admin管理员组

文章数量:1390650

When I'm on my staging site making edits, occasionally the session will go from secure to "Not Secured" (shown in Chrome address bar).

So, I'm in a secure session, make a change in the edit view, click "Update", and click "View the page", the resulting page is flagged as "Not Secure" and doesn't reflect the changes that I just made.

Typically, once I close all Chrome windows and reopen them it'll work, but that obviously isn't a great workflow.

It doesn't seem like a common issue based on google searches and talking with WP support, but I'm wondering if anyone has ran into that before and what I could do to stop it?

When I'm on my staging site making edits, occasionally the session will go from secure to "Not Secured" (shown in Chrome address bar).

So, I'm in a secure session, make a change in the edit view, click "Update", and click "View the page", the resulting page is flagged as "Not Secure" and doesn't reflect the changes that I just made.

Typically, once I close all Chrome windows and reopen them it'll work, but that obviously isn't a great workflow.

It doesn't seem like a common issue based on google searches and talking with WP support, but I'm wondering if anyone has ran into that before and what I could do to stop it?

  • https
  • http
  • staging
Share Improve this question asked Feb 17, 2020 at 17:16 James RandolphJames Randolph 1 1
  • Easiest solution would be to force-redirect all HTTP traffic to HTTPS. If you're using Apache, you can do this in .htaccess. – WebElaine Commented Feb 17, 2020 at 18:10
Add a comment  | 

1 Answer 1

Reset to default 0

This is a common issue. Unfortunately, it is just one of many possible symptoms of incorrectly moving a Wordpress site to a new url. The solution is to ensure that Wordpress (core, plugins and theme) and your web server are all using the same URL.

If you have an SSL cert for the staging site (sounds like you do) then you you probably want to use https in your Site URL - something like https://staging.example

First, force Apache to use https by adding these lines to the very top of your .htaccess file

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Nginx ignores Apache .htaccess files. If you use Nginx, google "nginx force https" or refer to you hosting provider's documentation for instructions to update the Nginx config file to force https.

Log into Wordpress Dashboard -> Settings -> General and set both

WordPress Address (URL) and Site Address (URL) to

https://staging.example

Make a note of what the current url setting is - you may need it later. I'll use http://www.example in my examples. If the site has had more than one url in the past, run a search-replace for each old url.

In many cases, this will fix the problem. If not, it can go a lot deeper.

Check that the database settings are not being overridden in wp-config.php or functions.php as described in the Wordpress docs https://wordpress/support/article/changing-the-site-url/#changing-the-site-url

If there are still issues you may need to update all references to the old url in the database to fix your theme and/or plugins. You can use the excellent, free, database search and replace tool by Interconnect IT https://interconnectit/products/search-and-replace-for-wordpress-databases/ which provides both web and command-line interfaces.

An alternate command-line tool is the excellent, free, WP CLI https://developer.wordpress/cli/commands/search-replace/

if you end up doing a lot of Wordpress work, WP CLI will be your best friend

Use the search-replace tool of your choice to update the old url to the staging url. In this example,

http://www.example -> https://staging.example

Why might you need to do this? Some theme and plugin developers save the "Site URL" value at the time the plugin was initially installed on the site in serialized PHP arrays in the wp_options database table. When you update the url in the Dashboard settings, it only apples to the Wordpress core settings in wp_options, not to plugin/theme settings. This is arguably very buggy behavior on the part of the plugin/theme developers, but it is not uncommon.

You cannot use a simple MySQL REPLACE() to update the strings in wp_options as it will break the serialized PHP arrays. The changes need to be made with a tool that knows how to work with serialized PHP data - hence the Interconnect or WP CLI tools.

In some cases, even all this is not sufficient. Some theme and plugin developers json- or url-encode the urls before storing them, so you need to do additional search-replaces for those encoded urls too. For example, replace

http:\\/\\/www.example -> https:\\/\\/staging.example

and

http%3A%2F%2Fwww.example -> https%3A%2F%2Fstaging.example

Wordpress does a lot of things well, but moving a wordpress site to a new url can be a place where wordpress does not shine.

本文标签: Staging Session Randomly Switched from Secure (https) to Not Secure

版权声明:本文标题:Staging Session Randomly Switched from Secure (https) to Not Secure 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1744740543a2622580.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。