If you installed WordPress manually and the domain was operating under HTTPS with an SSL certificate, then WordPress would run over HTTPS.
We can’t make any promises though for third-party installers.
If your site is currently operating over HTTP, you can switch it to HTTPS by following this guide: https://ww.wp.xz.cn/documentation/article/https-for-wordpress/
Hello Jeff
Thank you for your reply 🙂
I ONLY install manually, i have never dared to use those one-click in my cPanel. I might be crazy, but i don’t trust it.
My web hosting is set up so it always adds and uses SSL on all domains added. That’s why i really don’t understand how this is possible.
Is there something server-side which can makes this happen ?
That would have only happened if you accessed the installer URL under the HTTP version of your domain, which to be fair is an easy mistake to make. 🙂
But how is that possible when there’s SSL on my whole host account ?
But we’re nearing us something because i found another thing to check: https://ibb.co/V364dxf
In settings, WP and Site URL are set to http, and not https.
But again; How is this possible when i have SSL on my whole account ?
But how is that possible when there’s SSL on my whole host account ?
Having an SSL certificate alone won’t force your domain to load over HTTPS.
You’ll still be able to access your domain over HTTP unless you alter that in the server end, and if you install WordPress under the HTTP version of your domain, that’s what it will set its siteurl as.
But we’re nearing us something because i found another thing to check: https://ibb.co/V364dxf
Yes, that’s how you fix it, I linked to that in my first reply: https://ww.wp.xz.cn/support/topic/wp-not-installed-as-https-or/#post-17094403
Well, in my opinion, that shouldn’t be possible. When i have SSL it shouldn’t be possible to do ordinary http. That’s why i have it in the first place.
But i’m waiting for my host to come back on that one.
When installing WP, can’t it check whether it’s https or not ?
Unfortunately, you’re looking for a form of interconnectivity that today’s web architecture simply can’t provide.
When visiting a site under HTTP, there’s nothing to tell WordPress or even your browser that an SSL certificate (and thus an HTTPS connection) exists.
You would need to adjust the server configuration to force all HTTP traffic to HTTPS, and no server configuration has that as the default.
I agree that, in a perfect world, it would all be automated, but today it isn’t, and that’s something for the communities behind Apache and Nginx to sort out.
Thank you for clearing that up James, and sorry for miss-naming you in the beginning 🙂
But reading around it looks like an .htaccess file would do the trick, and as many hosts put their own logo and stuff, they could easily put an .htaccess that ensured https over http ?
Yep, a .htaccess rule is something that the site owner can easily add as desired.
I have just gotten the answer from my host, i can force it through cPanel, there’s a setting for it 🙂
He though said that there can be times where it’s needed to start from http to be able to get the SSL. Is that something that could happen with anything in WP ?
Well, i have now gotten the answer to that – in some way.
It’s of no use actually, that setting, because a domain cannot be validated if https is forced.
Wau, shit we have come a long way in 30 years 😉
-
This reply was modified 2 years, 7 months ago by
boblebad.
He though said that there can be times where it’s needed to start from http to be able to get the SSL. Is that something that could happen with anything in WP ?
If you go to the install file under the HTTP version of the domain, and your server isn’t configured to force traffic to the HTTPS version, WordPress will set its siteurl to the HTTP version.
There really isn’t anything going on here besides WordPress not knowing something it has absolutely no way of knowing.
I’m just waiting for confirmation whether i understood it correctly. But it looks like the only problem is, if i do not change my dns at the top level domain managers here in Denmark, it can be a problem getting my SSL in place for the domain i want to add to my account.
I’m not sure why WP can’t know what all browsers seem to know, that’s why we have the little padlock in the url bar ?
I’m not sure why WP can’t know what all browsers seem to know, that’s why we have the little padlock in the url bar ?
Again, if you go to the install file under the HTTP version of the domain, and your server isn’t configured to force traffic to the HTTPS version, WordPress will set its siteurl to the HTTP version.
For example, if you install WordPress under http://example.com/wp-admin/install.php WordPress will set its siteurl to http://example.com even if https://example.com is available with a valid SSL certificate.
If you wanted WordPress to set its siteurl to https://example.com you would have needed to install WordPress under https://example.com/wp-admin/install.php
Again, that is because today’s web architecture does not provide a way to reveal the existence of an SSL certificate under HTTP.
Just like how, if you visit your site under the HTTP version of the domain, and your server isn’t configured to force traffic to the HTTPS version, your browser won’t display the padlock.
Thank you James 🙂
I have got confirmation from my host now. There’s no problem in me forcing https on my domains, as i always direct them through out top level domain manager here and use my hosts dns servers.
And then this will never be a problem in the future, and also no one can use the old http anymore.
