HTTPS-Only Mode Alert

Resolved alymcf
(@alymcf)

3 years, 10 months ago

When I typed the above URL to my site this morning I got the message:
“`HTTPS-Only Mode Alert
Secure Site Not Available
You’ve enabled HTTPS-Only Mode for enhanced security, and a HTTPS version of
http://www.mcfarlandcreativeworks.com is not available.
Learn More…..
What could be causing this?
• Most likely, the website simply does not support HTTPS.
• It’s also possible that an attacker is involved. If you decide to visit the website, you should not enter any
sensitive information like passwords, emails, or credit card details.
If you continue, HTTPS-Only Mode will be turned off temporarily for this site.`”

The URL bar in Firefox shows https://www.mcfarlandcreativeworks.com

I am able to Continue to HTTP site and it views normally.

I don’t recall seeing this error message in the past, but maybe I did? Not sure if I maybe changed some setting recently to cause this. I had been getting hacked so I paid for Werdfence Premium, Jetpack and I think I enabled SSL somewhere (but darned if I can find that now).

I similar messages in other websites with Firefox as well and it is annoying so I would like to be able to fix it on my site if I can.

The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)

George Appiah
(@gappiah)

3 years, 10 months ago
I tried your website in multiple browsers (including Firefox in HTTPS-Only Mode) on Windows 11 and Manjaro Linux… and in all cases, I was automatically redirected to the HTTPS version of the site… and it worked fine.

I enforce HTTPS (where available) on my network though.

UPDATE:

Here’s info about Firefox’s HTTPS-Only Mode and how to turn it off: https://support.mozilla.org/en-US/kb/https-only-prefs
- This reply was modified 3 years, 10 months ago by George Appiah.
Moderator threadi
(@threadi)

3 years, 10 months ago

The message “HTTPS-Only Mode Alert” is only displayed by the Firefox browser if the HTTPS-Only-Mode is activated in its normal window and you call a page without SSL. By default, this mode is (still) disabled. In the private window of the browser it is enabled by default and leads there together with another setting to an automatic redirection to the SSL web.

I.e. if you open your page without SSL in a normal Firefox window, you will not be redirected. In a private window, however, you will be redirected.
See: https://support.mozilla.org/en-US/kb/https-only-prefs

If this suddenly happens to you, it could be that some security tool on your computer has adjusted the settings of your Firefox profile accordingly.

Solution would be that you store a forwarding to the SSL web, which I would recommend anyway. Many security and SEO plugins provide a check mark for this. But you can also solve it yourself by an entry in the .htaccess file.

Thread Starter alymcf
(@alymcf)

3 years, 10 months ago

Thanks George and Threadi,
I can’t seem to find a place in Jetpack or Wordfence to force to https. Is editing htaccess the way to go then, and if so, can you point me toward a resource for editing?

Moderator threadi
(@threadi)

3 years, 10 months ago

Take a look here: https://kinsta.com/knowledgebase/redirect-http-to-https/#http-to-https-apache
Thread Starter alymcf
(@alymcf)

3 years, 10 months ago
Ha! Well when I went to login to my webhost to edit, I saw the “Enforce SSL” selection and enabled it. Hopefully that will do the trick!
Thanks,
Alyssa
- This reply was modified 3 years, 10 months ago by alymcf.
Moderator threadi
(@threadi)

3 years, 10 months ago

This is, of course, the simplest solution. When I call the page I am also redirected in a normal browser now. You can set the topic to solved if it also works for you.