Title: [Plugin: WordPress HTTPS] HTTPS partially secure Last modified: August 19, 2016 --- # [Plugin: WordPress HTTPS] HTTPS partially secure * Resolved [Mr.Harmlos](https://wordpress.org/support/users/mrharmlos/) * (@mrharmlos) * [15 years, 4 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-https-partially-secure-2/) * In the header.php of my template firebug tells me it gets “[http://”](http://”); answeres and that makes my WP partially secure … (own CA with own SSL cert imported CA in the right places and works) * theses are the rotten eggs in the header.php of my template: * * and * ” /> * get_stylesheet_uri is in general_template.php —> * ``` function get_bloginfo( $show = '', $filter = 'raw' ) { case 'stylesheet_url': $output = get_stylesheet_uri(); break;} ``` * themes.php : * ``` function get_stylesheet_uri() { $stylesheet_dir_uri = get_stylesheet_directory_uri(); $stylesheet_uri = $stylesheet_dir_uri . "/style.css"; return apply_filters('stylesheet_uri', $stylesheet_uri, $stylesheet_dir_uri); } ``` * My Php is beginner ^^ So where is what broken and how to fix 😀 * greets and thanks for your plugin btw 😉 Viewing 11 replies - 1 through 11 (of 11 total) * [hedronist](https://wordpress.org/support/users/hedronist/) * (@hedronist) * [15 years, 4 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-https-partially-secure-2/#post-1876711) * You are not alone. Checkout this plugin: [WordPress HTTPS](http://wordpress.org/extend/plugins/wordpress-https/). * Thread Starter [Mr.Harmlos](https://wordpress.org/support/users/mrharmlos/) * (@mrharmlos) * [15 years, 4 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-https-partially-secure-2/#post-1876794) * uhm how do i say this … hedronist did you notice the tag in the post title 😉 * Plugin Author [mvied](https://wordpress.org/support/users/mvied/) * (@mvied) * [15 years, 4 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-https-partially-secure-2/#post-1876818) * Mr.Harmlos, what he’s saying is that the plugin should fix what you’re pointing out. If not, your settings aren’t correct, or there’s a bug. * What is your website? What settings do you have enabled? * Thanks, Mike * Thread Starter [Mr.Harmlos](https://wordpress.org/support/users/mrharmlos/) * (@mrharmlos) * [15 years, 4 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-https-partially-secure-2/#post-1876849) * Hi Thx for your care 😉 * Website is local atm … Basic WordPress 3.04 * Plugins: * nginx Compatibility (PHP5) WordPress HTTPS * Template is a modded witheboard [http://whiteboardframework.com/](http://whiteboardframework.com/) * As i understand the Template css location is called by internal code in WordPress… and jquery too … If i click on a post it is a http link too … * If i change WordPress address (URL) Site address (URL) to https (the brute version) the website is secure … * I dont understand code good enought to solve this … * any idea ? * Plugin Author [mvied](https://wordpress.org/support/users/mvied/) * (@mvied) * [15 years, 4 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-https-partially-secure-2/#post-1876852) * You don’t need code to resolve this, like I said, my plugin should be fixing them. That’s the primary purpose of the plugin, and if it’s not working, there’s a problem. The plugin uses output buffering to modify the rendered source code AFTER WordPress generates the HTML that the end-user would see. WordPress HTTPS scans through the code and makes the proper modifications to make sure elements and links are HTTPS if they need to be. * What settings do you have enabled? * Thanks, Mike * Thread Starter [Mr.Harmlos](https://wordpress.org/support/users/mrharmlos/) * (@mrharmlos) * [15 years, 4 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-https-partially-secure-2/#post-1876853) * Internal HTTPS Elements – on External HTTPS Elements – on * The rest off … * Bypass External Check doesnt changes things … * i used firebug in mozilla to track the non https parts … * and that would be … as in the first post mentioned : * = [http://domain/wp/wp-includes/js/jquery/jquery.js?ver=1.4.2](http://domain/wp/wp-includes/js/jquery/jquery.js?ver=1.4.2) * and = [http://domain/wp/wp-content/themes/whiteboard/whiteboard/style.css](http://domain/wp/wp-content/themes/whiteboard/whiteboard/style.css) * nging config for SSL * ``` server { listen 443 ssl rcvbuf=64k backlog=128; server_name x; charset utf-8; ssl on; ssl_certificate x:/x/x/ssl.crt; ssl_certificate_key x:/x/x/ssl.pem; ssl_session_timeout 2m; ssl_protocols SSLv3;# TLSv1; ssl_ciphers HIGH:!ADH:!MD5; ssl_prefer_server_ciphers on; location ~ \.php$ { root html; fastcgi_param HTTPS true; try_files $uri /er/404.html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME x:/x/nginx/html$fastcgi_script_name; } location / { root html; index index.html index.php index.htm; } ``` * no rewrite rules … * WordPress runs on mysql php is newest stable …. * Everything pretty much standard … * ill try the standard template … same problem the css file is not https .. * in my template there are 2 backgroundpictures and their not https too * [http://wordpress.pastebin.com/5jAsjaGt](http://wordpress.pastebin.com/5jAsjaGt)– The header.php … * its a private Blog so it doesnt matter that much but … i mean it should work …. and i like things that work ^^ * greets * [jackaperkins](https://wordpress.org/support/users/jackaperkins/) * (@jackaperkins) * [14 years, 10 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-https-partially-secure-2/#post-1876975) * Like others I found partial success with the HTTPS wordpress plugin, but my style sheets and other header links were wrong. I have [http://mydomain](http://mydomain) and [https://passthroughssl.differentdomain](https://passthroughssl.differentdomain), so my linked style sheets ended up with HTTPS of the first url, as it’s the site url. * Try the three lines of php in your wp-config.php file here: * Plugin Author [mvied](https://wordpress.org/support/users/mvied/) * (@mvied) * [14 years, 10 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-https-partially-secure-2/#post-1876976) * Hey jackaperkins, * If you’re having problems with the plugin, please start a support topic. * Thanks, Mike * Thread Starter [Mr.Harmlos](https://wordpress.org/support/users/mrharmlos/) * (@mrharmlos) * [14 years, 9 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-https-partially-secure-2/#post-1876978) * The problem is still peresistent …. and not resolved but ignored … * Thread Starter [Mr.Harmlos](https://wordpress.org/support/users/mrharmlos/) * (@mrharmlos) * [14 years, 9 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-https-partially-secure-2/#post-1876979) * While digging around in the problem * i added the priority 1 to all of your filters … didnt help ..^^ * i found * ``` // If URL matches home_url, but lacks www, add www // if ( strpos(get_option('home'), '://www.') !== false && strpos($url, '://www.') === false && parse_url($url, PHP_URL_HOST) != NULL ) { // $url_host = parse_url($url, PHP_URL_HOST); // $url_host_www = 'www.' . $url_host; // if ( strpos(get_option('home'), $url_host_www) !== false ) { // $string = str_replace($url_host, $url_host_www, $string); // } // } ``` * since i use no-ip.org and the free version doesnt allow www dns i deactivated the option … checkbox optionable for others maybe ? * looked into the devtools errors again …. * [blocked] The page at [https://domain/](https://domain/) ran insecure content from [http://domain/wp-content/themes/whiteboard/whiteboard/style.css](http://domain/wp-content/themes/whiteboard/whiteboard/style.css). [ blocked] The page at [https://domain/](https://domain/) ran insecure content from [http://domain/wp-includes/js/l10n.js?ver=20101110](http://domain/wp-includes/js/l10n.js?ver=20101110).[ blocked] The page at [https://domain/](https://domain/) ran insecure content from [http://domain/wp-includes/js/jquery/jquery.js?ver=1.6.1](http://domain/wp-includes/js/jquery/jquery.js?ver=1.6.1).[ blocked] The page at [https://domain/](https://domain/) ran insecure content from [http://domainhttps/?ver=3.2.1](http://domainhttps/?ver=3.2.1). [blocked] The page at [https://domain/](https://domain/) ran insecure content from [http://platform.twitter.com/anywhere.js?id=xxxxxxxxxx&v=1](http://platform.twitter.com/anywhere.js?id=xxxxxxxxxx&v=1).[ blocked] The page at [https://domain/](https://domain/) ran insecure content from [http://domain/index.php?ak_action=aktt_css&v=2.4](http://domain/index.php?ak_action=aktt_css&v=2.4).[ blocked] The page at [https://domain/](https://domain/) ran insecure content from [http://domain/index.php?ak_action=aktt_js&v=2.4](http://domain/index.php?ak_action=aktt_js&v=2.4).[ blocked] The page at [https://domain/](https://domain/) ran insecure content from [http://domain/wp-content/plugins/wp-syntax/wp-syntax.css](http://domain/wp-content/plugins/wp-syntax/wp-syntax.css). * This seems not normal [ [http://domainhttps/?ver=3.2.1](http://domainhttps/?ver=3.2.1).] * So as it seems to me like * function bloginfo didnt do anything … * and may be the non existing www messes up the regexp filter … * … * Plugin Author [mvied](https://wordpress.org/support/users/mvied/) * (@mvied) * [14 years, 9 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-https-partially-secure-2/#post-1876980) * Mr.Harmlos, * I took a hiatus from the plugin, but have been back for a couple of months now. I marked it resolved since it was so old. * Commenting out that section really won’t have any affect no matter what your domain is. If your home_url has www in it and the URL given to that method matches the domain, but lacks www, it adds it so that it is properly rewritten by this line: `$string = str_replace($this->http_url, $this->https_url, $string);` * The plugin does _not_ rely on filters to fix the source, it uses output buffering. The filters are there to help, but are not what fixes most of the insecure content issues. * It’s more likely that, for some reason, the output buffering is not working correctly, or you have WordPress set up in an unusual way. Either way, I’m not going to be able to help without seeing the website since everything you’re showing me should be fixed by the plugin already. * Thanks, Mike Viewing 11 replies - 1 through 11 (of 11 total) The topic ‘[Plugin: WordPress HTTPS] HTTPS partially secure’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/wordpress-https_bec2c9.svg) * [WordPress HTTPS (SSL)](https://wordpress.org/plugins/wordpress-https/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordpress-https/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordpress-https/) * [Active Topics](https://wordpress.org/support/plugin/wordpress-https/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordpress-https/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordpress-https/reviews/) * 11 replies * 4 participants * Last reply from: [mvied](https://wordpress.org/support/users/mvied/) * Last activity: [14 years, 9 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-https-partially-secure-2/#post-1876980) * Status: resolved