Using HTTPS « WP e-commerce Forums

Posted by Dan Milward 2 years ago.
There are 42 posts. The latest reply is from sicminded
This topic is sticky
This topic is: not a support question
WordPress version: Not Supplied
WP e-Commerce version: Not Supplied

Tags

Need urgent help?
We have a comprehensive list of WordPress e-Commerce experts (designers and developers) ready to help you on the Resources » WP Consultants page.

Dan Milward
Resident Expert

First, you install this plugin:
http://wordpress.org/extend/plugins/https-for-wordpress/

Then on checkout.php, after the very first <?php, hit enter to create a new line, and on that new line, paste this:

//force redirect to secure page
if($_SERVER['SERVER_PORT'] != '443') { header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); exit(); }
global $wpdb,$gateway_checkout_form_fields, $user_ID;
$_SESSION['cart_paid'] = false;

Kia Ora! I'm a founding member of the Plugin. Please use the premium support forum or wait patiently for help - we're working as quickly as we can :)

Posted 2 years ago #
Dan Milward
Resident Expert

Thanks to Shayne & Co for this fix!!!

Kia Ora! I'm a founding member of the Plugin. Please use the premium support forum or wait patiently for help - we're working as quickly as we can :)

Posted 2 years ago #
Trusted
shayne
Resident Expert

It's all Arbie...

If you need to contact me to get me login info, you can do that here:
http://www.shaynesanderson.com

Posted 2 years ago #
arbie
Resident Expert

Hey - I got props from a guru!!!!!
Respect to me....

Posted 2 years ago #
Trusted
Devito
Resident Expert

Cheers arbie...

Posted 2 years ago #
fender967
New Member

This gives me an error message when I go to my shopping cart.

Also, when trying to set up GoogleCheckout, it says "mysite.com/index.php" must be https.. How do I do this?

Posted 2 years ago #
Trusted
shayne
Resident Expert

This fix is mainly for payment gateways like Authorize.net, etc.

Google Checkout and Paypal redirects your customer to their secure page anyway, so you don't need this fix for them really.

If you need to contact me to get me login info, you can do that here:
http://www.shaynesanderson.com

Posted 2 years ago #
fender967
New Member

Here's the problem though..
------------------
In WP ecommerce's gateway settings for GoogleCheckout, it says this: "Note: Please put this link to your Google API callback url field on your Google checkout account: http://www.oddityclothing.com/index.php"
------------------
Then in google, under integration, it says: "API callback URL - Specify a URL for Google to notify you of new orders and changes in order state. You must provide the URL of a server running 128-bit SSLv3 or TLS."
------------------
But when I put in the url that WP gives me, google says "An HTTPS URL is required."
------------------
What exactly is this for? Do I NEED it? And will WP be able to track when I get orders if I don't do this?

Posted 2 years ago #
Trusted
shayne
Resident Expert

Do you have SSL installed on your server?

If you need to contact me to get me login info, you can do that here:
http://www.shaynesanderson.com

Posted 2 years ago #
fender967
New Member

I don't yet, but I can get it. If i had an https certificate set up for the domain, and then put https://www.oddityclothing.com/index.php in the google field, would the WP Ecommerce cart recognize it? It asks for the non https url to be used.

Posted 2 years ago #
Trusted
shayne
Resident Expert

Yeah..but if you use the plugin "https for wordpress" it should let Google see it as it needs to.

If you need to contact me to get me login info, you can do that here:
http://www.shaynesanderson.com

Posted 2 years ago #
fender967
New Member

I tried the plugin by installing/activating it and then pasting the code in thei thread on the second line of my checkout.php, but I get an error code whenever I click the checkout page. Also, I don't see how making that change only to checkout.php would allow for the index.php page to be used as https.

You're saying that if I get the HTTPS certificate from my server that everything WOULD work though? That might just be the easiest way, even though it costs a little bit.

Posted 2 years ago #
arbie
Resident Expert

Fender

There are two separate things here.

The first is that if there is not a shared or dedicated SSL that you can use on your server it wont matter what you do as you will not be able to use https

The second is that there is a problem for you using the php code in your site which is usually caused by whitespace in a php file somewhere. No matter - there is another way.

What you need to do is go to your .htaccess file on your server (if there is not one then create one).

Add this to the very start of the file.

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} the_page_to_use_https/
RewriteRule ^(.*)$ https://mysite.com/the_page_to_use_https [R,L]

This wont get upset by any php whitespace and should solve your issue provided there is an SSL cert you can use.

https for wordpress will then help to tidy up the secured page by attempting to make sure that all of the media links on the page are https calls rather than http, so preventing the irritating mixed content message in IE

Finally, godaddy have dedicated SSL certs at $15 so there is no excuse not to protect your customers!
https://www.godaddy.com/gdshop/ssl/ssl.asp?ci=8979

Posted 2 years ago #
fender967
New Member

arbie and shayne:

Thanks a lot. I will have to wait until the SSL certificate is set up before I can try this, but hopefully it will work.

Posted 2 years ago #
MWDesign
New Member

since I am using paypal I would just like to ask for contact information and not be responsible for insecurely transmitting other info.

unfortunatly, (and I read about this in an unresolved post from five months ago), the checkout options page does not allow me to remove any fields.

Any insights for remedies out there?

Posted 2 years ago #
arbie
Resident Expert

I'm slightly confused by this MW - you can bin any of the fields in checkout options as far as I can tell - do you not see the dustbin symbol at the end of each row?

Posted 2 years ago #
MWDesign
New Member

no I didn't see dustbin before- now I do!!! Thanks!

Posted 2 years ago #
arbie
Resident Expert

Glad you are fixed up.

Posted 2 years ago #
Cirefly
New Member

I am getting a redirect loop error after enabling SSL. What's the meaning of this and how do I fix it?

I'm running WP 2.6.1 (latest), wp-ecommerce w/gold and authorize.net

Hosted at MediaTemple on a gridserver.

Posted 2 years ago #
Trusted
shayne
Resident Expert

Contact me through my site so that I can get login info and I'll take a look for you.

http://www.stasticdesigns.com

If you need to contact me to get me login info, you can do that here:
http://www.shaynesanderson.com

Posted 2 years ago #
netmorix
New Member

I did as describe (installing the https plugin, changed the checkout) and now i get the following error:

Warning: Cannot modify header information - headers already sent by (output started at /var/www/2370/user/web/xxx/public/wp-content/themes/xxx/header.php:5) in /var/www/2370/user/web/xxx/public/wp-content/plugins/wp-shopping-cart/checkout.php on line 3

Any help on this ... ?

Posted 2 years ago #
davidmihm
New Member

netmorix,

I just had the same problem. I was able to fix it by following the .htaccess instructions left by arbie and changing the checkout URLs under "e-Commerce > Settings."

Posted 1 year ago #
sadshopper
New Member

I installed the https plugin, edited the checkout.php file, and then added the relevant info to my .htaccess file in my root directory. I set my cart, transaction, and user url's to https.

When I navigate to my cart page in IE7, I get a warning "This page contains secure and non-secure items".

I also tried to set my blog url to https but that did not help either. I'm not too sure what to try next.

Posted 1 year ago #
Dan Milward
Resident Expert

There is a page in our documentation project regarding securing your site:
http://www.instinct.co.nz/e-commerce/securing-wordpress/

Kia Ora! I'm a founding member of the Plugin. Please use the premium support forum or wait patiently for help - we're working as quickly as we can :)

Posted 1 year ago #
enlightenmental
New Member

what are your thoughts on the Admin SSL plugin

I use this for other WP sites and am very happy with the results

has anyone ever had any issues with WPEC and Admin SSL?

when you get the response "This page contains secure and non-secure items"

this usually means their is a not HTTPS url in your code somewhere

Posted 1 year ago #
giraudy
New Member

Similar situation as Cirefly posted a couple of months ago:

I am getting a redirect loop error after enabling SSL. I have done the following:

installed/activated HTTPS plugin
added php code to checkout.php page
Changed the URL setting in the Shopping Cart Admin settings to https (only for checkout)

I'm running WP 2.7, wp-ecommerce w/gold and authorize.net
Hosted at MediaTemple on a gridserver.

I preface this with: I appreciate the forum and all of the help that everyone contributes...you guys are great. But, after reading this post and other posts related to HTTPS, and trying everything listed, I feel like only pieces of solutions are given versus a succinct and complete way to resolve the problem. It seems that this is an common issue and should be addressed finally. And I write this after I've spent the last 4 hours trying to make this work based on the posts.

thanks for any help anybody can give.

Posted 1 year ago #
Trusted
shayne
Resident Expert

Post from above (from Arbie)...This is what I use and have never had issues getting it to work:

There are two separate things here.

The first is that if there is not a shared or dedicated SSL that you can use on your server it wont matter what you do as you will not be able to use https

The second is that there is a problem for you using the php code in your site which is usually caused by whitespace in a php file somewhere. No matter - there is another way.

What you need to do is go to your .htaccess file on your server (if there is not one then create one).

Add this to the very start of the file.

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} the_page_to_use_https/
RewriteRule ^(.*)$ https://mysite.com/the_page_to_use_https [R,L]

This wont get upset by any php whitespace and should solve your issue provided there is an SSL cert you can use.

https for wordpress will then help to tidy up the secured page by attempting to make sure that all of the media links on the page are https calls rather than http, so preventing the irritating mixed content message in IE

Finally, godaddy have dedicated SSL certs at $15 so there is no excuse not to protect your customers!
https://www.godaddy.com/gdshop/ssl/ssl.asp?ci=8979

If you need to contact me to get me login info, you can do that here:
http://www.shaynesanderson.com

Posted 1 year ago #
pobrien
New Member

I really apprehensive about doing this without understanding what's going on.
Following this: http://www.instinct.co.nz/e-commerce/securing-wordpress/
I've uploaded and activated Admin-SSL plugin but I haven't set it up. Any insight on what it is that I'm doing? How do I want to set that to secure things so they don't restrict me as the big warning at the top warns?

Thanks

Posted 1 year ago #
lbrocka
New Member

does https-for-wordpress work with wp2.7.1? I get a warning that it has not been tested on this version.
update - installed the plugin, tried all the fixes listed here, still no luck. Now I'm getting "Warning: Cannot modify header information - headers already sent by........."
And now the entire sidebar is gone. Totally stuck at this point.

Posted 1 year ago #
Trusted
shayne
Resident Expert

Just to clarify, if you're using the htaccess fix, you do not need to add the code to your "checkout.php" file as that will cause issues.

If you need to contact me to get me login info, you can do that here:
http://www.shaynesanderson.com

Posted 1 year ago #
lbrocka
New Member

Shayne,
somewhere in trying to resolve one issue others kept coming up, so decided best option was to uninstall and start over, only had a couple products added for testing. Uninstalled plugin, deleted db tables. Downloaded new copy (3.6.10) uploaded all again. Plugin activated fine, but several admin screens will not load. Just get "loading" forever on the shipping/payments/checkout tabs. I tried reverting to previous version (updating is what started this whole process) but still have same issue.
So now I have numerous problems to resolve. Thanks in advance!!

Posted 1 year ago #
Trusted
shayne
Resident Expert

Not really sure until I can see it...you can send me a WP login and FTP access to shayne[at]stasticdesigns[dot]com

If you need to contact me to get me login info, you can do that here:
http://www.shaynesanderson.com

Posted 1 year ago #
lbrocka
New Member

The issue was apparently related to ssl/https. Reinstalled AdminSSL plugin and all admin tags are now functional. Issue is now getting the checkout page secured.

Posted 1 year ago #
Trusted
shayne
Resident Expert

Yeah, was looking at that...glad you got it working...

I use only the htaccess fix for securing checkout and have never had any issues.

If you need to contact me to get me login info, you can do that here:
http://www.shaynesanderson.com

Posted 1 year ago #
fecklessness
New Member

It's important to note, using ADMIN SSL plugin (and probably with .htaccess fix, I'm not sure? someone confirm?) if you secure http://www.YOURDOMAIN.com/wp-admin/admin.php?page=wp-e-commerce/display-log.php the radio buttons for accepting orders or dispatching jobs stop responding to your clicks.

Do not try to secure this page until this bug is resolved, if anyone knows how to resolve it, I'd appreciate the input. Thanks!

Posted 1 year ago #
lbrocka
New Member

Using Admin SSL plugin was successful in getting admin set to https, but no luck with checkout page. The checkout.php fix gives me redirect errors and the htaccess fix doesn't seem to do anything, page is still not showing as https.
Copy/pasted shayne's htaccess fix, changing the https://..... line to the full path to my checkout page. I'm obviously missing something!
Any help? Shayne?
L

Posted 1 year ago #
fecklessness
New Member

checkout page works perfect, cannot have htaccess fix and admin ssl enabled at the same time

you have purchased/enabled and installed SSL certificate already on your server, correct?

Posted 1 year ago #
kingcobra
New Member

Game creator!

Posted 1 year ago #
thecubelab
New Member

Have installed plugins > https-for-wordpress and altered checkout.php

But wordpress ecommerce suggests I paste http://blah blah into google checkout but Google insists on an https://blah blah address so I added 's' to the url

All works fine as a production checkout (ie like a real purchase) but not when set to Google Sandbox'

Please advise!

Posted 1 year ago #
KevinHeath
New Member

Sorry about the stupid newbe question, but where do I find checkout.php?

It's not under pages and it's not under appearance>editor

Posted 1 year ago #
Trusted
shayne
Resident Expert

You'll need to access "chekout.php" but logging into your server, and going to "wp-content/plugins/wp-e-commerce/checkout.php".

If you need to contact me to get me login info, you can do that here:
http://www.shaynesanderson.com

Posted 1 year ago #
sicminded
New Member

I think the link referring to SSL Encryption Security on this page:
http://www.instinct.co.nz/e-commerce/securing-wordpress/

Should be updated to this link:
http://www.kerrins.co.uk/blog/admin-ssl/

Haris is no longer working on the project. Just thought I would let you know.

Posted 1 year ago #

RSS feed for this topic

Topic Closed

This topic has been closed to new replies.

WP e-commerce Forums » How-To and Troubleshooting » Using HTTPS

Tags

Topic Closed