SSL / HTTPS + PageLines DMS

Posted · Add Comment
WordPress PageLines DMS WP Engine SSL HTTPS

Personally, I always recommend having an SSL certificate for all WordPress installs. That way wp-login.php, contact forms, and checkout pages can submit information securely.

If you don’t do SSL, this post is not for you.

Following is what I’ve learned working with PageLines DMS on a few SSL/HTTPS sites.

The way WP Engine and some other managed WordPress hosts install and use SSL certificates is at the server level, not as much at the WordPress level. That’s why plugins like WordPress HTTPS are on WP Engine’s list of disallowed plugins:

Duplicate Behavior Plugins

Like the caching & backup plugins, these all duplicate things that we can already do for you in a more efficient, scalable, and configurable manner.

  • WordPress HTTPS — This plugin is unable to detect which connections are secure when we are handling your HTTPS traffic. We can handle all the redirecting and other special casing for you.

This custom HTTPS stuff means that PageLines can’t magically know that there’s an SSL certificate on the server or which pages are forced to HTTPS.

As such, we need to add some code to force to tell PageLines to serve up the compiled CSS file, scripts, and other assets (like images) as HTTPS instead of HTTP. Install this plugin to resolve those “mixed content” warnings.

Plugin: PageLines DMS Force SSL/HTTPS (for WP Engine)
Plugin: PageLines DMS Force SSL/HTTPS (for WP Engine)
pagelines-dms-force-ssl-https-wp-engine-v1-2.zip
2.4 KiB
200 Downloads
Details
Plugin: PageLines DMS Force SSL/HTTPS
Plugin: PageLines DMS Force SSL/HTTPS
pagelines-dms-force-ssl-https-v1-2.zip
2.2 KiB
167 Downloads
Details

Hopefully this saves you the days WP Engine, PageLines, and I spent figuring this stuff out (thanks to them for that).

Quite a few people have benefitted from this plugin. If you don’t need it for your current hosting setup, at least you’re aware of the situation.

The key is to have the public URL in both Settings > General fields in WP.

Un-check to force wp-login and wp-admin to SSL in WPEngine SSL dashboard.

P.S.

If it’s still not working for you (even after uncommenting the no_priv line of the code above), make sure you only set wp-login.php to HTTPS. If you set wp-admin to HTTPS on WP Engine, then this will happen to you:

# curl -I http://yourdomain.com/wp-admin/admin-ajax.php
HTTP/1.1 301 Moved Permanently
Location: https://yourdomain.com/wp-admin/admin-ajax.php

If you don’t get a 200 OK response at the HTTP url for admin-ajax.php, then you won’t be able to have any of your DMS options/edits save on the front-end (i.e. you won’t be able to use PageLines DMS).

One user reported needing this setup:

  • WordPress General Settings shouldn’t have HTTPS in the Home URL or the Site URL
  • And in the WP Engine SSL Dashboard, uncheck force SSL login and force SSL admin
  • Maybe this will help you. Just make sure you’re not getting any SSL mixed content warnings.

Comments are closed.