Title: [Plugin: WordPress HTTPS (SSL)] HTTPS when logged in HTTP when not
Last modified: August 20, 2016

---

# [Plugin: WordPress HTTPS (SSL)] HTTPS when logged in HTTP when not

 *  [Ian Anderson Gray](https://wordpress.org/support/users/baritoneuk/)
 * (@baritoneuk)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-https-when-logged-in-http-when-not/)
 * I have “Force SSL Administration” switched on which works really well to force
   SSL for the WP dashboard.
 * However I want to force SSL when logged in (pages, posts and admin) and to redirect
   to HTTP when not logged in (except for pages marked as SSL). I don’t really want
   two versions of the site (SSL and non-SSL) to be available. Just SSL for logged
   in and non-SSL if you’re not logged in.
 * I’m finding that if someone logs in on HTTP they get redirect to HTTPS and they’re
   not logged in anymore. I don’t know whether there could be some incompatibility
   with the “Theme My Login” plugin? I am redirecting subscriber users to a “members
   page” on the website once they log in- they never see the WP dashboard.
 * Thanks.
 * [http://wordpress.org/extend/plugins/wordpress-https/](http://wordpress.org/extend/plugins/wordpress-https/)

Viewing 5 replies - 1 through 5 (of 5 total)

 *  Plugin Author [mvied](https://wordpress.org/support/users/mvied/)
 * (@mvied)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-https-when-logged-in-http-when-not/#post-2893988)
 * What are your Site URL and SSL Host? What other settings do you have enabled?
 *  Thread Starter [Ian Anderson Gray](https://wordpress.org/support/users/baritoneuk/)
 * (@baritoneuk)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-https-when-logged-in-http-when-not/#post-2893996)
 * I’d rather not list the URL at the moment as the site hasn’t gone live yet.
 * It’s difficult to know what settings you might need for this. I’ve built a custom
   theme built on the Roots theme.
 * Could you tell me what is supposed to happen with WordPress HTTPS? It looks like
   it doesn’t do what I want to do out of the box.
 * For the time being I’ve created my own work around by adding the following to
   my functions.php file:
 *     ```
       $https_URL = "https://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
        $http_URL  = "http://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
   
       if((strpos($_SERVER["REQUEST_URI"],"/login/") !== FALSE OR strpos($_SERVER["REQUEST_URI"],"/contact/") !== FALSE) && $_SERVER["HTTPS"] != "on") {
               header("Location: $https_URL",TRUE,301);
               exit();
       }
   
        // This forces logged in users to use HTTPS
       if (is_user_logged_in() && $_SERVER["HTTPS"] != "on"){
               $newurl = "https://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
               header("Location: $https_URL");
               exit();
       }
   
        // Forces not logged in users to use HTTPS (except for certain pages)
       if (!is_user_logged_in() && $_SERVER["HTTPS"] == "on" && strpos($_SERVER["REQUEST_URI"],"/login/") === FALSE && strpos($_SERVER["REQUEST_URI"],"/contact/") === FALSE){
               header("Location: $http_URL",TRUE,301);
               exit();
       }
       ```
   
 * It’s a bit of a hack, but it works. I’d far rather use the WordPress HTTPS plugin.
 * Thanks!
 *  Plugin Author [mvied](https://wordpress.org/support/users/mvied/)
 * (@mvied)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-https-when-logged-in-http-when-not/#post-2894012)
 * Force SSL Exclusively does exactly what it describes. Anything not forced to 
   be HTTPS will be redirected to HTTP.
 * If your SSL Host does not match your Site URL, it will not be possible to log
   into both HTTPS and HTTP at the same time. That’s why I asked.
 *  Thread Starter [Ian Anderson Gray](https://wordpress.org/support/users/baritoneuk/)
 * (@baritoneuk)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-https-when-logged-in-http-when-not/#post-2894040)
 * I’m not sure how the plugin implements redirection- do you rewrite links from
   http:// to https:// and vice versa? If so, I am wondering whether it is the Roots
   Theme that is causing the issues. Roots makes all links site relative. This might
   mean that the HTTPS plugin won’t work.
 *  Plugin Author [mvied](https://wordpress.org/support/users/mvied/)
 * (@mvied)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-https-when-logged-in-http-when-not/#post-2894054)
 * Impossible to say without looking at it myself, really. It could be anything.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘[Plugin: WordPress HTTPS (SSL)] HTTPS when logged in HTTP when not’ is
closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/wordpress-https_bec2c9.svg)
 * [WordPress HTTPS (SSL)](https://wordpress.org/plugins/wordpress-https/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordpress-https/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordpress-https/)
 * [Active Topics](https://wordpress.org/support/plugin/wordpress-https/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordpress-https/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordpress-https/reviews/)

## Tags

 * [HTTP](https://wordpress.org/support/topic-tag/http/)
 * [HTTPS](https://wordpress.org/support/topic-tag/https/)
 * [login](https://wordpress.org/support/topic-tag/login/)
 * [SSL](https://wordpress.org/support/topic-tag/ssl/)

 * 5 replies
 * 2 participants
 * Last reply from: [mvied](https://wordpress.org/support/users/mvied/)
 * Last activity: [13 years, 10 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-https-when-logged-in-http-when-not/#post-2894054)
 * Status: not resolved