Title: [Plugin: WordPress HTTPS (SSL)] Minor Bug in Plugin Version 3.0.1
Last modified: August 20, 2016

---

# [Plugin: WordPress HTTPS (SSL)] Minor Bug in Plugin Version 3.0.1

 *  [Fred Chapman](https://wordpress.org/support/users/fwchapman/)
 * (@fwchapman)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-minor-bug-in-plugin-version-301/)
 * Dear Mike,
 * I’m having a minor problem with Version 3.0.1 of the plugin on websites with 
   shared hosting and a shared SSL certificate. After I log out, the “Back to …”
   link goes to the home page using HTTPS instead of HTTP. This is the default behavior
   for WordPress on all my sites with shared SSL. This causes real problems because
   the shared SSL certificate is for the hosting company’s server, not for the website’s
   domain name.
 * Version 2.0.4 of the plugin uses HTTP for the “Back to …” link, which is exactly
   what I want. In fact, the only reason I use the plugin on sites with a shared
   SLL certificate is so that the “Back to …” link will work. Of course, the plugin
   is even more useful on sites with a dedicated SSL certificate, and I love it 
   for that!
 * Here’s what I use in **Settings > General** on websites with shared hosting and
   a shared SSL certificate:
 * **WordPress Address (URL)**
 *     ```
       https://SERVER_NAME.HOSTING_COMPANY.com/~USERNAME
       ```
   
 * **Site Address (URL)**
 *     ```
       http://www.SITE_DOMAIN.com
       ```
   
 * This is what I have to do to make the login secure on sites with shared SSL. 
   Securing the login is much easier on sites with a dedicated SSL certificate.
 * Thanks for your help,
 * Fred Chapman
 * [http://wordpress.org/extend/plugins/wordpress-https/](http://wordpress.org/extend/plugins/wordpress-https/)

Viewing 13 replies - 1 through 13 (of 13 total)

 *  Thread Starter [Fred Chapman](https://wordpress.org/support/users/fwchapman/)
 * (@fwchapman)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-minor-bug-in-plugin-version-301/#post-2697067)
 * P.S. I just confirmed that even on a site with a dedicated SSL certificate, the“
   Back to …” link on the login page uses HTTPS in Version 3.0.1 and HTTP in Version
   2.0.4. Apparently the issue has to do with the plugin upgrade, not shared vs.
   dedicated SSL certificates.
 *  Thread Starter [Fred Chapman](https://wordpress.org/support/users/fwchapman/)
 * (@fwchapman)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-minor-bug-in-plugin-version-301/#post-2697074)
 * P.P.S. At this point, I’m not sure what’s happening on sites with a dedicated
   SSL certificate, because Version 3.0.1 of the plugin generates this error message:
 * > **Fatal error**: Allowed memory size of 134217728 bytes exhausted (tried to
   > allocate 450401856 bytes) in **Unknown** on line 0
 *  Plugin Author [mvied](https://wordpress.org/support/users/mvied/)
 * (@mvied)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-minor-bug-in-plugin-version-301/#post-2697082)
 * Hey fwchapman,
 * No, that doesn’t happen to everyone using dedicated SSL certificates. It doesn’t
   happen to me, otherwise I’d fix it. 😉
 * If you enable Force SSL Exclusively and the front page isn’t secure, it should
   revert to HTTP. If not, I’ll look into it.
 * Thanks,
    Mike
 *  Thread Starter [Fred Chapman](https://wordpress.org/support/users/fwchapman/)
 * (@fwchapman)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-minor-bug-in-plugin-version-301/#post-2697091)
 * Okay, I just found a better way to configure my settings on sites with a shared
   SSL certificate:
 * **Settings > General > WordPress Address (URL)**
 *     ```
       http://SERVER_NAME.HOSTING_COMPANY.com/~USERNAME
       ```
   
 * **Settings > General > Site Address (URL)**
 *     ```
       http://www.SITE_DOMAIN.com
       ```
   
 * **Settings > WordPress HTTPS > SSL Host**
 *     ```
       SERVER_NAME.HOSTING_COMPANY.com
       ```
   
 * The key changes from what I posted before are using HTTP instead of HTTPS in 
   the WordPress Address and entering the correct SSL Host in the plugin settings.
   I think that’s what you had in mind all along, right, Mike?
 * This solves the original problem I reported with HTTP vs. HTTPS on the “Back 
   to …” link of the login page; however, it causes a new, more serious problem:
   the Force SSL Administration option no longer forces SSL logins.
 *  Thread Starter [Fred Chapman](https://wordpress.org/support/users/fwchapman/)
 * (@fwchapman)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-minor-bug-in-plugin-version-301/#post-2697094)
 * P.S. When I use the new settings in Version 2.0.4, everything works perfectly.
 *  Plugin Author [mvied](https://wordpress.org/support/users/mvied/)
 * (@mvied)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-minor-bug-in-plugin-version-301/#post-2697117)
 * Hey Fred,
 * The Blog URL needs to be the regular, HTTP base path of the site. Site URL should
   match that. Your SSL Host should be `SERVER_NAME.HOSTING_COMPANY.com/~USERNAME`.
   If you want your entire site to be over the Shared SSL, then the Site URL should
   be changed to `https://SERVER_NAME.HOSTING_COMPANY.com/~USERNAME`.
 * If the plugin isn’t functioning correctly with the proper configuration, the 
   answer is not rig it to work, the plugin needs to be fixed. I can’t really support
   your configuration, it doesn’t make sense.
 * Thanks,
    Mike
 *  Thread Starter [Fred Chapman](https://wordpress.org/support/users/fwchapman/)
 * (@fwchapman)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-minor-bug-in-plugin-version-301/#post-2697119)
 * Hi Mike,
 * Thanks for your responses today, and for all your hard work on this plugin. This
   is the best SSL plugin I’ve found for WordPress, and I use it on all the sites
   I build for my clients.
 * When I enter this **SSL Host** in Version 3.0.1 on a site with a shared SSL certificate
 *     ```
       SERVER_NAME.HOSTING_COMPANY.com/~USERNAME
       ```
   
 * your plugin removes the `/~USERNAME` and changes it to
 *     ```
       SERVER_NAME.HOSTING_COMPANY.com
       ```
   
 * I’ll keep testing Version 3.0.1 and Version 2.0.4 and let you know what I find
   out.
 * Thanks again,
 * Fred
 *  Thread Starter [Fred Chapman](https://wordpress.org/support/users/fwchapman/)
 * (@fwchapman)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-minor-bug-in-plugin-version-301/#post-2697121)
 * **Great news!**
 * On one of my sites with a shared SSL certificate, I was able to get everything
   to work with Version 3.0.1. This site doesn’t have a custom domain name yet, 
   so I used
 *     ```
       http://SERVER_NAME.HOSTING_COMPANY.com/~USERNAME
       ```
   
 * for both the internal site path and the external site URL. So far, so good! Next,
   I’ll try Version 3.0.1 on a site with a shared SSL certificate and a custom domain
   name.
 *  Thread Starter [Fred Chapman](https://wordpress.org/support/users/fwchapman/)
 * (@fwchapman)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-minor-bug-in-plugin-version-301/#post-2697125)
 * **More test results!**
 * On another site with a shared SSL certificate and Version 3.0.1, I did everything
   as before, and everything worked. When I changed both site URLs in **General 
   Settings** from
 *     ```
       http://SERVER_NAME.HOSTING_COMPANY.com/~USERNAME
       ```
   
 * to
 *     ```
       http://www.SITE_DOMAIN.com
       ```
   
 * everything broke very badly. I lost all graphics on both the front end and the
   administrative back end. The entire site was displayed as text.
 * If I use the first (longer) form for the **WordPress Address** and the second(
   shorter) form for the **Site Address**, the entire site breaks almost as badly.
   I see some icons, but the site is still displayed mostly as text.
 * When I deactivate the plugin, everything returns to normal. The only way I can
   get everything to work with a custom domain name is to use Version 2.0.4 with
   the settings I specified four posts ago.
 * There’s a reason **General Settings** let’s you specify two different URLs: so
   that they can be different. The first URL is an internal name for administrative
   use, while the second URL is an external name for public use. I need SSL only
   for the administrative back end.
 * I have to conclude after exhaustive testing that my settings are correct. Something
   broke when the plugin went from Version 2.0.4 to the complete rewrite that is
   Version 3.0.1.
 * Can we please agree on that?
 * Thanks,
 * Fred
 *  Thread Starter [Fred Chapman](https://wordpress.org/support/users/fwchapman/)
 * (@fwchapman)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-minor-bug-in-plugin-version-301/#post-2697126)
 * **Quick Clarification**
 * Mike, I should emphasize that with a shared SSL certificate, _I don’t care about
   using SSL on the front end_. I want to use SSL _only_ on the administrative back
   end.
 * Shared SSL configurations are more complicated than dedicated SSL configurations
   because shared SSL certificates are more limited. They’re tied to the domain 
   name of the server, not the domain name of the WordPress site, which means you
   can’t use shared SSL with a custom domain name. That’s okay. I don’t want to 
   do that anyway! I just want to secure the back end.
 * To secure the back end, the domain name for the SSL host must be the same as 
   the domain name in the administrative URL for the site. Those are the only things
   that need to match, and I’ve already taken care of that.
 * The bottom line is that the configuration needed to secure the back end with 
   shared SSL works in Version 2.0.4 but not in Version 3.0.1.
 * Can you help me with that, please?
 * Thanks,
 * Fred
 *  Plugin Author [mvied](https://wordpress.org/support/users/mvied/)
 * (@mvied)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-minor-bug-in-plugin-version-301/#post-2697129)
 * Hey Fred,
 * I guess my point is that it shouldn’t be necessary to change your Blog URL. I
   don’t want my users to have to rely on setting the URL in two places. I would
   rather it work as intended. I’m more concerned about the URL’s being rewritten
   incorrectly and breaking stylesheets and other elements when your Blog URL and
   Site URL are at their defaults. That’s not working as intended.
 * I’d be more than happy to take a look at it myself and see what’s going on. Often
   times that’s the only way to figure it out.
 * Thanks,
    Mike
 *  Thread Starter [Fred Chapman](https://wordpress.org/support/users/fwchapman/)
 * (@fwchapman)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-minor-bug-in-plugin-version-301/#post-2697155)
 * Hi Mike,
 * Thanks so much for your reply and for your kind and generous offer of help!
 * With a dedicated SSL certificate, things are much easier because all the URLs
   can keep their default settings. Unfortunately, that’s just not possible with
   a shared SSL certificate, especially if you want to use a custom domain name 
   to make the front end URLs look pretty.
 * The shared hosting plans I use include a shared SSL certificate, and that enables
   me to secure the WordPress back end without the additional trouble and expense
   of purchasing a dedicated SSL certificate. My solution worked well for me up 
   through Version 2.0.4, and I’d love to get it working with Version 3 of your 
   plugin. I’ll contact you privately through your website so that we can take our
   next steps.
 * Thanks again, Mike. You are a prince among plugin developers!!!
 * Fred
 *  Thread Starter [Fred Chapman](https://wordpress.org/support/users/fwchapman/)
 * (@fwchapman)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-minor-bug-in-plugin-version-301/#post-2697227)
 * For anyone following this discussion, it merged with a discussion of Version 
   3.0.3 here:
 * [http://wordpress.org/support/topic/plugin-wordpress-https-ssl-303-does-not-secure-admin-front-page-even-w-option-checked](http://wordpress.org/support/topic/plugin-wordpress-https-ssl-303-does-not-secure-admin-front-page-even-w-option-checked)

Viewing 13 replies - 1 through 13 (of 13 total)

The topic ‘[Plugin: WordPress HTTPS (SSL)] Minor Bug in Plugin Version 3.0.1’ is
closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/wordpress-https_bec2c9.svg)
 * [WordPress HTTPS (SSL)](https://wordpress.org/plugins/wordpress-https/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordpress-https/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordpress-https/)
 * [Active Topics](https://wordpress.org/support/plugin/wordpress-https/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordpress-https/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordpress-https/reviews/)

 * 13 replies
 * 2 participants
 * Last reply from: [Fred Chapman](https://wordpress.org/support/users/fwchapman/)
 * Last activity: [14 years, 1 month ago](https://wordpress.org/support/topic/plugin-wordpress-https-ssl-minor-bug-in-plugin-version-301/#post-2697227)
 * Status: not resolved