how can I automaticlly switch from http to https?

Resolved eliranseo
(@eliranseo)

8 years, 5 months ago

Hello there,
I installed the plugin in my website.

when I try to enter to this picture:
https://www.college.best-seo.co.il/wp-content/uploads/2015/11/%D7%A7%D7%95%D7%A8%D7%A1-%D7%91%D7%A0%D7%99%D7%99%D7%94-%D7%A0%D7%99%D7%94%D7%95%D7%9C-%D7%95%D7%A9%D7%99%D7%95%D7%95%D7%A7-%D7%97%D7%A0%D7%95%D7%99%D7%95%D7%AA-%D7%90%D7%99%D7%A0%D7%98%D7%A8%D7%A0%D7%98.jpg

it’s secured as well, but when I try to change the address from https to http like this:
http://www.college.best-seo.co.il/wp-content/uploads/2015/11/%D7%A7%D7%95%D7%A8%D7%A1-%D7%91%D7%A0%D7%99%D7%99%D7%94-%D7%A0%D7%99%D7%94%D7%95%D7%9C-%D7%95%D7%A9%D7%99%D7%95%D7%95%D7%A7-%D7%97%D7%A0%D7%95%D7%99%D7%95%D7%AA-%D7%90%D7%99%D7%A0%D7%98%D7%A8%D7%A0%D7%98.jpg

it’s not automaticlly move to https, how can I fix it?

Thanks

Viewing 9 replies - 1 through 9 (of 9 total)

Plugin Author Mark
(@markwolters)

8 years, 5 months ago

Hi,

what redirect option have you selected in the plugin?

Mark

Plugin Contributor Rogier Lankhorst
(@rogierlankhorst)

8 years, 5 months ago

As you access the image directly, this request does not pass through either the .htaccess file in the web root, or the WordPress code, so it won’t be redirected to https.

A solution to this could be to add HTTP Strict Transport Security to your site, browsers will force your site over https when the website is visited once. With the preload option even the first visit is not necessary. For more information on HSTS see:
https://really-simple-ssl.com/hsts-http-strict-transport-security-good/

Thread Starter eliranseo
(@eliranseo)

8 years, 5 months ago

I see.
so how can I do that?

Thanks
Plugin Author Mark
(@markwolters)

8 years, 5 months ago
If you have a webserver that uses a .htaccess file (For example Apache), you can add the following line to your .htaccess file:

Header set Strict-Transport-Security "max-age=31536000" env=HTTPS

or if you want to submit the site to the preload list as well:

Strict-Transport-Security: max-age=63072000; includeSubDomains; preload

For NGINX webserver you can follow this guide: nginx.com/blog/http-strict-transport-security-hsts-and-nginx/
- This reply was modified 8 years, 5 months ago by Mark.
- This reply was modified 8 years, 5 months ago by Mark.
- This reply was modified 8 years, 5 months ago by Mark.
Thread Starter eliranseo
(@eliranseo)

8 years, 5 months ago
Well, in my computer it works now as well, but some people told me that it’s not working on their computers and mobile phones. Can you please check it?
- This reply was modified 8 years, 5 months ago by eliranseo.
Thread Starter eliranseo
(@eliranseo)

8 years, 5 months ago

Well, in my computer it works now as well, but some people told me that it’s not working on their computers and mobile phones. Can you please check it?

Plugin Author Mark
(@markwolters)

8 years, 5 months ago

Hi,

when visiting the site for the first time request won’t be redirected to https://. If the site is submitted to the preload list then also request on the first visit should be redirected to https://. I’ve tested it and it does seem to work, do people also experience this when they visit the site for the second or third time?

Mark

Thread Starter eliranseo
(@eliranseo)

8 years, 5 months ago

Hi. The problem is the same.

Take that pic for example:
http://www.klarfeldlaw.com/wp-content/uploads/IMG_4740.jpg

Some friend told me that it’s not working in his mobile phone (galaxy s3), and he also sent me a screenshot:
https://ibb.co/cgRSGb

how can we fix it?

Thanks

Plugin Author Mark
(@markwolters)

8 years, 5 months ago

Hi,

perhaps this has something to do with the browser/device your friend is using. After the first visit the image redirects to https:// for me. You could have a look at the HSTS preload list. That will force requests over https:// on the first visit when using a supported browser.

Mark

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘how can I automaticlly switch from http to https?’ is closed to new replies.