Title: Core Changes for SSL
Last modified: August 20, 2016

---

# Core Changes for SSL

 *  Resolved [billibones](https://wordpress.org/support/users/billibones/)
 * (@billibones)
 * [13 years, 4 months ago](https://wordpress.org/support/topic/core-changes-for-ssl/)
 * Hey all, new to the forums here, but have a situation thats driving me crazy …
   I have recently attempted to enable SSL on my wordpress site, and I am getting
   alot of insecure calls into the page. I can’t find these things anywhere in any
   of the source code (checked through the entire wordpress installation and even
   the DB.)’
 * I have tried WP Https to no avail, and have read through multiple forums that
   express similar issues with wordpress and ssl … Can anyone just guide me as to
   where or what functions i need to be looking for to change in order to get everything
   to come through over SSL. I have learned that there are two different areas being
   called that can cause problems:
    Some in the root of WordPress and others from
   the plugin directory of said culprit plugin.
 * I have my installation setup (General / Settings) to use https: for the site.
   And have run a test tool, that shows the base URL to be SSL and all forms to 
   be SSL however the following come in insecure and I cant find how / where to 
   change this … ANY advice would be much appreciated. I have been looking and reading
   articles on the web in regards to SSL issues and just cant seem to wrap my head
   around how to get these things corrected. (I am using PageLines – Whitehouse 
   theme)
 * (Note: www….. = my domain name)
    SSL Checker Results ===============
 *     ```
       Unsecured Links:
       <a href="http://www...../wp-admin/post.php?post=912&action=edit" >
       <a href="http://www...../wp-admin/post.php?post=912&action=edit" >
       <a href="http://www...../wp-admin/post.php?post=908&action=edit" >
       <a href="http://www...../wp-admin/post.php?post=908&action=edit" >
       <a href="http://www...../wp-admin/post.php?post=906&action=edit" >
       <a href="http://www...../wp-admin/post.php?post=906&action=edit" >
       <a href="http://www...../wp-admin/post.php?post=812&action=edit" >
       <a href="http://www...../wp-admin/post.php?post=812&action=edit" >
       <a href="http://www...../wp-admin/about.php" >
       <a href="http://www...../wp-admin/about.php" >
       <a href="http://wordpress.org/" >
       <a href="http://codex.wordpress.org/" >
       <a href="http://wordpress.org/support/" >
       <a href="http://wordpress.org/support/forum/requests-and-feedback" >
       <a href="http://www...../wp-admin/" >
       <a href="http://www...../wp-admin/" >
       <a href="http://www...../wp-admin/themes.php" >
       <a href="http://www...../wp-admin/customize.php?url=http%3A%2F%2Fwww.....%2F" >
       <a href="http://www...../wp-admin/widgets.php" >
       <a href="http://www...../wp-admin/nav-menus.php" >
       <a href="http://www...../wp-admin/themes.php?page=imporved-simpler-css/improved-simpler-css.php" >
       <a href="http://www...../wp-admin/update-core.php" >
       <a href="http://www...../wp-admin/edit-comments.php" >
       <a href="http://www...../wp-admin/post-new.php" >
       <a href="http://www...../wp-admin/post-new.php" >
       <a href="http://www...../wp-admin/media-new.php" >
       <a href="http://www...../wp-admin/link-add.php" >
       <a href="http://www...../wp-admin/post-new.php?post_type=page" >
       <a href="http://www...../wp-admin/user-new.php" >
       <a href="http://www...../wp-admin/profile.php" >
       <a href="http://www...../wp-admin/profile.php" >
       <a href="http://www...../wp-admin/profile.php" >
       <a href="http://www...../wp-login.php?action=logout&_wpnonce=5d6399e3b2" >
       <a href="http://www...../wp-login.php?action=logout&_wpnonce=5d6399e3b2" >
   
       Unsecured Images:
       <img src="http://www...../wp-content/uploads/2013/01/100bill-150x145.jpg" >
       <img src="http://www...../wp-content/uploads/2013/01/ameraqLion.png" >
       <img src="http://www...../wp-content/uploads/2013/01/chromeSSLdisplayissues-300x143.png" >
       <img src="http://1.gravatar.com/avatar/b8e81a516c52afb49a779dc485e86542?s=16&d=http%3A%2F%2F1.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D16&r=PG" >
       <img src="http://1.gravatar.com/avatar/b8e81a516c52afb49a779dc485e86542?s=64&d=http%3A%2F%2F1.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D64&r=PG" >
   
       Unsecured CSS/Scripts/Style Sheets:
       <link href="http://www...../wp-content/themes/whitehouse/css/960.css" >
       <link href="http://www...../wp-content/themes/whitehouse/css/reset.css" >
       <link href="http://www...../wp-content/themes/whitehouse/css/trans.css" >
       <link href="http://www...../wp-content/themes/whitehouse/css/wp.css" >
       <link href="http://www...../wp-content/themes/whitehouse/style.css" >
       <link id="upm_polls.css-css" href="http://www...../wp-content/plugins/upm-polls/css/polls.css?ver=3.5" >
       <link id="admin-bar-css" href="http://www...../wp-includes/css/admin-bar.min.css?ver=3.5" >
       <link id="contact-form-7-css" href="http://www...../wp-content/plugins/contact-form-7/https://www...../wp-content/plugins/contact-form-7/includes/css/styles.css?ver=3.3.2" >
       <script src="http://www...../wp-content/plugins/upm-polls/js/jquery-1.4.2.min.js?ver=3.5" >
       <script src="http://www...../wp-includes/js/jquery/jquery.js?ver=1.8.3" >
       <div id="upm_loading" background="rgba(0, 0, 0, 0) url(http://www...../wp-content/plugins/upm-polls/img/loading.gif) no-repeat scroll 50% 50% / auto padding-box border-box" background-image="url(http://www...../wp-content/plugins/upm-polls/img/loading.gif)" >
       <script src="http://www...../wp-includes/js/admin-bar.min.js?ver=3.5" >
       <script src="http://www...../wp-content/plugins/contact-form-7/https://www...../wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.23" >
       <script src="http://www...../wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.3.2" >
       ```
   

Viewing 5 replies - 1 through 5 (of 5 total)

 *  Thread Starter [billibones](https://wordpress.org/support/users/billibones/)
 * (@billibones)
 * [13 years, 4 months ago](https://wordpress.org/support/topic/core-changes-for-ssl/#post-3382637)
 * Ok I was able to correct the Unsecured Links section. This was an oversight on
   my part as I was logged in as the admin, and the admin bar was causing the reference
   to the invalid links.
 * I am still trying to figure out the “Unsecured Images” and “Unsecured CSS/Scripts/
   Style Sheets” areas to modify or adjust.
 *     ```
       Unsecured Images:
       <img src="http://www...../wp-content/uploads/2013/01/100bill-150x145.jpg" >
       <img src="http://www...../wp-content/uploads/2013/01/ameraqLion.png" >
       <img src="http://www...../wp-content/uploads/2013/01/chromeSSLdisplayissues-300x143.png" >
       <img src="http://1.gravatar.com/avatar/b8e81a516c52afb49a779dc485e86542?s=16&d=http%3A%2F%2F1.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D16&r=PG" >
       <img src="http://1.gravatar.com/avatar/b8e81a516c52afb49a779dc485e86542?s=64&d=http%3A%2F%2F1.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D64&r=PG" >
   
       Unsecured CSS/Scripts/Style Sheets:
       <link href="http://www...../wp-content/themes/whitehouse/css/960.css" >
       <link href="http://www...../wp-content/themes/whitehouse/css/reset.css" >
       <link href="http://www...../wp-content/themes/whitehouse/css/trans.css" >
       <link href="http://www...../wp-content/themes/whitehouse/css/wp.css" >
       <link href="http://www...../wp-content/themes/whitehouse/style.css" >
       <link id="upm_polls.css-css" href="http://www...../wp-content/plugins/upm-polls/css/polls.css?ver=3.5" >
       <link id="admin-bar-css" href="http://www...../wp-includes/css/admin-bar.min.css?ver=3.5" >
       <link id="contact-form-7-css" href="http://www...../wp-content/plugins/contact-form-7/https://www...../wp-content/plugins/contact-form-7/includes/css/styles.css?ver=3.3.2" >
       <script src="http://www...../wp-content/plugins/upm-polls/js/jquery-1.4.2.min.js?ver=3.5" >
       <script src="http://www...../wp-includes/js/jquery/jquery.js?ver=1.8.3" >
       <div id="upm_loading" background="rgba(0, 0, 0, 0) url(http://www...../wp-content/plugins/upm-polls/img/loading.gif) no-repeat scroll 50% 50% / auto padding-box border-box" background-image="url(http://www...../wp-content/plugins/upm-polls/img/loading.gif)" >
       <script src="http://www...../wp-includes/js/admin-bar.min.js?ver=3.5" >
       <script src="http://www...../wp-content/plugins/contact-form-7/https://www...../wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.23" >
       <script src="http://www...../wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.3.2" >
       ```
   
 *  [redrocksrover2](https://wordpress.org/support/users/redrocksrover2/)
 * (@redrocksrover2)
 * [13 years, 4 months ago](https://wordpress.org/support/topic/core-changes-for-ssl/#post-3382643)
 * Hi.
 * 1) Were these images, CSS, and JS files uploaded into WP before you set your 
   WP site to use SSL?
 * 2) It sounds like you have, but ensure that the WordPress address URL and Site
   address URL in your WP General settings are both set to use https:// instead 
   of http://
 * 3) See this page for information about confirming that your .htaccess file is
   rewriting requests for WP content as HTTPS: [http://ithemes.com/codex/page/Fix_Non-SSL_Elements_on_SSL_Page](http://ithemes.com/codex/page/Fix_Non-SSL_Elements_on_SSL_Page).(
   Personally I would avoid the “Solution #2” suggestion at the bottom of that page
   to use a plugin.)
 * 4) Be sure that you are forcing SSL for all admin activities in your wp-config.
   php file: `define('FORCE_SSL_ADMIN', true);` Of course this won’t affect your
   content – only admin pages and logins.
 * 5) Check that you don’t have hard-coded URLs in any of your templates, template
   modules, or widgets that start with `http://`. Also be sure that if you’re using
   any plugins that they, too, aren’t outputting hard-coded URLs to `http://`
 * Hope that helps somewhat in tracking down the issues…
 *  Thread Starter [billibones](https://wordpress.org/support/users/billibones/)
 * (@billibones)
 * [13 years, 4 months ago](https://wordpress.org/support/topic/core-changes-for-ssl/#post-3382689)
 * Thank you very much for you reply. Most (I’d say 80%) of the images, CSS and 
   JS files were uploaded into WP prior to going SSL. (I will start a new side sandbox
   with a fresh install of WP and start SSL … perhaps then a migration of the old
   site in this new one?
 * I had looked into modifying my htaccess file, but when I did, I would get the
   message: Too many redirects. I checked memory and upped to 80mb. But with the
   same result. My current htaccess:
 *     ```
       # BEGIN WordPress
       RewriteCond %{SERVER_PORT} !=443
       RewriteRule .* https://%{HTTP_HOST}/$1 [R=301,L]
       # END WordPress
       ```
   
 * I was forcing SSL on Admin and Login, but the Admin pages would display as insecure.(
   Although in general settings I am set to https:)
 * I noticed the plugins causing some breaks, and I am looking to find the code 
   that is offending …
 * Thanks so much for your reply. I think I should find a solution one way or the
   other with your suggestions =).
 * Much appreciated. Sometimes you are just staring at it too long and not able 
   to see some of the potential problem areas to perhaps consider. Thanks again!
 *  Thread Starter [billibones](https://wordpress.org/support/users/billibones/)
 * (@billibones)
 * [13 years, 4 months ago](https://wordpress.org/support/topic/core-changes-for-ssl/#post-3382761)
 * Just wanted to follow up with this and thank you again. As of 4am last night 
   I was finally able to get the entire site secure. A little bit of a headache 
   and some of it cryptic, but its working! lol …
 * Still have some areas I dont understand though … One of my insecure calls was
   coming from a jquery.js?ver=x.x.x (in this case 1.8.3) .. Not sure where that
   came from as I use the 1.9.x library. Didn’t look like it was from a plugin but
   from WP itself. And I could only locate it in the “cache’d”) (<– I think that’s
   what these are (folders start with strange file names like: ar\__cat, de\__cat,
   ja\_ this goes all the way into the Zh\_) files within WP (Not sure if I can 
   get rid of these, about 223 files like this all with this 1.8.3 call., and I 
   could not find the offending register of the jquery library. (ie. wp_enqueue_script)…/
   shrug…
 * Anyhow I have manually gone through and changed all of those and loaded it up
   one more time before going to bed and got all “green” locks across 4 different
   browsers. (Talk about smiling …) lol .. Anyhow I just wanted to say thank you
   again for replying back … Really helped me step away from the code for a minute
   and look over everything again.
 * Peace!
 * (FYI: Just a side note: I was able to get this site SSL compliant without the
   use of WP HTTPS and using Network Solutions Shared SSL. (I know folks have had
   issues with these guys: but it does work!))
 *  [redrocksrover2](https://wordpress.org/support/users/redrocksrover2/)
 * (@redrocksrover2)
 * [13 years, 4 months ago](https://wordpress.org/support/topic/core-changes-for-ssl/#post-3382782)
 * [@billibones](https://wordpress.org/support/users/billibones/): With regard to
   the jQuery library links, if you’re doing so, you really shouldn’t manually place
   jQuery scripts into your templates because they can **really** screw with WordPress’s
   own script management.
 * See here:
    [http://www.ericmmartin.com/5-tips-for-using-jquery-with-wordpress/](http://www.ericmmartin.com/5-tips-for-using-jquery-with-wordpress/)
 * In short: use the `wp_enqueue_script()`, `wp_deregister_script()` and `wp_register_script()`
   functions to modify and/or add your own libraries, then let WP manage the dependencies.
   This could help to solve your insecure/non-SSL calls, and it’ll be particularly
   important if you’re using plugins that rely on jQuery, too.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Core Changes for SSL’ is closed to new replies.

## Tags

 * [SSL](https://wordpress.org/support/topic-tag/ssl/)

 * In: [Hacks](https://wordpress.org/support/forum/plugins-and-hacks/hacks/)
 * 5 replies
 * 2 participants
 * Last reply from: [redrocksrover2](https://wordpress.org/support/users/redrocksrover2/)
 * Last activity: [13 years, 4 months ago](https://wordpress.org/support/topic/core-changes-for-ssl/#post-3382782)
 * Status: resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics