How to force WP motorists to use https after activating SSL wildcard?

I have a multisite setup with sub-domains and domain mapped installed. And I’ve modified the htaccess file in order to redirect all traffic to https.
I've setup domain mapping to force SSL for the mapped domains, but I cannot find a way to modify the site URL in WordPress automatically. It keeps creating subsites using HTTP instead of HTTPS.
In the site settings, the subdomains are all http://subdomain.mainsite.com
instead of https://subdomain.mainsite.com.

  • Katya Tsihotska

    Hi Max

    Hope you're having a wonderful day!

    In order to fix this issue, you will need to replace all mentions of http://mainsite.com with https://mainsite.com. For this "search and replace" procedure in database, you can also use this script (installation details included)
    https://interconnectit.com/products/search-and-replace-for-wordpress-databases/

    It always better to create a backup of your database before doing any changes.

    I would also recommend to add the following code to your wp-config.php before the /* That's all, stop editing! Happy blogging. */ line:

    define( 'WP_HOME', 'https://mainsite.com' );
    define( 'WP_SITEURL', 'https://mainsite.com' );

    Don't forget to replace mainsite.com with your real domain name.

    Let us know if it doesn't help.

    Kind regards,
    Katya

  • Max

    Hi Katya,

    Thank you for your kind reply.
    I understand that from the way I asked the question it could mean more than one thing.

    What I meant was that I was looking for a way to make WordPress automatically generate new sub-sites using HTTPS instead HTTP.
    It is inconvenient to perform a search and replace each time a new website is created especially when users create websites themselves.

    I could not find a solution anywhere for this, not even sure it is possible in a non-hacky way :slight_frown:

  • Katya Tsihotska

    Hi Max

    Hope you're fine today!

    Actually, I understood what you mean :slight_smile: Thing is that the procedure I described in my previous reply should help you to achieve this. It especially relates to the siteurl and home entries in wp_options table and to the siturl entry in wp_sitemeta table. Normally, if URLs in these entries are https://domain.com/, new subsites should be created with https:// as well.

    Please, note, that the table names could be different if you don't use default WordPress prefix.

    If the above doesn't help, I have a code that should help you. The following code can be used as a mu-plugin or placed in your theme's functions.php file:

    add_action("activate_blog", "force_http_for_new_signups",10,1);
    function force_http_for_new_signups( $blog_id ){
    	switch_to_blog( $blog_id );
    	$home = str_replace("http://", "https://", get_option( "home" ) );
    	$siteurl = str_replace("http://", "https://", get_option( "siteurl" ) );
    
    	update_option( "home", $home );
    	update_option( "siteurl", $siteurl );
    
    	restore_current_blog();
    }

    To use this code as a mu-plugin, you will need to go to /wp-content folder and create there folder called mu-plugins, then create a new .php file inside of that folder (says it will be force-https.php), add the PHP opening tag to the file, and then paste all the above code:

    <?php
    //paste the above code here

    Let us know if it doesn't work or if you need further assistance with this.

    Kind regards,
    Katya

  • Max

    Hi Katya,

    Thank you very much for your help and support.
    Unfortunately the new snippet does not work in my case. Not sure why.

    I did add:
    define( 'WP_HOME', 'https://mainsite.com' );
    define( 'WP_SITEURL', 'https://mainsite.com' );

    I did change mainsite with my site name :slight_smile:

    And the snippet you provided me in the last post.
    Still new websites keep using http... I know it's possible to change but for some reason it doesn't work.. :slight_frown:

    I'll have to keep trying.

    For the moment I am forcing https in the front end via .htaccess it works but it is not the perfect solution.

  • Ash

    Hello Max

    Try the following code:

    add_action("wpmu_new_blog", "force_http_for_new_signups",999,1);
    function force_http_for_new_signups( $blog_id ){
    	switch_to_blog( $blog_id );
    	$home = str_replace("http://", "https://", get_option( "home" ) );
    	$siteurl = str_replace("http://", "https://", get_option( "siteurl" ) );
    
    	update_option( "home", $home );
    	update_option( "siteurl", $siteurl );
    
    	restore_current_blog();
    }

    You can use this code in your child theme's functions.php if the theme is not changed. Otherwise mu-plugin is the best option. To create a mu-plugin, go to wp-content/mu-plugins folder. If there is no mu-plugins folder then, create one. Now, inside the mu-plugins folder create file with name anything.php (make sure file extension is .php). Now start with a <?php tag and then put the above code.

    Hope it helps! Please feel free to ask more questions if you have any.

    Have a nice day!

    Cheers,
    Ash

    • Max

      Hi Guys.

      Thank you very much for all your help.
      None of the solutions made any difference unfortunately and I cannot understand why.

      For now I've tried all the above solutions +

      I've added to the wp-config file

      define('FORCE_SSL_ADMIN', true);
      &
      define( 'FORCE_SSL_LOGIN', true );

      together and separate

      I add at the very top of the framework functions.php file (with my actual site name)

      update_option('siteurl','https://mysite.com');
      update_option('home','https://mysite.com');

      and I tried:
      https://wordpress.org/plugins/ssl-insecure-content-fixer/
      &
      https://srd.wordpress.org/plugins/really-simple-ssl/

      Nothing actually worked.

      The main problem is the wp login page. The login form keeps using http in the form action instead of https this makes it impossible to login in not mapped subsites and breaks the ssl padlock.

      Mapped subsites work fine.

      • Ash

        Hello Max

        Form action of login page is a different issue, where we were suggesting to have SSL url on creating a new subsite.

        About the login form issue, let's try the following code:

        add_filter( 'site_url', 'fix_http_to_https' );
        function fix_http_to_https( $url )
        {
        	return str_replace( 'http://', 'https://', $url );
        }

        You can use this code in your child theme's functions.php if the theme is not changed. Otherwise mu-plugin is the best option. To create a mu-plugin, go to wp-content/mu-plugins folder. If there is no mu-plugins folder then, create one. Now, inside the mu-plugins folder create file with name anything.php (make sure file extension is .php). Now start with a <?php tag and then put the above code.

        Hope it helps! Please feel free to ask more questions if you have any.

        Have a nice day!

        Cheers,
        Ash

  • Nithin

    Hello Max,

    As part of our chat conversation, since the current issue in this ticket is resolved via commenting out the line, 125:
    $this->_add_action( 'site_url', 'set_login_form_action', 20, 4);

    In the following file:
    /domain-mapping/classes/domainmap/module/mapping.php

    And I'm getting back to you via the support ticket, since you have requested for a quick solution via chat, without commenting the above code, and by unhooking the above function set_login_form_action.

    I gave a couple of test, and I'm afraid, I'm not able to get a quick workaround to unhook the function, the solutions tried via chat, and other test performed doesn't seem to unhook the function. I'm pinging our developer regarding this, so that he could give a closer look at this, and see what's being missed in here.

    Either the developer, or myself, will keep you posted via the support ticket asap.

    Kind Regards,
    Nithin

  • Ivan

    Hello, Max !

    You could try adding the following snippet in a MU plugin ( more info about MU plugins is here )

    <?php
    function wpmu_dm_disable_https_on_subdomain() {
    	if ( class_exists( 'Domainmap_Plugin' ) ) {
    		remove_action( 'site_url', array( Domainmap_Plugin::instance()->get_module( 'Domainmap_Module_Mapping' ), 'set_login_form_action' ), 20 );
    	}
    }
    add_action( 'plugins_loaded', 'wpmu_dm_disable_https_on_subdomain' );

    Best,
    Ivan.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.