Is there a way to force ssl on certain pages

I want to force a secure connection on some of my pages (ones with forms), but I don’t want the whole site to work with ssl (slows it down)

Is there a way to configure specific pages to require ssl?

Solutions Collecting From Web of "Is there a way to force ssl on certain pages"

Use the admin-ssl plugin. For stuff outside of wp, use rewriite rule in apache

New workflow, since the Admin SSL plugin is not supported.

  • use the Plugin WP https

  • See the settings

  • If you want SSL for wp-admin, add this to the wp-config.php:

    define( 'FORCE_SSL_ADMIN', TRUE );
    
  • If you want also SSL for the log in page, add this to the wp-config.php

    define( 'FORCE_SSL_LOGIN', TRUE );
    
  • Add the follow line to the .htaccess; remove the default of WP

    <IfModule mod_rewrite.c>
       RewriteEngine On
       RewriteCond %{SERVER_PORT} !^443$
       RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
    </IfModule>
    
  • If you set a specific page/post to SSL in front-end, then use the following plugin or set the option in the editor of the post/page; only if you have active this possibility of the plugin WP https. see also Gist 4081291 for a sample plugin

    /**
     * Plugin Name: Force SSL for specific pages
     * Description: 
     * Author:      Frank Bültge
     * Author URI:  http://bueltge.de/
     * Version:     1.0.0
     */
    
    ! defined( 'ABSPATH' ) and exit;
    
    if ( ! function_exists( 'fb_force_ssl' ) ) {
    
        add_filter( 'force_ssl' , 'fb_force_ssl', 1, 3 );
        function fb_force_ssl( $force_ssl, $id = 0, $utrl = '' ) {
            // A list of posts/page that should be SSL
            $ssl_posts = array( 22, 312 );
    
            if ( in_array( $id, $ssl_posts ) )
                $force_ssl = TRUE;
    
            return $force_ssl;
        }
    
    } // end if func exists
    
  • Without Plugin WordPress HTTPS

    add_action( 'template_redirect', 'fb_ssl_template_redirect', 1 );
    function fb_ssl_template_redirect() {
    
            if ( is_page( 123 ) && ! is_ssl() ) {
    
                if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
                    wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']), 301 );
                    exit();
                } else {
                    wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], 301 );
                    exit();
                }
            } else if ( !is_page( 123 ) && is_ssl() && !is_admin() ) {
    
                if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
                    wp_redirect(preg_replace('|^https://|', 'http://', $_SERVER['REQUEST_URI']), 301 );
                    exit();
                } else {
                    wp_redirect('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], 301 );
                    exit();
                }
            }
    }
    

or a smaller version, but not with fallbacks, if the url is wrong

add_filter( 'pre_post_link', 'fb_set_ssl_url', 10, 3 );
function fb_set_ssl_url( $permalink, $post, $leavename ) {

    if ( 123 == $post->ID )
        return preg_replace( '|^http://|', 'https://', $permalink );

    return $permalink;
}

For WordPress version 3.0 and above, the admin-ssl plugin does not work. In order to get SSL to work, you need to take two steps:

  1. Enable the Administration Over SSL option in your wp-config.php file (see here).
  2. Install the WPSSL plugin on the site. (updated for WordPress 3.0+)
  3. On the pages you want to to run over SSL, add a meta tag called “force_ssl” and set the value to “true”.

You should be all set after that.

Try the Better WP Security Plugin. Along with a bunch of helpful tweaks to secure your site, it has some settings that allow you to force ssl to the login page, or the entire back-end if you choose, and to selected pages on the front end per content via a selection box added to the visual editor. Very easy to use.

Of course, you do have to have SSL set-up on your server first, meaning you either have to install a self-signed certificate (not recommended) or pay for a certificate from a 3rd party authority and install it on your server.

I had multiple problems with your solutions (but it helped me). I’ll put my solutions here for the following case :

  • WordPress multisite
  • Server on vestacp running on apache with nginx proxy

.First i only used this WP extension : “SSL Insecure Content Fixer” who can handle WPMU, and the “mixed content” error (Since “WordPress Https” is deprecated and not working for me)

.Secondely, the is_ssl() function wasn’t working with nginx proxy so i used this one :

function isSecure() {
  return
    (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
    || $_SERVER['SERVER_PORT'] == 443;
}

.Also “is_page()” wasn’t working so this is my final code (for redirecting the specific pages” to https)

add_action( 'template_redirect', 'fb_ssl_template_redirect', 1 );
function fb_ssl_template_redirect() {

    global $post;

    //login = 8886
    //Pages clients
    $array_posts_ssl = array(8886);
    $array_posts_ssl_parents = array(8886);

    if ( in_array($post->ID,$array_posts_ssl)  ) {

        if ( !isSecure() ) {
            wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], 301 );
            exit();
        }

    } else  {

        if ( isSecure() ){
            wp_redirect('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] , 301 );
            exit();
        }
    }

}

Both of the plugins mentioned above seem to be outdated or at least haven’t been maintained ina while. The WordPress-https plugin seems to be the best option and will force ssl on the entire site or just on certain pages.

Below would be the best “WordPress” way to do it, i have fully commented it for you to explain what its doing.

add_action('wp','_my_custom_ssl_redirect'); // the 'wp' hook is the first place the post id is set.
function _my_custom_ssl_redirect(){
    global $post,$wp; // get some global values.

    $page_ids = array(2,123,321,456); // array of page ids we want to force to ssl.

    if( is_page() && isset($post->ID) && in_array($post->ID,$page_ids) ){ // check we are on a page and its a page we want to redirect.

        wp_safe_redirect( // make sure we only redirect to "internal" urls.
            add_query_arg( // add any url query arguments back to the url.
                $_SERVER['QUERY_STRING'], // The current query args.
                '',
                trailingslashit( // add a trailing slash to the home url as sometimes it is not added.
                    home_url( $wp->request, "https" ), // get the home url HTTPS link.
                    301 // set the redirect to be 301 "permanent", you can use 302 "temporary" here instead.
                )
            )
        );
        exit; // exit ASAP, no point in loading anything more.
    }
}

Non commented version for neatness 🙂 (same exact code)

add_action('wp','_my_custom_ssl_redirect');
function _my_custom_ssl_redirect(){
    global $post,$wp;

    $page_ids = array(2,123,321,456); // array of page ids we want to force to ssl.

    if( is_page() && isset($post->ID) && in_array($post->ID,$page_ids) ){ 
        wp_safe_redirect( add_query_arg( $_SERVER['QUERY_STRING'], '',trailingslashit(home_url( $wp->request, "https" ), 301 )) );
        exit;
    }
}