Community Support Forums

[tdub11]

Hello-
I would like to use my SSL cert for subscriber logins, wp administration, and of course the API integration with googlecheckout. However, I don't want to use HTTPS when subscribers (after logging in) view posts (I'm going to stream video).

Currently, I have HTTPS working with logins and googlecheckout, but I can't get the posts to display in HTTP.

A good example of what I want to do is the s2member site... when you buy the product it's using HTTPS, but after I login I can view other pages in just HTTP.

Does anyone know how to do this?

Thanks!

[Cristián Lávaque]

You can force a page to login via SSL using ?s2-ssl at the end of the URL to the page. So you could either edit all the links to the pages you want that way, or you could your .htaccess file to do it.

[tdub11]

Thanks, Cristian!
Once I'm on a page using HTTPS it seems any other page I go to will use HTTPS as well. Is there a similar way to force a page to just use HTTP by appending something to the url?

[Cristián Lávaque]

I don't know how to force it to not use SSL. I'll ask Jason.

[tdub11]

Thanks, again!
So, the idea is: protect sensitive pages with HTTPS (login, admin, payment gateways, etc.) while using HTTP on not-so-sensitive pages/posts for logged-in users. This would cut down on server load when HTTPS isn't really needed on all pages.

[Jason Caldwell]

Thanks for the excellent question.
~ and thanks for the heads up Cristián.

What you're describing is the way s2Member behaves already. s2Member will only force SSL on those specific pages where ?s2-ssl is in the URL. So long as your theme follows WordPress standards, all other aspects of your site should remain linked up with the standard http:// protocol. s2Member takes extra steps to ensure this is the case, just for the reason you've mentioned. It's not a good idea to serve ALL Posts/Pages over SSL, as this adds additional strain to a server. This is why s2Member takes those extra steps, to ensure that other Posts/Pages remain unaffected by the Force SSL feature that s2Member provides.

That being said, s2Member only forces SSL, it does not force non-SSL. So although s2Member is designed NOT to convert your entire site over to SSL, it does NOT do anything to your site that would prevent someone from typing https:// directly into their browser. If you wanted to get more creative/restrictive, you might check with a developer that is really good with .htaccess files for Apache.

[tdub11]

ok, great - thanks for the replies!

[tdub11]

jason-
i've had time to revisit this issue. currently when i'm directed to wp-login.php via wp_loginout() i am sent in http and not https. do i have to add any configurations to the wp-config.php file (e.g. define('FORCE_SSL_LOGIN', true);)?
how would you recommend i troubleshoot this?
thanks much!

[Jason Caldwell]

jason-
i've had time to revisit this issue. currently when i'm directed to wp-login.php via wp_loginout() i am sent in http and not https. do i have to add any configurations to the wp-config.php file (e.g. define('FORCE_SSL_LOGIN', true);)?
how would you recommend i troubleshoot this?
thanks much!

Yes, you are correct. s2Member only deals with Posts/Pages that need to be forced to SSL. If you want to force your entire administrative area to SSL, please follow the instructions here: http://codex.wordpress.org/Administration_Over_SSL

[tdub11]

thanks.
so to confirm:

1. by default, https is *not* used by s2member when a user logs in
2. by default, https is *not* used by s2member when a new user registers

[Jason Caldwell]

Yes, you are correct in both cases.