Secure Elements on a ProSite with Domain Mapping

SSL Already installed and working

We are now facing an issue to make the entirewebsite on HTTPS without any insecure elements ... It is because we need to provide our clients this facility that they can easily manage their websites without our support and at this time it seems there are many stuff for which client will back to us for help.

1- I have seen the whole Domain Mapping settings but it's not the ideal way to FORCE the website on HTTPS as there should be some better way from which our customer can switch the website on HTTPS without our support.
http://screencast.com/t/cDGEi4cA4Ym

You can see in Domain Mapping all pages are displaying in this section even Left Sidebar and Right Side bar but what about POSTS if user want to make all POSTS on HTTPS then how he can do this ?

I have try to use the .htaccess Method but it's not working and website start going into LOOP So, where is the setting in Admin Panel from which our customer can easily manage his BLOG or website ?

2- When Website Pages are Forced on HTTPS via Domain Mapping Settings it start making issue with CSS / JS for insecure elements ... So, where is the option from which we can resolve this issue ? We don't want to use the HTTPS plugin for our customer as it has Donation, Advertisement etc and we don't want to show such settings for our customers, In Short we need to handle this issue from Pro-site settings so, our customers can handle such settings from Admin Panel ...

    Rupok

    Hi stepheina,

    1- I have seen the whole Domain Mapping settings but it's not the ideal way to FORCE the website on HTTPS... ... ...You can see in Domain Mapping all pages are displaying in this section even Left Sidebar and Right Side bar but what about POSTS if user want to make all POSTS on HTTPS then how he can do this ?

    The page from where you took the screenshot, has an option "Map new domain name". When you map a domain from that option, please select "https" from the dropdown. That will force the whole domain to load under SSL (if SSL is configured properly). That drop-down also has an option "Force None". So if you don't want to force, and want the domain to be flexible, then select "Force None", but if you want to *force* SSL, then select HTTPS from the dropdown.

    The section you referred in your screenshot is saying:

    Excluded pages: Pages selected here will not be mapped and can optionally force https, If you set the domain to use https, the following "force/unforce SSL will be ignored"

    So it clearly indicates, this section is for that situation where you didn't force while mapping. If you select HTTPS while mapping the domain, then this settings will be *ignored*.

    2- When Website Pages are Forced on HTTPS via Domain Mapping Settings it start making issue with CSS / JS for insecure elements ... So, where is the option from which we can resolve this issue ?

    Please go to "Dashboard > My Sites > Network Admin > Dashboard > Settings > Domain Mapping" section and scroll down to "Force http/https (Only for original domain)" option. From there, please select "Yes" for the first option and "Force https" for the second option and save. It will force the original domain to load resources in HTTPS, and when your mapped HTTPS domains will request data from original HTTPS domain, there should not be any mixed content / insecure elements error.

    I believe this should resolve your issue. If you have any confusion, or if the issue is still there, please let us know. We will be glad to assist further.

    Have a nice day. Cheers!
    Rupok

    stepheina

    Hi Rupok,

    Thanks for your great explanation, i am still having some concern regarding your reply, please have a look below.

    1- I have remove the previous Domain Mapping and try to add the same domain on https:// and it's still adding me on http:// , Please have a loo below small video.
    http://screencast.com/t/pHecBRveQ

    This is what the issue i am facing, previously i have try same logic but this setting is not working for me.

    2- For https:// insecure elements, i have alreday apply the same settings but still facing issue of insecure elements on frontend. Please have a look below screenshot and advise me ASAP.
    http://screencast.com/t/IXjvz3YsP

    -Zak

    Ash

    Hello stepheina

    #2: Would you please try the following plugin to solve insecure element error?
    https://wordpress.org/plugins/wordpress-https/

    This plugin is old but still works well.

    #1. Would you please go to Network Admin > Settings > Domain Mapping and disable DNS verification? Then try one more time. If it still doesn't work, I need to check by signing in.

    Would you please send me login details and ftp details?

    To send me details, please use our contact form: https://premium.wpmudev.org/contact/

    Select: I have a different question
    Subject: Attn-Ash (this ensures that it will be assigned to me)
    Details:
    1. Send all requested details
    2. Send a link of this thread so that I can track
    3. Send any other relevant link

    I will be happy to take a look

    Cheers
    Ash

    Ash

    Hello stepheina

    Please check now. I have not made any changes but it seems adding https domain fine.

    Forcing HTTPS should not be any issue, even wordpress has define settings if you want to force website to load over https. Otherwise a website will load over http too.

    About insecure element, that depends on the plugins and themes you are using. Domain Mapping or Pro Sites have nothing to do with it. If css and js are enqueued or images are added with a protocl, then it will load over that protocol. The plugin I mentioned, that helps to remove those insecure elements. Still, if http url is hardcoded in anywhere, then no plugin can remove that, you have to change that in code level.

    Hope it helps Please feel free to ask more question if you have any.

    Cheers
    Ash

    stepheina

    Hi Ash,

    Hope you are fine, i think you didn't read the previous messages. Again, website HOME page is on https because i have select the option Force SSL. Now if there are 100+ POSTS and PAGES then we have to FORCE the pages on SSL and this will cause an issue for customer and he will get back to us again. See screenshot
    http://screencast.com/t/pRNc3g0yZ8

    As, there is already an option available to MAP the Domain on HTTPS completely.

    1- I have remove the previous Domain Mapping and try to add the same domain on https:// and it's still adding me on http:// , Please have a loo below small video.
    http://screencast.com/t/pHecBRveQ

    This is my need because i will just add the domain on https and it will automatically make the whole website on https.

    2- When we make any page on https then some functionality start making issue because of insecure elements and i have already explain all the detail in previous Chat as well. We don't want to use the HTTPS plugin as it display some Advertisement etc and we don't want to show to our clients. In short whether there is any settings available in Pro-Site from which we can resolve the insecure elements issue without installing plugin ?
    Otherwise we will rely on some plugins to resolve the insecure elements issues.

    -Zak

    stepheina

    Hi Ash,

    Hope you are fine, i think you didn't read the previous messages. Again, website HOME page is on https because i have select the option Force SSL. Now if there are 100+ POSTS and PAGES then we have to FORCE the pages on SSL and this will cause an issue for customer and he will get back to us again. See screenshot
    http://screencast.com/t/pRNc3g0yZ8

    As, there is already an option available to MAP the Domain on HTTPS completely.

    1- I have remove the previous Domain Mapping and try to add the same domain on https:// and it's still adding me on http:// , Please have a loo below small video.
    http://screencast.com/t/pHecBRveQ

    This is my need because i will just add the domain on https and it will automatically make the whole website on https.

    2- When we make any page on https then some functionality start making issue because of insecure elements and i have already explain all the detail in previous Chat as well. We don't want to use the HTTPS plugin as it display some Advertisement etc and we don't want to show to our clients. In short whether there is any settings available in Pro-Site from which we can resolve the insecure elements issue without installing plugin ?
    Otherwise we will rely on some plugins to resolve the insecure elements issues.

    -Zak

    Rupok

    Hi Zak,

    Regarding your first issue, I found that you were trying to map with "www" part, that's what causing the issue. I deleted and mapped again in HTTPS schema without the "www" part and now it's working absolutely fine. Can you please check and confirm?

    Regarding your second issue about insecure content, I believe I can fix that too but I need to check your Domain Mapping configuration. The user account you provided through our secure contact form gives us access only to one site but I need to check Domain Mapping general settings which is only available from Network Dashboard. Would you mind allowing Support Access so we can have a closer look at this?

    To enable support access you can follow this guide here:
    http://premium.wpmudev.org/manuals/wpmu-dev-dashboard-enabling-staff-login/

    I'm looking forward to hear from you and resolve this issue as soon as possible.

    Have a nice day. Cheers!
    Rupok

    stepheina

    Hi Rupok,

    Thanks for your explanation, you have remove the "www" which is very important for SEO purpose so, we need solution to have HTTPS with WWW Schema. We can't remove it as our mostly clients prefer to have this Schema settings. So, please provide valid settings with https and www schema as we are facing complains from our customers. It's taking too much time as there is much delay in your replies.

    For second answer, where i can send you the credentials ? if you can send me your email address then i will forward.

    Thanks,

    -Zak

    Kasia Swiderska

    Hello Zak,

    I'm very sorry for delay on our side.

    Thanks for your explanation, you have remove the "www" which is very important for SEO purpose so, we need solution to have HTTPS with WWW Schema. We can't remove it as our mostly clients prefer to have this Schema settings.

    Our developer recommends mapping domains without www as www is subdomain. In most cases www or no www has no influence on SEO, but I don't know how it looks with your site so I've send message to developer on workaround for your case.
    He is not currently online, so I'm still waiting for response from him - I'll update thread as soon as I'll get more info.

    For second answer, where i can send you the credentials ? if you can send me your email address then i will forward.

    If you have there WPMU DEV Dashboard installed there is no need to send credentials, support access will be enough. https://premium.wpmudev.org/manuals/wpmu-dev-dashboard-enabling-staff-login/

    If there is no option to use support access then follow those instructions: send in the following via our secure contact form https://premium.wpmudev.org/contact/ :

    - Mark to my attention, the subject line should contain only: ATTN: Kasia Swiderska
    - Do not include anything else in the subject line, doing so may delay our response due to how email filtering works.
    - Link back to this thread
    - Include WordPress network admin access details (login address, username & password)
    - Include any relevant URLs for your site

    IMPORTANT: Please make sure you select "I have a different question" for your topic, so it doesn't go back to the forums - this and the subject line ensure that it gets assigned to me.

    When you send that email - please confirm here in thread that is was done.

    kind regards,
    Kasia

    Rupok

    Hi Zak,

    Let's fix the insecure content warning first. Then we definitely work on adding the "www" part, okay? And I can see that Kasia has already sent a message to our developer regarding this. She or our developer will reply here as soon as we have any update regarding this.

    I'm so sorry for the delay from our end and we will try to make sure this type of delay doesn't happen again. Thanks for sending login credentials. I've logged in and checked the whole setup. Now there are couple of things we need to discuss.

    First of all, there are hardcoded links on your site with HTTP which is the first cause of Mixed Content Error. For example, the image in the third footer widget was hardcoded with http link. Please check the attached screenshot for reference.

    Domain mapping can force the site URL to be called from HTTPS, but it can't change inner links to HTTPS. Force SSL Plugins can do this but you said "We don't want to use the HTTPS plugin for our customer as it has Donation". So we have two options now:
    1. Replace all HTTP links manually with HTTPS link
    2. Use Plugin for making WordPress links Protocol Relative. That means, use plugins that will make all "http://www.example.com/filelink" url to "/filelink/" (e.g. https://wordpress.org/plugins/relative-url/)

    As I don't know if you are comfortable with the second option, I tried to manually replace all links I got with HTTP. I replaced 'em all except the logo. The logo was uploaded through Media Library, and whenever I upload any image through the Media Library, it get's HTTP link which indicates there is something in your multisite configuration which has your main site address configured as HTTP, not HTTPS. So when you use that image (which was uploaded through media library) gets HTTP url and causes Mixed Content Error in your subsite. I can dig further in your Database to find HTTP references for your network, but I think that will be an overkill. Rather, my suggestion will be using a SSL Plugin (I know you don't wan to use them, but there are couple of them and I believe not all of them shows Donation, Advertisements etc.).
    https://wordpress.org/plugins/ssl-insecure-content-fixer/
    https://wordpress.org/plugins/really-simple-ssl/
    https://wordpress.org/plugins/wp-force-ssl/

    If you are not happy with any of these, and want us to have a look at your database, Can you send me message with cPanel access credentials through our secure contact form here: https://premium.wpmudev.org/contact/ so we can have a look on your database and try to fix this for good?

    Subject: "Attn: Rupok"
    - cPanel Username
    - cPanel Password
    - cPanel Login URL
    - Link back to this thread for reference
    - Any other relevant URLs

    Select "I have a different question" for your topic. This and the subject line ensure that it gets assigned to me.

    I'm looking forward to hear from you and resolve this issue as soon as possible.

    Have a nice day. Cheers!
    Rupok