosts but must also disclose I own a competing hosting company and we could do the SSL Certificate for $30 a year and the hosting as it should be done - but I do not want it to be construed in anyway shape or form that it is keeping me from trying to fix this issue.

    Server/Network administration is indeed my profession of 20 years.

    Therefore with that in mind, I will ask the Chief of Developers @Aaron if he may have any ideas to possibly resolve this - with possibly something that I am not aware of.

    With that said, I will see if I can get him in here with his invaluable insight into this plugin for his advice/advise for us.

    Though this may take a bit longer then a normal ticket, I will try to get him in here asap.

    Cheers, Joe

  • Aaron

    Network Solutions® uses a proxy SSL this does not allow the use of server-side variables to detect HTTPS (secure). All server-side coding will always detect HTTP (non-secure), and for programs that attempt to redirect non-secure connections (http://) to a secure connection (https://) will result in an infinite loop and server error after 30 seconds.

    That would be an exact description of your problem. Marketpress checks the WP core function is_ssl() and redirects if not with the AIM gateway. If you want to disable this redirect and maybe use the JS instead somehow you can mod the authorize.net gateway file near the top:

    //whether or not ssl is needed for checkout page
      var $force_ssl = false;
  • felecial

    Thank you Aecnu and Aaron for helping me with this problem.

    Aaron - I had tried the javascript fix exactly the way you described it (modify the authorize.net gateway file + add the javascript). It didnt work with the checkout process and strangely my test product (set up as a digital download) would not stay in the "cart" or appear on the checkout page.

    I called up my preferred hosting provider (and sometimes my rescuer) Hostgator and even without them having this clients account....they tried to help, but told me nothing that I had not already tried.

    At this point, I have urged the client to transfer the hosting AND the ssl certificate to a hosting provider that at the least does not do SSL by Proxy.

    This isnt the only issue I have had with Network Solutions and this site, but the other problems are related to the Headway theme - which is a highly supported, stand up product just like the wpmudev products.

    I am very pleased with your products & customer service overall and the fact that this thread is public and ranks high on google. Surely someone else will be searching for solutions just as I did.

    Felecia

  • aecnu

    Greetings Felecia,

    Thank you for your input which is certainly appreciated.

    I admit that I have no idea why Network Solutions uses proxy to provide SSL which when thinking about it seems ludicrous considering that SSL is supposed to be insuring that you are indeed talking to the proper authority and encrypted as well - by proxy kind of puts the kill on that whole idea.

    In any event, once they have switched to a host that does not use proxy SSL it is certain that this issue will vaporize.

    Cheers, Joe

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.