Title: [Plugin: WordPress HTTPS (SSL)] Force SSL Exclusively not working on multisites
Last modified: August 20, 2016

---

# [Plugin: WordPress HTTPS (SSL)] Force SSL Exclusively not working on multisites

 *  [jessor](https://wordpress.org/support/users/jessekeys/)
 * (@jessekeys)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-force-ssl-exclusively-not-working-on-multisites/)
 * I’m using this extension to force logins via HTTPS, but want pages and posts 
   to redirect from https to http to avoid duplicate content (Force SSL Exclusively
   Setting).
 * This works on the main site, but not on additional sites.
 * Current WordPress Multisite with Domain Mappings. Everything else seems to work
   fine.
 * [http://wordpress.org/extend/plugins/wordpress-https/](http://wordpress.org/extend/plugins/wordpress-https/)

Viewing 14 replies - 1 through 14 (of 14 total)

 *  Thread Starter [jessor](https://wordpress.org/support/users/jessekeys/)
 * (@jessekeys)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-force-ssl-exclusively-not-working-on-multisites/#post-2875008)
 * This is still the case for version 3.1.1 of the plugin.
 *  Plugin Author [mvied](https://wordpress.org/support/users/mvied/)
 * (@mvied)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-force-ssl-exclusively-not-working-on-multisites/#post-2875014)
 * So you have a multi-site network where each site has it’s own Dashboard and you’ve
   gone to each site’s Dashboard and enabled that option for each site and it’s 
   not working for just your sub-sites?
 *  Thread Starter [jessor](https://wordpress.org/support/users/jessekeys/)
 * (@jessekeys)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-force-ssl-exclusively-not-working-on-multisites/#post-2875015)
 * That’s correct. This setting does not seem to have any effect on sub-sites.
 *  Plugin Author [mvied](https://wordpress.org/support/users/mvied/)
 * (@mvied)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-force-ssl-exclusively-not-working-on-multisites/#post-2875018)
 * I certainly can’t reproduce that. I’ve used the plugin on a few multisites. For
   example, here’s a sub-site using this feature and working [https://blog.wordpresshttps.com/sample-page/](https://blog.wordpresshttps.com/sample-page/).
 * Are you sure it’s not browse caching or something like that? Could you try setting
   up a fresh WP install on the same server, installing the plugin, and seeing if
   the problem persists?
 *  Thread Starter [jessor](https://wordpress.org/support/users/jessekeys/)
 * (@jessekeys)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-force-ssl-exclusively-not-working-on-multisites/#post-2875034)
 * Mhhh, it’s very tricky to debug.
 * I’m quite sure it has something to do with how WP Multisite, Domain Mappings 
   and HTTPS are playing together. Let me give you some more details on the setup:
 * Nginx:
 *     ```
       server {
           listen  80;
           listen  443 ssl;
   
           server_name blog.example.org team.example.org;
   
           ssl_certificate /etc/ssl/startssl/blog.example.org.crt;
           ssl_certificate_key /etc/ssl/startssl/blog.example.org.key;
   
           root /var/www/blog.example.org;
           index index.php;
   
           location / {
               root /var/www/blog.example.org;
               index index.php;
               try_files $uri/ $uri /index.php?q=$uri&amp&$args;
               port_in_redirect off;
           }
   
           # php via fastcgi
           location ~ \.php$ {
               fastcgi_index   index.php;
               fastcgi_intercept_errors on;
               fastcgi_param   HTTPS on;
               include         "fastcgi_params";
               fastcgi_pass    unix:/var/run/php-fastcgi.sock;
           }
   
           # wordpress permalink rewrite
           if (-f $request_filename) {
               break;
           }
   
           # uploaded files -> wp-includes/ms-files.php
           rewrite /files/$ /index.php last;
   
           if ($uri !~ wp-content/plugins) {
               rewrite /files/(.+)$ /wp-includes/ms-files.php?file=$1 last;
           }
       }
       ```
   
 * Relevant entries in wp-config.php:
 *     ```
       define('FORCE_SSL_ADMIN', true);
       define('FORCE_SSL_LOGIN', true);
       define('WPLANG', '');
       define('WP_DEBUG', false);
       define('WP_ALLOW_MULTISITE', true);
       define('MULTISITE', true);
       define('SUBDOMAIN_INSTALL', true);
       define('DOMAIN_CURRENT_SITE', 'blog.example.org');
       define('PATH_CURRENT_SITE', '/');
       define('SITE_ID_CURRENT_SITE', 1);
       define('BLOG_ID_CURRENT_SITE', 1);
       define('SUNRISE', true);
       ```
   
 * WP HTTPS Config in blog.example.org: [http://imgur.com/wV4CO](http://imgur.com/wV4CO)
   
   WP HTTPS Config in team.blog.example.org: [http://imgur.com/VImRw](http://imgur.com/VImRw)
 * Activated in Domain Mapping Settings:
 * > [X] User domain mapping page, [X] Redirect administration pages to site’s original
   > domain (remote login disabled if this redirect is disabled)
 * Primary Domain for the team.blog.example.org subsite is team.example.org
 * So, with this setup, everything works fine. The subsite dashboard redirects to
   [https://team.blog.example.org/wp-admin/](https://team.blog.example.org/wp-admin/)
   like it should, too. The only thing not working is this:
 * > curl -I -k “[https://team.example.org/2012/07/01/test-foo/&#8221](https://team.example.org/2012/07/01/test-foo/&#8221);
   > 
   > HTTP/1.1 200 OK Date: Fri, 20 Jul 2012 08:27:45 GMT Content-Type: text/html;
   > charset=UTF-8 Connection: keep-alive Vary: Accept-Encoding X-Pingback: [https://team.example.org/xmlrpc.php](https://team.example.org/xmlrpc.php)
   > Set-Cookie: redirect_count=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; 
   > path=/ Link: <[https://team.example.org/?p=2544&gt](https://team.example.org/?p=2544&gt);;
   > rel=shortlink
 * where it should redirect like on the parent blog.example.org.
 * I hope this narrows it down a bit?
 *  Plugin Author [mvied](https://wordpress.org/support/users/mvied/)
 * (@mvied)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-force-ssl-exclusively-not-working-on-multisites/#post-2875039)
 * Not really, that’s just confusing.
 * You mentioned blog.example.org and team.blog.example.org in all your screenshots,
   and then you make a cURL request to `https://team.example.org/2012/07/01/test-
   foo`.
 * What?
 *  Thread Starter [jessor](https://wordpress.org/support/users/jessekeys/)
 * (@jessekeys)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-force-ssl-exclusively-not-working-on-multisites/#post-2875040)
 * That’s the domain mapping working.
 * >  Primary Domain for the team.blog.example.org subsite is team.example.org
 *  Plugin Author [mvied](https://wordpress.org/support/users/mvied/)
 * (@mvied)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-force-ssl-exclusively-not-working-on-multisites/#post-2875041)
 * When you’re using an SSL Host that doesn’t match your Site URL, the code never
   verifies that you’re hitting the site over HTTPS from that host. It assumes that
   if your SSL Host doesn’t match your Site URL, there’s probably only one URL you
   can hit that site securely with, so it doesn’t bother verifying. If you’re SSL
   Host doesn’t match your Site URL and the page is HTTPS, you’re good to go. No
   redirect.
 * I’m guessing `http://team.example.org/2012/07/01/test-foo/` works as intended?
 * I could add in a check pretty easily, but to date there’s never been a reason
   to.
 *  Thread Starter [jessor](https://wordpress.org/support/users/jessekeys/)
 * (@jessekeys)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-force-ssl-exclusively-not-working-on-multisites/#post-2875042)
 * Yeah, that sounds about right.
 * I think our setup here is not _that_ unreasonable so supporting this usecase 
   should make sense. WP Multisite plus Domain Mapping is tricky enough like it 
   is 😉
 * Thanks!
 *  [pescadito01](https://wordpress.org/support/users/pescadito01/)
 * (@pescadito01)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-force-ssl-exclusively-not-working-on-multisites/#post-2875043)
 * please, say to this newbie how to setup the plugin in multisite domain mapping:
 * a) is recomended enable the plugin to all the network or
 * b) is nedded to enable the plugin in each subsite??
 * best regards, pescadito
 *  Plugin Author [mvied](https://wordpress.org/support/users/mvied/)
 * (@mvied)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-force-ssl-exclusively-not-working-on-multisites/#post-2875044)
 * I’ve never really used the Domain Mapping plugin. In the current version, the
   plugin is not running its installation process for each subsite when you do a
   Network Activate. This will be fixed in the next release. It will be out within
   a week if you’d like to wait.
 *  Thread Starter [jessor](https://wordpress.org/support/users/jessekeys/)
 * (@jessekeys)
 * [13 years, 9 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-force-ssl-exclusively-not-working-on-multisites/#post-2875067)
 * Mvied, I see you committed some changes to the plugin repository already. Are
   you running trunk (3.2) on a production site already? I’d like to upgrade 😉
 *  [plugins_lexblog](https://wordpress.org/support/users/plugins_lexblog/)
 * (@plugins_lexblog)
 * [13 years, 5 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-force-ssl-exclusively-not-working-on-multisites/#post-2875088)
 * We are having the same issue. We’re on Apache and we have the most current version
   of this plugin. It’s still redirecting when we try and login via the admin between
   the domain and sub-domain and the login fails. So if a fix was leveraged, it’s
   not working with the most recent version of Domain Mapping on 3.4.2.
 *  [gufranchorghay](https://wordpress.org/support/users/gufranchorghay/)
 * (@gufranchorghay)
 * [13 years, 4 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-force-ssl-exclusively-not-working-on-multisites/#post-2875096)
 * In my secured (SSL) site (after using WordPress HTTPS SSL plugin)
    every page
   works fine but,
 * In footer I had given:
 * Designer: [http://www.designersite.com](http://www.designersite.com)
    on click
   it goes to [https://www.designersite.com](https://www.designersite.com)
 * ie. HTTP TO HTTPS
 * Please help?

Viewing 14 replies - 1 through 14 (of 14 total)

The topic ‘[Plugin: WordPress HTTPS (SSL)] Force SSL Exclusively not working on 
multisites’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/wordpress-https_bec2c9.svg)
 * [WordPress HTTPS (SSL)](https://wordpress.org/plugins/wordpress-https/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordpress-https/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordpress-https/)
 * [Active Topics](https://wordpress.org/support/plugin/wordpress-https/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordpress-https/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordpress-https/reviews/)

## Tags

 * [multisite](https://wordpress.org/support/topic-tag/multisite/)

 * 14 replies
 * 5 participants
 * Last reply from: [gufranchorghay](https://wordpress.org/support/users/gufranchorghay/)
 * Last activity: [13 years, 4 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-force-ssl-exclusively-not-working-on-multisites/#post-2875096)
 * Status: not resolved