Wordpress - Is there a way to force ssl on certain pages

New workflow, since the Admin SSL plugin is not supported.

  • use the Plugin WP https

  • See the settings

  • If you want SSL for wp-admin, add this to the wp-config.php:

    define( 'FORCE_SSL_ADMIN', TRUE );
    
  • If you want also SSL for the log in page, add this to the wp-config.php

    define( 'FORCE_SSL_LOGIN', TRUE );
    
  • Add the follow line to the .htaccess; remove the default of WP

    <IfModule mod_rewrite.c>
       RewriteEngine On
       RewriteCond %{SERVER_PORT} !^443$
       RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
    </IfModule>
    
  • If you set a specific page/post to SSL in front-end, then use the following plugin or set the option in the editor of the post/page; only if you have active this possibility of the plugin WP https. see also Gist 4081291 for a sample plugin

    /**
     * Plugin Name: Force SSL for specific pages
     * Description: 
     * Author:      Frank Bültge
     * Author URI:  http://bueltge.de/
     * Version:     1.0.0
     */
    
    ! defined( 'ABSPATH' ) and exit;
    
    if ( ! function_exists( 'fb_force_ssl' ) ) {
    
        add_filter( 'force_ssl' , 'fb_force_ssl', 1, 3 );
        function fb_force_ssl( $force_ssl, $id = 0, $utrl = '' ) {
            // A list of posts/page that should be SSL
            $ssl_posts = array( 22, 312 );
    
            if ( in_array( $id, $ssl_posts ) )
                $force_ssl = TRUE;
    
            return $force_ssl;
        }
    
    } // end if func exists
    
  • Without Plugin WordPress HTTPS

    add_action( 'template_redirect', 'fb_ssl_template_redirect', 1 );
    function fb_ssl_template_redirect() {
    
            if ( is_page( 123 ) && ! is_ssl() ) {
    
                if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
                    wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']), 301 );
                    exit();
                } else {
                    wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], 301 );
                    exit();
                }
            } else if ( !is_page( 123 ) && is_ssl() && !is_admin() ) {
    
                if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
                    wp_redirect(preg_replace('|^https://|', 'http://', $_SERVER['REQUEST_URI']), 301 );
                    exit();
                } else {
                    wp_redirect('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], 301 );
                    exit();
                }
            }
    }
    

or a smaller version, but not with fallbacks, if the url is wrong

add_filter( 'pre_post_link', 'fb_set_ssl_url', 10, 3 );
function fb_set_ssl_url( $permalink, $post, $leavename ) {

    if ( 123 == $post->ID )
        return preg_replace( '|^http://|', 'https://', $permalink );

    return $permalink;
}

For WordPress version 3.0 and above, the admin-ssl plugin does not work. In order to get SSL to work, you need to take two steps:

  1. Enable the Administration Over SSL option in your wp-config.php file (see here).
  2. Install the WPSSL plugin on the site. (updated for WordPress 3.0+)
  3. On the pages you want to to run over SSL, add a meta tag called "force_ssl" and set the value to "true".

You should be all set after that.


Use the admin-ssl plugin. For stuff outside of wp, use rewriite rule in apache