If my MarketPress multisite uses https in domain & siteurl, why do new subsites use siteurl-http

MarketPress, multisite, Pro3 theme.

Server admin and I have done what we can to re-create a MarketPress multisite that uses https for domain and siteurl. To test multisite I created 2 new subsites. They list domain as https, but siteurl @Vladislav http.

Why? How does WP multisite create http subsites in an https infrastructure?
Is this a bug? Can it be fixed?

  • MoniQ

    @Jack, hello :slight_smile:

    During the SSL saga, we solved all issues and had a padlocked site thanks to your help. BUT we found the WP HTTPS plugin incompatible with New Blog Templates, and we found new subsites listed http no matter what we did! Also, every plugin and theme update threw more http assets online for me to clean up! I don't want to have to manage this network - PLUS replace http with https in the database tables for every new subsite, - PLUS clean up http assets for every plugin or theme update.

    So we ditched all my hard work and followed the WP multisite installation instructions in your manual for sub directory subsites once again (not sub domain therefore no need for wildcard SSL correct). This time I asked server admin to use https in the installation process. This managed to insert https in the WP Domain and Site URL for the main site... BUT STILL each new subsite uses http ...argh!

    This is what our fresh install has produced...

    .htaccess:

    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    
    # add a trailing slash to /wp-admin
    RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
    
    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^ - [L]
    RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
    RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
    RewriteRule . index.php [L]

    wp-config.php:

    define('MULTISITE', true);
    define('SUBDOMAIN_INSTALL', false);
    define('DOMAIN_CURRENT_SITE', 'artcommons.ca');
    define('PATH_CURRENT_SITE', '/');
    define('SITE_ID_CURRENT_SITE', 1);
    define('BLOG_ID_CURRENT_SITE', 1);

    There has to be something we can do to add https in front of all new subsites!

    Thanks!

  • Jack Kitterhing

    Hi there @MoniQ,

    Hope you're well today and thanks for the additional information, sorry to hear you had to change it all :slight_frown:

    Try this,

    function my_force_ssl() {
       return true;
    }
    add_filter('force_ssl', 'my_force_ssl', 10, 3);

    And in your .htaccess add

    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.mysite.com/$1 [R,L]

    Thanks!

    Kind Regards
    Jack.

  • MoniQ

    @Jack, can you please tell me what the correct setup is for an https WP multisite installation? I followed the WPMUDev Manual, read codex, and read months of forum postings.

    Should/Could the Manual be updated for HTTPS sites? Maybe we are missing a step?

    I am including 3 images attached from Network Admin / Sites / Edit:
    Home, Siteurl, Domain all using https

    With that, I am very curious to know how our new subsites are being created, and are listed via theme-floating global menu and Site Categories - using http? Where in the code / files does this happen? The database again is pulling http from somewhere.

    From your above recommendations:
    Do I add your first code to theme/functions.php ... at the beginning?
    Is it all right to modify your .htaccess code with our port# and domain?

    Thanks Jack!
    Appreciate it.

  • Jack Kitterhing

    Hi there @MoniQ,

    Hope you're well today.

    Sorry we are technically missing a step for https installs, as what I've posted above is needed :slight_smile:

    You can add the code to your themes functions.php at the end is where you'd normally place it :slight_smile:

    Then the .htaccess code, you can change that out for the port needed for your server and your domain and then add that, everything should work correctly then :slight_smile:

    Thanks!

    Kind Regards
    Jack.

  • Jack Kitterhing

    Hi there @MoniQ,

    Hope you're well today and thanks for sending through the info,

    I've done some checking and I believe this is a plugin issue with various plugins not using the home URL, The home_url template tag retrieves the home URL for the current site, optionally with the $pathargument appended. The function determines the appropriate protocol, "https" if is_ssl() and "http" otherwise. If the $scheme argument is "http" or "https" the is_ssl() check is overridden.
    http://codex.wordpress.org/Function_Reference/home_url

    So it seems like some plugins aren't using this which is resulting in broken SSL and http if that makes sense?

    Thanks!

    Kind Regards
    Jack.

  • MoniQ

    @Jack, hello. To recap, in Net Admin/ sites / edit-settings:
    - the main site domain, siteurl and home are all https.
    - subsite domains are https, but use http for siteurl and home.

    I go in manually to "edit" every new subsite-setting to replace http with https for siteurl and home. This allows Pro3 floating global shop-menu and the site categories single category shop-menu to work, and keeps my site padlocked.

    Both programmers explained their theme or plugin pulls http from the database tables, which I thought meant my WP installation/mulitiste was putting http there. I worked with @Paul in this thread to better understand site categories, and also asked @Nathan how Pro3 floating global shop-menu worked (because I love both these menus so much). I am curious to know if your discovery can be integrated into their work somehow:

    I've done some checking and I believe this is a plugin issue with various plugins not using the home URL, The home_url template tag retrieves the home URL for the current site, optionally with the $pathargument appended. The function determines the appropriate protocol, "https" if is_ssl() and "http" otherwise. If the $scheme argument is "http" or "https" the is_ssl() check is overridden.
    http://codex.wordpress.org/Function_Reference/home_url

    So it seems like some plugins aren't using this which is resulting in broken SSL and http if that makes sense?

    Just to double check... since you visited my installation Jack, you must have checked the code you gave me to add to Pro3 functions.php is in the correct place, and my .htaccess file is ok... also from my old installation I kept these notes you gave me from this thread, but am not sure if I am to still do this or where I would apply it:

    I've taken a look and this might work here http://ithemes.com/codex/page/Fix_Non-SSL_Elements_on_SSL_Page#Solution_.232 for protecting the non ssl elements?

    To address unsecure assets, I documented a list to clean up for every Pro3 theme and full screen galleria plugin update. I sent the list to Nathan to ask if he would consider addressing them for the next update. I was wondering how often I need to update themes and plugins too :slight_smile:

    Overall, I am interested to know what Nathan and Paul think, and look forward to hearing from you Jack. Thanks for all your hard work! :slight_smile:

  • MoniQ

    @Jack, hello there.

    Re: http assets, I hope I am understanding your question ... I visited every file in Pro3 theme (and plugins) to find "http:". I used chrome errors as a guide too, but my search found all resources needed like google fonts, vimeo, youtube, maps. I gave Nathan a list of all the pertinent files, and felt I did not need to include line numbers per file, as I rather he double check too.

    This http subsite issue is revealed in site categories, pro3 floating shop menu and also new shop registrations when a new shop merchant goes to visit their new shop right away. So that is why I thought it was WP multisite - but I guess this may have to do with my login/register code from Theme Tailors (I thought it was working great.)

    To double check Jack, were you able to check my code placement in functions.php and check the .htaccess during your site visit? Then I can cross these off my list.

    Is there a code I can add in somewhere that forces home and siteurl to become https for new subsites? Or should these remain http for some reason?

    Is there a way to ask Paul about your find above so I can learn more?

    Thanks for your help Jack, much appreciated :slight_smile:

  • Jack Kitterhing

    Hi there @MoniQ,

    Hope you're well today and thanks for the additional information.

    To double check Jack, were you able to check my code placement in functions.php and check the .htaccess during your site visit? Then I can cross these off my list.

    Yep that all looked good :slight_smile:

    Is there a code I can add in somewhere that forces home and siteurl to become https for new subsites? Or should these remain http for some reason?

    I'd normally recommend leaving these as http, and then letting your users change it to https as required manually, there wouldn't be a way to force that https currently :slight_smile:

    Is there a way to ask Paul about your find above so I can learn more?

    I'd be happy to check with Paul on that for you, about the $path argument was that?

    Thanks!

    Kind Regards
    Jack.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.