Title: Issue with update code and HTTPS redirect
Last modified: August 21, 2016

---

# Issue with update code and HTTPS redirect

 *  [ls5302](https://wordpress.org/support/users/ls5302/)
 * (@ls5302)
 * [12 years, 2 months ago](https://wordpress.org/support/topic/issue-with-update-code-and-https-redirect/)
 * There appears to be an issue with the code that updates from bwps_enable_ssl 
   to itsec_enable_ssl meta_key.
 * I noticed this because pages which were previously forced to SSL stopped being
   redirected. The code I believe is at fault is in ssl_redirect method of the ITSEC_SSL
   class.
 *     ```
       $bwps_ssl    = get_post_meta( $post->ID, 'bwps_enable_ssl', true );
   
       if ( $bwps_ssl == true ) {
       	delete_post_meta( $post->ID, 'bwps_enable_ssl' );
       	update_post_meta( $post->ID, 'itsec_enable_ssl', true );
       } elseif ( $bwps_ssl == false ) {
       	delete_post_meta( $post->ID, 'bwps_enable_ssl' );
       	update_post_meta( $post->ID, 'itsec_enable_ssl', false );
       }
       ```
   
 * I think the issue is caused because get_post_meta returns an empty string when
   the ‘bwps_enable_ssl’ meta_key does not exist. When compared with ==, an empty
   string evaluates to false, and thus itsec_enable_ssl is set to empty in the database.
   Adding an explicit test for an empty string ( ” != $bwps_ssl ) would fix this.
 * I also think, the upgrade code may be “bad” because the first time a legacy HTTPS
   page is viewed it is does not redirect to HTTPS. Moving the code from line 54
   to 68 would fix this issue.
 * [https://wordpress.org/plugins/better-wp-security/](https://wordpress.org/plugins/better-wp-security/)

Viewing 15 replies - 1 through 15 (of 15 total)

 *  Thread Starter [ls5302](https://wordpress.org/support/users/ls5302/)
 * (@ls5302)
 * [12 years, 2 months ago](https://wordpress.org/support/topic/issue-with-update-code-and-https-redirect/#post-4743119)
 * This revised code appears to work for me…
 *     ```
       $bwps_ssl = get_post_meta( $post->ID, 'bwps_enable_ssl', true );
   
       if ( $bwps_ssl == true ) {
   
       	delete_post_meta( $post->ID, 'bwps_enable_ssl' );
       	update_post_meta( $post->ID, 'itsec_enable_ssl', true );
   
       } elseif ( '' != $bwps_ssl && $bwps_ssl == false ) {
   
       	delete_post_meta( $post->ID, 'bwps_enable_ssl' );
       	update_post_meta( $post->ID, 'itsec_enable_ssl', false );
   
       }
   
       $require_ssl = get_post_meta( $post->ID, 'itsec_enable_ssl', true );
       ```
   
 *  [wpdv](https://wordpress.org/support/users/wpdv/)
 * (@wpdv)
 * [12 years, 2 months ago](https://wordpress.org/support/topic/issue-with-update-code-and-https-redirect/#post-4743283)
 * WoW! Have you heard anything from the developer re your suggested fix?
 *  [wpdv](https://wordpress.org/support/users/wpdv/)
 * (@wpdv)
 * [12 years, 2 months ago](https://wordpress.org/support/topic/issue-with-update-code-and-https-redirect/#post-4743285)
 * I cannot find the better-wp-secuity or ithemes in my plugins folder thru ftp.
   It’s there when viewed and setup in my wp dashboard. Very strange. I thought 
   I had fixed it with your code above, however, I updated the wrong site. So, I
   deleted iThemes from my WP dashboard and reinstalled and it is still not in my
   plugins folder. I have refreshed and have hidden folders showing. Any suggestions
   where else this plugin might be located? I do see an iThemes folder in my uploads
   folder, but that is it.
 *  [wpdv](https://wordpress.org/support/users/wpdv/)
 * (@wpdv)
 * [12 years, 2 months ago](https://wordpress.org/support/topic/issue-with-update-code-and-https-redirect/#post-4743286)
 * This first line of code was already existing within the class-itsec-ssl file **`
   $require_ssl = get_post_meta( $post->ID, 'itsec_enable_ssl', true );`** … I see
   you have added it to the bottom of your suggested code. Should this first instance
   be deleted or kept? Thanks!
 *     ```
       $require_ssl = get_post_meta( $post->ID, 'itsec_enable_ssl', true );
       			$bwps_ssl = get_post_meta( $post->ID, 'bwps_enable_ssl', true );
   
       if ( $bwps_ssl == true ) {
   
       	delete_post_meta( $post->ID, 'bwps_enable_ssl' );
       	update_post_meta( $post->ID, 'itsec_enable_ssl', true );
   
       } elseif ( '' != $bwps_ssl && $bwps_ssl == false ) {
   
       	delete_post_meta( $post->ID, 'bwps_enable_ssl' );
       	update_post_meta( $post->ID, 'itsec_enable_ssl', false );
   
       }
   
       $require_ssl = get_post_meta( $post->ID, 'itsec_enable_ssl', true );
       ```
   
 *  [wpdv](https://wordpress.org/support/users/wpdv/)
 * (@wpdv)
 * [12 years, 2 months ago](https://wordpress.org/support/topic/issue-with-update-code-and-https-redirect/#post-4743287)
 * I left the aforementioned original line of code intact and now everything appears
   to be working exactly as it should. Thank you very much for your suggestion!
 *  Thread Starter [ls5302](https://wordpress.org/support/users/ls5302/)
 * (@ls5302)
 * [12 years, 2 months ago](https://wordpress.org/support/topic/issue-with-update-code-and-https-redirect/#post-4743295)
 * I’m pleased it has helped.
 * I moved the itsec_enable_ssl get_post_meta function call because otherwise the
   first time the code is used to display an SSL page it will not be redirect to
   use HTTPS. This only happens once, and occurs because the meta key used to decide
   if to show the page securely does not exist until it has been converted by the
   subsequent code. By retrieving the “new” metadata after the conversion it should
   also perform as expected during the first get request.
 * PS I have not heard anything from iThemes. 🙁
 *  [Nando_lavras](https://wordpress.org/support/users/nando_lavras/)
 * (@nando_lavras)
 * [12 years, 2 months ago](https://wordpress.org/support/topic/issue-with-update-code-and-https-redirect/#post-4743298)
 * I’ve tried the modification, but my “Enable SSL” checkbox keeps disabling right
   after i visit the “ssl enabled” page, these occour when i try in the “Per Content”
   mode…..
 * Thanks in advance.
 * EDIT: Sorry, your code works!!! I’ve not see a little change in the middle of
   the code, after change this part too all it’s working as expect.
 * Thanks a lot!!!!
 *  [wpdv](https://wordpress.org/support/users/wpdv/)
 * (@wpdv)
 * [12 years, 2 months ago](https://wordpress.org/support/topic/issue-with-update-code-and-https-redirect/#post-4743299)
 * I just removed the original extra line of code I left in there and everything
   is still working. Thank you very, very much for all of your help!
 *  Thread Starter [ls5302](https://wordpress.org/support/users/ls5302/)
 * (@ls5302)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/issue-with-update-code-and-https-redirect/#post-4743313)
 * Just updated to 4.0.8 and the original problem persists… but fortunately my revised
   code still works. Just replace lines 54 to 67 in modules/free/ssl/class-itsec-
   ssl.php with [above ](https://wordpress.org/support/topic/issue-with-update-code-and-https-redirect/?output_format=md#post-5381265)
   code.
 *  [Nando_lavras](https://wordpress.org/support/users/nando_lavras/)
 * (@nando_lavras)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/issue-with-update-code-and-https-redirect/#post-4743314)
 * Oh great! New update and the problem persists…. unbelivable! So many problems
   that they do not know what to fix first
 *  [mfaulk](https://wordpress.org/support/users/mfaulk/)
 * (@mfaulk)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/issue-with-update-code-and-https-redirect/#post-4743316)
 * I had the same issues, and using ls5302’s fix has worked for the time being.
 *  [Nando_lavras](https://wordpress.org/support/users/nando_lavras/)
 * (@nando_lavras)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/issue-with-update-code-and-https-redirect/#post-4743317)
 * HTTPS issue solved in 4.0.10…
 * But…. After update to 4.0.10 my google authenticator plugin not work anymore…
   in the admin login screen there should be a third field to enter the code from
   google authenticator after this update the field simply disappeared and now I’m
   going straight with only username and password….
 * Damm…. New bug!
 *  Thread Starter [ls5302](https://wordpress.org/support/users/ls5302/)
 * (@ls5302)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/issue-with-update-code-and-https-redirect/#post-4743319)
 * Official fix is in v4.0.10.
 * Code is still a bit sloppy IMHO. On the face of it the elseif could be just an
   else. However, the code makes repeated calls to delete post metadata which doesn’t
   exist after the initial update. This happens for every single non-SSL page.
 * Checking $bwps_ssl is not an empty string rather then not equal to 1 in the elseif
   would avoid this.
 * From WP Docs:
 * >  If there is nothing to return the function will return an empty array unless
   > $single has been set to true, in which case **an empty string is returned**.
 *  [respectyoda](https://wordpress.org/support/users/respectyoda/)
 * (@respectyoda)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/issue-with-update-code-and-https-redirect/#post-4743321)
 * ls5302, I have a question. If I set the option in Better WPS for the backend 
   to be served under HTTPS, but later I decide to not have it be served under HTTPS,
   how can I ensure that the backend will be served under plain HTTP? I deleted 
   this from wp-config.php just to make sure:
 *     ```
       define('FORCE_SSL_ADMIN', true);
       ```
   
 * But the backend is still served under HTTPS.
 *  [verhijden](https://wordpress.org/support/users/verhijden/)
 * (@verhijden)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/issue-with-update-code-and-https-redirect/#post-4743341)
 * I still have have the problem in V4.1.5.
 * I can not set the SSL flag in pages…. ;-(

Viewing 15 replies - 1 through 15 (of 15 total)

The topic ‘Issue with update code and HTTPS redirect’ is closed to new replies.

 * ![](https://ps.w.org/better-wp-security/assets/icon.svg?rev=3529351)
 * [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection](https://wordpress.org/plugins/better-wp-security/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/better-wp-security/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/better-wp-security/)
 * [Active Topics](https://wordpress.org/support/plugin/better-wp-security/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/better-wp-security/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/better-wp-security/reviews/)

 * 15 replies
 * 6 participants
 * Last reply from: [verhijden](https://wordpress.org/support/users/verhijden/)
 * Last activity: [12 years, 1 month ago](https://wordpress.org/support/topic/issue-with-update-code-and-https-redirect/#post-4743341)
 * Status: not resolved