Stop multisite from directing subdomains to https

I have SSL setup for the primary domain of my multisite installation and I am using subdomains for all the other sites under it. The problem I am running into is during signup and other times, when WordPress directs/redirects to a subdomain site, it always uses https, when it needs to used http. I only have a certificate for the main site, I don't have a wildcard certificate for the subdomains.

I tried changing my nginx config to redirect https to http, but it cannot be done without a wildcard certificate for the subdomains, which is the problem I am trying to solve. Therefore, it brings me to WordPress to solve the problem. I need WordPress multisite to always direct to http for all subdomains. It is even alright for it to direct to http for all domains, since that is easy to redirect in nginx to https when desired.

Any suggestions?

  • Scott Daniels

    Okay, I believe I have found the reason. For subdomains using https, the answer is in the wp function get_admin_url() which is called to get the url for the site. A similar function gets the regular url for the site. They both call set_url_scheme() which then chooses the scheme based on whether is_ssl is true or if not force_ssl_admin() is true. is_ssl() is true if the current site (which is https://example.com in these cases) uses https. The fix is to use a filter for 'set_url_scheme', in which one can check for an example.com subdomain, and remove the 's' off the https.

    I'll try doing that when I get a chance and post my results.

  • Luís

    Hi Scott Daniels ,

    Hope you're doing well today!

    Firstly, you can try the suggestion given below by my teammate Nastia, to force the HTTP in all subsites:

    https://premium.wpmudev.org/forums/topic/https-only-main-domain-domain-mapping-best-practices#post-1089936

    Also, you can try use a plugin too, like Real Simple SSL:

    https://wordpress.org/plugins/really-simple-ssl/

    There is a suggestion in how to use it by the plugin developer:

    https://wordpress.org/support/topic/use-ssl-only-for-main-site-of-multisite-network/

    I hope this information has been helpful. If I can help you in this or other questions, please let me know!

    Cheers, Luís

  • Scott Daniels

    Those are good suggestions, but as I am already doing ssl redirect for the main site via nginx config, and the ssl plugin is quite complex, I rather keep something of this importance simple. Therefore, I created a mu-plugin with this code:

    add_filter( 'set_url_scheme', function ($url, $scheme, $orig_scheme) {
        $arr=parse_url($url);
        if (preg_match('/.*\.example\.com/',$arr['host'])) // its a subdomain, change the scheme to http
            $url = preg_replace('(https)', 'http', $url);
        return $url;
    }, 10, 3);

    It is pretty simple and quite robust. It simply makes sure that WP always returns 'http' as the scheme for all subdomains of example.com (which should of course be changed to a real domain).

    • greenrhyno

      I tried to build an mu-plugin with this code. I put it into a a text file and changed the type to php and put it in the mu-plugins folder. That just left the code at the top of all of my pages. Then I put <?php at the beginning and ?> at the end. That just caused my website and admin to stop working. I tried putting it into a class and calling the class and I tried putting it in <script> tags. I really am not experienced at this stuff.
      How would I make an mu-plugin with the code that would actually do what is needed.

      Also, if I have some subdomains with working ssl how can I exclude them also from the changing back to http.

      Thanks!

      • James Morris

        Hello greenrhyno,

        I hope you are well today.

        As a general rule, it's best to go ahead and start your own thread or contact us through Live Support for clarification on such issues rather than jump in on another member's thread. This helps us to help you more effectively as we can request site access needed and such. Also, it eliminates needless notifications to the original poster's email. :wink:

        However, I will quickly answer this here in order to help anyone who is having a similar problem.

        To create a mu-plugin using the above code, simply past the following code, exactly as shown, into a blank text document and save it with a .php file extension. For example force-http-subsite.php. Then just upload it to /wp-content/mu-plugins/ on your server (if the directory doesn't exist, just create it).

        <?php
        
        add_filter( 'set_url_scheme', function ($url, $scheme, $orig_scheme) { $arr=parse_url($url);
        if (preg_match('/.*\.example\.com/',$arr['host'])) // its a subdomain, change the scheme to http
        $url = preg_replace('(https)', 'http', $url); return $url; }, 10, 3);

        There is no need for the closing ?> php tag.

        If you have any further questions regarding this, feel free to contact us via Live Support and we will be happy to help you further.

        Best regards,

        James Morris